CN104182691B - data encryption method and device - Google Patents
data encryption method and device Download PDFInfo
- Publication number
- CN104182691B CN104182691B CN201410419234.XA CN201410419234A CN104182691B CN 104182691 B CN104182691 B CN 104182691B CN 201410419234 A CN201410419234 A CN 201410419234A CN 104182691 B CN104182691 B CN 104182691B
- Authority
- CN
- China
- Prior art keywords
- data
- target program
- internal memory
- controlled internal
- memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 25
- 238000005516 engineering process Methods 0.000 claims abstract description 16
- 230000008676 import Effects 0.000 claims description 5
- 238000012546 transfer Methods 0.000 claims description 3
- 230000005641 tunneling Effects 0.000 claims description 3
- 230000006399 behavior Effects 0.000 claims 2
- HDDSHPAODJUKPD-UHFFFAOYSA-N fenbendazole Chemical compound C1=C2NC(NC(=O)OC)=NC2=CC=C1SC1=CC=CC=C1 HDDSHPAODJUKPD-UHFFFAOYSA-N 0.000 description 44
- 230000005540 biological transmission Effects 0.000 description 11
- 238000003860 storage Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 4
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 229910017435 S2 In Inorganic materials 0.000 description 1
- 230000004888 barrier function Effects 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000000151 deposition Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 230000014759 maintenance of location Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of data encryption method and device, and methods described is run on the Ring0 rings under the VMX root operation patterns for the CPU for supporting virtualization technology, including:Read-write requests to the input-output equipment in computing device are monitored, and wait the operation of targeted customer or target program;With when listening to the targeted customer or target program carries out I/O operation, the input-output equipment is taken over by the way that confidential data is stored in into controlled internal memory;Wherein, controlled internal memory is one piece of region of memory of the predefined size marked from computer physical memory, and this region of memory is invisible and not at one's disposal to the client operating system on the Ring0 rings under the VMX non root operation patterns for the CPU for running on support virtualization technology.The above method ensure that the Life cycle safety of business datum, solve the problem of classified information exists with plaintext version.
Description
Technical field
The present invention relates to information security field, more particularly to a kind of data encryption method and device.
Background technology
With the utilization of information technology, increasing business is completed by information system.Some business datums are wanted
Ask and stored and transmitted with ciphertext, but business datum before encryption, in ciphering process and after decryption be in the form of plaintext
Occur over the display or remaining in the storage medium of inside and outside, this will cause business datum artificially or to be undesirably leaked out.
As how technological means ensures that the Life cycle of business datum is a urgent problem to be solved safely.
The content of the invention
The technical problem to be solved in the present invention is, for existing information safe practice it cannot be guaranteed that the full life of business datum
Cycle safety realizes the Life cycle safety of business datum there is provided a kind of data encryption method and device.
According to one aspect of the invention there is provided a kind of data encryption method, run on the CPU's of support virtualization technology
On Ring0 rings under VMX root operation patterns, including:To the read-write requests of the input-output equipment in computing device
Monitored, wait the operation of targeted customer or target program;The targeted customer or target program progress I/O are listened to working as
During operation, the input-output equipment is taken over by the way that confidential data is stored in into controlled internal memory;Wherein, controlled internal memory
It is one piece of region of memory of the predefined size marked from computer physical memory, this region of memory supports virtualization to running on
The client operating system on Ring0 rings under the CPU of technology VMX non-root operation patterns is invisible and not
It is at one's disposal.
Optionally, for user's key in data, by the way that confidential data is stored in into controlled internal memory come to the input
Output equipment takes over step and further comprised:The confidential data that targeted customer is inputted is directly placed into controlled internal memory;Press
Confidential data is encrypted according to the first default rule, ciphertext is obtained;Encrypted result is sent to target program, and/or
Confidential data is sent to by video card in the form of plaintext or cipher text according to second of default rule, then over the display aobvious
Show.
Optionally, input for disk/data are imported, by the way that confidential data is stored in into controlled internal memory come to the input
Output equipment takes over step and further comprised:The data that targeted customer is imported are directly placed into controlled internal memory;According to
The data of importing are encrypted a kind of default rule;Encrypted result is sent to target program.
Optionally, for target program client server network transmission data, by the way that confidential data is stored in
Controlled internal memory further comprises to take over step to the input-output equipment:When target program client and target program
When having data transfer between server, data to be sent are put into controlled internal memory;According to the first default rule to pending
Data are sent to be encrypted;Encrypted result is encapsulated according to network packet tunneling and network interface card is sent to, mesh is then transferred to
Mark program servers or target program client.
Optionally, for target program output data to display, by by confidential data be stored in controlled internal memory come pair
The input-output equipment takes over step and further comprised:When targeted customer will inquire about data in target program and show
During to display, data to be shown are put into controlled internal memory;Data to be shown are entered according to the first default rule
Row encryption, obtains ciphertext;In the form of plaintext or cipher text data to be shown are sent to according to second of default rule aobvious
Card, then display over the display.
Optionally, export for disk/data are exported, by the way that confidential data is stored in into controlled internal memory come to the input
Output equipment takes over step and further comprised:Derived data are wanted to be put into controlled internal memory targeted customer;According to first
Default rule is planted data to be shown are encrypted;By encrypted result with will derived stored in file format on disk.
Optionally, the oracle listener that the read-write requests to the input-output equipment in computing device are monitored is resided controlled
In internal memory.
Optionally, the first described default rule is that whether data are carried out with the rule of encryption and decryption and/or how to be carried out
The rule of encryption and decryption;Whether second of default rule is to need to carry out the rule that plaintext or cipher text is shown over the display
Then.
According to a further aspect of the present invention there is provided a kind of data privacy device, it is deployed in the CPU's of support virtualization technology
On Ring0 rings under VMX root operation patterns, including:
Module is monitored, is monitored suitable for the read-write requests to the input-output equipment in computing device, waits target to use
Family or the operation of target program;With
Adapter module, suitable for when listening to the targeted customer or target program and carrying out I/O operation, by by concerning security matters number
The input-output equipment is taken over according to controlled internal memory is stored in;
Wherein, controlled internal memory is one piece of region of memory of the predefined size marked from computer physical memory, this internal memory
The visitor on Ring0 rings under VMX non-root operation patterns of the region to running on the CPU for supporting virtualization technology
Family operating system is invisible and not at one's disposal.
The above method ensure that the Life cycle safety of business datum, solve what classified information existed with plaintext version
Problem.
Brief description of the drawings
Fig. 1 is the business datum safe-guard system overall construction drawing provided according to one embodiment of the invention;
Fig. 2 is that the business datum safe-guard system provided according to one embodiment of the invention is directed to various I/O operations
Perform flow total figure;
Fig. 3-7 is that the business datum safe-guard system provided according to embodiments multiple in addition of the invention is directed to different I/O
The execution flow component of operation;With
Fig. 8 is the method flow diagram of the data encryption method provided according to one embodiment of the invention.
Embodiment
In order to make the purpose , technical scheme and advantage of the present invention be clearer, below in conjunction with accompanying drawing, the present invention is entered
One step is described in detail.It should be appreciated that example described herein is not intended to limit the present invention only to explain the present invention.
Inventor it has been investigated that, a kind of method for ensureing business datum Life cycle safety can be provided, in other words
Realize a business datum (can also be other kinds of data) safe-guard system.Business datum is in whole life cycle
It is newly-increased, delete, modification, inquiry operation and will be by business datum safety guarantee with targeted customer, interacting for target program
System realizes, including:Business datum is entered into target program, and business datum imported into target program, business from external storage
Data export to external storage, the modification and processing of business datum, the encryption and decryption of business datum, business from target program
The storage of data, the display of business datum, destruction of business datum etc..
In the present invention, protected operating information system is referred to as target program, protected personnel are referred to as into target uses
Family.
Based on above-mentioned discovery, according to one embodiment of the invention, there is provided a kind of business datum safe-guard system.System is total
Body structure chart and the direct relation of each internal module are as shown in figure 1, business datum safe-guard system includes:
Keyboard management module, disk management module, memory management module, display management module, network transmission management module
And system management module.
Above-mentioned modules and the original module of non-OS, but the business datum safe-guard system that the present invention is provided
Internal software function module newly developed, these modules can instead of corresponding original module in operating system, in other words,
They when and and if only if when thering is business to need the original module of adapter operating system function, i.e., by workaround system accordingly
The direct supervisory keyboard of original module, display, network interface card, inside and outside storage etc. system equipment so that business datum target use
Lead in the storage of family personal computer inside and outside and display, in the inside and outside storage of target program server, in business datum
To all exist when crossing network transmission with encrypted test mode.
The mode of operation of the mode of operation of above-mentioned module original module corresponding with operating system is essentially identical, and difference is such as
Under:
(1) memory management module:Directly one piece of region of memory being marked from computer physical memory is responsible for, in this
Depositing region will be invisible to operating system also no longer by operating system management, and the associative operation of concerning security matters business datum all will be in this block
Carry out (being referred to as in region of memory:Controlled region of memory, other part on the other side is referred to as:Uncontrolled region of memory).
When have business datum enter target program, from target program export business datum, from target program show business
Data are on display and when target program will send business datum by network, and memory management module will be to entering by internal memory
Business datum in the region of memory of management module management is analyzed, encrypts/decrypt, controlling the processing such as display;
(2) keyboard management module:It is responsible for the input equipments such as adapter keyboard when having business to need, it is ensured that from input equipment input
Plaintext version business datum be directly entered in the region of memory managed by memory management module receive further processing;
(3) disk management module:It is responsible for the disk storages such as adapter USB flash disk, CD, mobile hard disk and hard disk when having business to need
Equipment, it is ensured that the business datum of the plaintext version read from disk storage equipment is directly entered what is managed by memory management module
Receive further processing in region of memory;
(4) display management module:It is responsible for adapter display output equipment when having business to need, it is ensured that business datum can with safety
The mode display output (display, ciphertext storage, or optionally display portion plaintext in plain text) of control;
(5) network transmission management module:It is responsible for adapter network interface card when having business to need, network transmission is carried out to business data packet
Pretreatment (encapsulation and unpacking) after the reception of preceding and network transmission, it is ensured that business datum safely carries out network transmission;
(6) system management module:Existing operating system without module.It is responsible for the inside of business datum safe-guard system
Management, including:System Access Management Access, user and Password Management, System right management, digital certificate management, key management, encryption
Algorithm management, system log management, the management of system finger daemon etc..
In addition, it is necessary to which explanation is:
(1) conditions for use of business datum safe-guard system:When targeted customer's progress business operation or target program are opened
Enabled when dynamic.
(2) how the equipment such as adapter keyboard, disk, video card, network interface card:It is empty that business datum safe-guard system runs on support
On Ring0 rings under the CPU of planization technology VMX root operation patterns, I/O equipment can preferentially and be directly operated.
An oracle listener can be resided in controlled internal memory after business datum safe-guard system is enabled, keyboard, disk is monitored, shows
Card, the read-write requests of network interface card, when the promoter of read-write requests is targeted customer or target service information system (i.e. target program)
When, these equipment will be taken over.
(3) take over after equipment how encrypting and decrypting business datum:The client kimonos of business datum safe-guard system
Device end be engaged in using same encryption method, can be by memory management module for the business datum encrypted in adapter equipment
It is decrypted, can be encrypted similarly for plaintext in the region of memory of management.
In addition to above-mentioned difference, the original module of corresponding operating system that the mode of operation of above modules is substituted with it
Mode of operation it is identical, will not be repeated here.
Wherein, for the content of the equipment such as adapter keyboard, disk, video card, network interface card, it is further illustrated herein, ability
Field technique personnel are appreciated that:CPU manufacturers have supported virtualization, and such as X86CPU introduces Intel-VT technologies, support
Intel-VT CPU has VMX root operation and VMX non-root operation both of which, and both of which is all
Support this 4 runlevels of 0~Ring of Ring 3.So, business datum safe-guard system may operate in VMX root
Under operation patterns, client OS is operated under VMX non-root operation patterns.Also just say, this layer of hardware is done
It is a little to distinguish, it is so fully virtualized under, some are avoided the need for by the realization of " catch the exception-translation-simulate ".
According to one embodiment of the invention, the course of work of said system is described as follows, as illustrated in figs. 2-7, including:
Step 1, the deployment of business datum safe-guard system run on the VMX root for the CPU for supporting virtualization technology
On Ring0 rings under operation patterns, I/O equipment can preferentially and be directly operated;
Business datum safe-guard system preferentially will directly mark one piece of internal memory of predefined size from computer physical memory
Region, this region of memory is by running under the VMXnon-root operation patterns for the CPU for supporting virtualization technology
Client operating system on Ring0 rings is invisible and not at one's disposal.So, the associative operation of concerning security matters business datum all will be
Carried out in this block region of memory of business datum safe-guard system control;
Step 2, (such as target program client operation when targeted customer carries out business operation or target program startup
When, or when by webpage come operational objective program) enable business datum safe-guard system;
Oracle listener in step 3, the controlled internal memory of resident business datum safe-guard system is to hardware input-output equipment
The read-write requests of (include but is not limited to keyboard, disk, video card, network interface card) are monitored, wait targeted customer or target program
Operation;
Step 4, when oracle listener listens to the targeted customer or target program and carries out I/O operation, to input and output
Equipment takes over;
Wherein, for input data (i.e. I operation, input operation):
(1) for user's key in data (referring to Fig. 3):
I. the data that targeted customer inputs are directly placed into business by the keyboard management module of business datum safe-guard system
In the controlled internal memory of data safety safeguards system;
Ii. the memory management module of business datum safe-guard system is analyzed business datum, according to business datum
The business rule of the system management module setting of safe-guard system is encrypted;
Iii. the memory management module of business datum safe-guard system calls the display of business datum safe-guard system
Management module, the business rule set according to the system management module of business datum safe-guard system is by business datum with plain text
Or the form of ciphertext is sent to video card, then ad-hoc location over the display is shown;
It should be noted that:Data to target program are encryptions, because target program operates in insecure operation
In system;And be to be selected display in plain text according to business rule and ciphertext to the data of video card, it is user-friendly verification input
Data whether input by mistake.
Iv. business datum is sent in target program by the memory management module of business datum safe-guard system.
(2) input/import data (referring to Fig. 4) for disk:
I. the data that targeted customer imports are directly placed into business by the disk management module of business datum safe-guard system
In the controlled internal memory of data safety safeguards system;
Ii. the memory management module of business datum safe-guard system is analyzed business datum, according to business datum
The business rule of the system management module setting of safe-guard system is encrypted;
Iii. business datum is sent in target program by the memory management module of business datum safe-guard system.
(3) for target program client server network transmission data (referring to Fig. 5):
I. when target program client server has data to need to be sent to the server end of target program or client
During end, the business datum that the network transmission management module of business datum safe-guard system will be sent is directly placed into business datum
In the controlled internal memory of safe-guard system;
Ii. the memory management module of business datum safe-guard system is analyzed business datum, according to business datum
The business rule of the system management module setting of safe-guard system is encrypted;
Iii. business datum is sent to business datum guarantor safely by the memory management module of business datum safe-guard system
The network transmission management module of barrier system, the module will be packaged to data and be sent to network interface card.
For output data:(i.e. O operation, output operation)
(1) for target program output data to display (referring to Fig. 6):
I. when targeted customer will inquire about data in target program and be shown to display, business datum safety guarantee system
The business datum that the display management module of system will be shown is directly placed into the controlled internal memory of business datum safe-guard system;
Ii. the memory management module of business datum safe-guard system is analyzed business datum, according to business datum
The business rule of the system management module setting of safe-guard system is encrypted;
Iii. the memory management module of business datum safe-guard system calls the display of business datum safe-guard system
Management module, the business rule set according to the system management module of business datum safe-guard system is by business datum with plain text
Or the form of ciphertext is sent to video card, then ad-hoc location over the display is shown.
(2) export/export data (referring to Fig. 7) for disk:
I. targeted customer is wanted derived data to be directly placed into industry by the disk management module of business datum safe-guard system
It is engaged in the controlled internal memory of data safety safeguards system;
Ii. the memory management module of business datum safe-guard system is analyzed business datum, according to business datum
The business rule of the system management module setting of safe-guard system is encrypted;
Iii. the disk management module of business datum safe-guard system by business datum with will derived file format deposit
Store up on disk.
It should be noted that the above-mentioned method taken over to various I/O equipment, can individually enter to some I/O equipment respectively
OK, above-mentioned various I/O equipment can also be carried out together simultaneously.
Described based on above-mentioned data safety safeguards system and its operating process, as shown in figure 8, according to one implementation of the present invention
Example is there is provided a kind of data encryption method, under the VMX root operation patterns for running on the CPU for supporting virtualization technology
On Ring0 rings, including:
S1, the read-write requests to the input-output equipment in computing device are monitored, and wait targeted customer or target journey
The operation of sequence;
S2, when listening to the targeted customer or target program and carrying out I/O operation, by by confidential data be stored in by
Internal memory is controlled to take over the input-output equipment;Wherein, controlled internal memory (or controlled region of memory) is from computer thing
One piece of region of memory of the predefined size directly marked in reason internal memory, this region of memory will support virtualization technology to running on
The client operating system on Ring0 rings under CPU VMX non-root operation patterns is invisible and is not managed by it
Reason.
According to one embodiment of the invention, for user's key in data, the input and output are set in step S2
Further comprise for taking over and confidential data being stored in into controlled region of memory step:
S211, the confidential data that targeted customer inputs is directly placed into controlled internal memory;
S212, according to default rule confidential data is encrypted, obtains ciphertext;For default rule, for example, right
Contract value in contract dataset will be encrypted, for contract number just without encryption;
S213, encrypted result is sent to target program, and/or will in the form of plaintext or cipher text according to default rule
Confidential data is sent to video card, then display over the display.
According to one embodiment of the invention, being set to the input and output in data, step S2 is inputted/imports for disk
Further comprise for taking over and confidential data being stored in into controlled region of memory step:
S221, the data that targeted customer imports are directly placed into controlled internal memory;
S222, according to default rule the data of importing are encrypted;
S223, encrypted result is sent to target program.
According to one embodiment of the invention, for target program client server network transmission data, step S2
In the input-output equipment taken over and confidential data is stored in controlled region of memory step further comprise:
S231, when having data transfer between target program client and target program server, data to be sent are put
Enter in controlled internal memory;
S232, according to default rule data to be sent are encrypted;
S233, encrypted result is encapsulated according to network packet tunneling and network interface card is sent to, be then transferred to target
Program servers or target program client.
According to one embodiment of the invention, for target program output data to display, in step S2 to described defeated
Enter output equipment and take over and confidential data is stored in into controlled region of memory step to further comprise:
S241, when targeted customer will inquire about data in target program and be shown to display, by data to be shown
It is put into controlled internal memory;
S242, according to default rule data to be shown are encrypted, obtain ciphertext;
S243, data to be shown are sent in the form of plaintext or cipher text by video card according to default rule, then existed
Display on display.
According to one embodiment of the invention, being set to the input and output in data, step S2 is exported/exports for disk
Further comprise for taking over and confidential data being stored in into controlled region of memory step:
S251, by targeted customer will derived data be put into controlled internal memory;
S252, according to default rule data to be shown are encrypted;
S253, by encrypted result with will derived stored in file format on disk.
It should be noted that and understand, in the feelings for not departing from the spirit and scope of the present invention required by appended claims
Under condition, various modifications and improvements can be made to the present invention of foregoing detailed description.It is therefore desirable to the model of the technical scheme of protection
Enclose and do not limited by given any specific exemplary teachings.
Claims (7)
1. under a kind of data encryption method, the VMX root operation patterns for running on the CPU for supporting virtualization technology
On Ring0 rings, including:
Read-write requests to the input-output equipment in computing device are monitored, and wait targeted customer or the behaviour of target program
Make;With
When listening to the targeted customer or target program carries out I/O operation, by the way that confidential data is stored in into controlled internal memory
To be taken over to the input-output equipment;
Wherein, controlled internal memory is one piece of region of memory of the predefined size marked from computer physical memory, this region of memory
The client behaviour on the Ring0 rings under VMX non-root operation patterns to running on the CPU for supporting virtualization technology
Make system invisible and not at one's disposal;
Wherein, for target program output data to display, by the way that confidential data is stored in into controlled internal memory come to described defeated
Enter output equipment and take over step to further comprise:When targeted customer will inquire about data in target program and be shown to display
During device, data to be shown are put into controlled internal memory;Data to be shown are encrypted according to the first default rule,
Obtain ciphertext;Data to be shown are sent to by video card in the form of plaintext or cipher text according to second of default rule, then
Display over the display.
2. data encryption method according to claim 1, wherein, for user's key in data, by by concerning security matters number
Further comprise according to controlled internal memory is stored in take over step to the input-output equipment:
The confidential data that targeted customer is inputted is directly placed into controlled internal memory;
Confidential data is encrypted according to the first default rule, ciphertext is obtained;
Encrypted result is sent to target program, and/or will be related in the form of plaintext or cipher text according to second of default rule
Ciphertext data is sent to video card, then display over the display.
3. data encryption method according to claim 1, wherein, input for disk/import data, by by concerning security matters number
Further comprise according to controlled internal memory is stored in take over step to the input-output equipment:
The data that targeted customer is imported are directly placed into controlled internal memory;
The data of importing are encrypted according to the first default rule;
Encrypted result is sent to target program.
4. data encryption method according to claim 1, wherein, passed for target program client server network
Data are sent, are further wrapped by the way that confidential data is stored in into controlled internal memory to take over step to the input-output equipment
Include:
When having data transfer between target program client and target program server, data to be sent are put into controlled internal memory
In;
Data to be sent are encrypted according to the first default rule;
Encrypted result is encapsulated according to network packet tunneling and network interface card is sent to, target program server is then transferred to
Or target program client.
5. data encryption method according to claim 1, wherein, export for disk/export data, by by concerning security matters number
Further comprise according to controlled internal memory is stored in take over step to the input-output equipment:
Derived data are wanted to be put into controlled internal memory targeted customer;
Data to be shown are encrypted according to the first default rule;
By encrypted result with will derived stored in file format on disk.
6. data encryption method according to claim 1, wherein, the read-write to the input-output equipment in computing device please
The oracle listener monitored is asked to reside in controlled internal memory.
7. data encryption method according to claim 1, wherein, the first described default rule is whether data are entered
The rule of row encryption and decryption and/or the rule for how carrying out encryption and decryption;
Whether second of default rule is to need to carry out the rule that plaintext or cipher text is shown over the display.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410419234.XA CN104182691B (en) | 2014-08-22 | 2014-08-22 | data encryption method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410419234.XA CN104182691B (en) | 2014-08-22 | 2014-08-22 | data encryption method and device |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104182691A CN104182691A (en) | 2014-12-03 |
CN104182691B true CN104182691B (en) | 2017-07-21 |
Family
ID=51963723
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410419234.XA Active CN104182691B (en) | 2014-08-22 | 2014-08-22 | data encryption method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104182691B (en) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105068770A (en) * | 2015-08-28 | 2015-11-18 | 国家电网公司 | Data integration method and apparatus |
SG11201806423QA (en) * | 2015-12-24 | 2018-08-30 | Haventec Pty Ltd | Improved storage system |
CN107247907A (en) * | 2017-04-28 | 2017-10-13 | 国电南瑞科技股份有限公司 | A kind of electric automobile interconnects Information Security Defending System |
CN112401477A (en) * | 2020-09-01 | 2021-02-26 | 深圳中时利和科技有限公司 | Electronic information intelligent management device based on computer and use method |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1885275A (en) * | 2005-06-20 | 2006-12-27 | 中兴通讯股份有限公司 | Embedded system and real-time monitoring and processing method thereof |
CN101488113A (en) * | 2008-11-25 | 2009-07-22 | 华为技术有限公司 | Device driver field implementing method, system and apparatus |
CN101533437A (en) * | 2008-03-11 | 2009-09-16 | 北京路模思科技有限公司 | System and method thereof for carrying out security control to computer hardware equipment |
CN102110007A (en) * | 2009-12-29 | 2011-06-29 | 中国长城计算机深圳股份有限公司 | Interaction method and system for BIOS/UEFI and virtual machine monitor |
CN102194064A (en) * | 2010-03-12 | 2011-09-21 | 中国长城计算机深圳股份有限公司 | I/O (Input/Output) monitoring method |
CN102231138A (en) * | 2011-07-08 | 2011-11-02 | 上海交通大学 | Accurate memory data acquisition system and method of computer |
CN102254117A (en) * | 2011-07-07 | 2011-11-23 | 李鹏 | Virtualized technology-based data anti-disclosure system |
CN102446248A (en) * | 2010-09-30 | 2012-05-09 | 国际商业机器公司 | Device and method for protecting memory data of computing device in enterprise network system |
CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5576563B2 (en) * | 2011-06-23 | 2014-08-20 | インターナショナル・ビジネス・マシーンズ・コーポレーション | Information processing apparatus, method, and program for managing confidential information |
-
2014
- 2014-08-22 CN CN201410419234.XA patent/CN104182691B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1885275A (en) * | 2005-06-20 | 2006-12-27 | 中兴通讯股份有限公司 | Embedded system and real-time monitoring and processing method thereof |
CN101533437A (en) * | 2008-03-11 | 2009-09-16 | 北京路模思科技有限公司 | System and method thereof for carrying out security control to computer hardware equipment |
CN101488113A (en) * | 2008-11-25 | 2009-07-22 | 华为技术有限公司 | Device driver field implementing method, system and apparatus |
CN102110007A (en) * | 2009-12-29 | 2011-06-29 | 中国长城计算机深圳股份有限公司 | Interaction method and system for BIOS/UEFI and virtual machine monitor |
CN102194064A (en) * | 2010-03-12 | 2011-09-21 | 中国长城计算机深圳股份有限公司 | I/O (Input/Output) monitoring method |
CN102446248A (en) * | 2010-09-30 | 2012-05-09 | 国际商业机器公司 | Device and method for protecting memory data of computing device in enterprise network system |
CN102254117A (en) * | 2011-07-07 | 2011-11-23 | 李鹏 | Virtualized technology-based data anti-disclosure system |
CN102231138A (en) * | 2011-07-08 | 2011-11-02 | 上海交通大学 | Accurate memory data acquisition system and method of computer |
CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
Non-Patent Citations (2)
Title |
---|
李安伦.基于Xen隔离的嵌入式Linux系统安全增强技术.《信息科技辑》.2013, * |
李志勇.一种基于终端安全技术的数据防泄露系统的设计与实现.《信息科技辑》.2013, * |
Also Published As
Publication number | Publication date |
---|---|
CN104182691A (en) | 2014-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10050982B1 (en) | Systems and methods for reverse-engineering malware protocols | |
US9679160B1 (en) | Systems and methods for maintaining encrypted search indexes on third-party storage systems | |
US10484352B2 (en) | Data operations using a proxy encryption key | |
CN103763313B (en) | File protection method and system | |
US9215067B2 (en) | Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters | |
CN104618096B (en) | Protect method, equipment and the TPM key administrative center of key authorization data | |
US10452564B2 (en) | Format preserving encryption of object code | |
US20170099144A1 (en) | Embedded encryption platform comprising an algorithmically flexible multiple parameter encryption system | |
CN103246850A (en) | Method and device for processing file | |
US10536276B2 (en) | Associating identical fields encrypted with different keys | |
CN104182691B (en) | data encryption method and device | |
US20200356642A1 (en) | Enabling an encrypted software module in a container file | |
JP2015527803A (en) | User terminal device and encryption method for encryption in cloud computing environment | |
CN107733904A (en) | A kind of method, apparatus and platform of virtual-machine data encryption and decryption | |
Bossi et al. | What users should know about full disk encryption based on LUKS | |
CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
WO2019231761A1 (en) | Locally-stored remote block data integrity | |
CN109450620A (en) | The method and mobile terminal of security application are shared in a kind of mobile terminal | |
CN102129540A (en) | File dynamic transparent encryption and decryption method | |
CN108111622A (en) | A kind of method, apparatus and system for downloading whitepack library file | |
CN108134673A (en) | A kind of method and device for generating whitepack library file | |
US20150117640A1 (en) | Apparatus and method for performing key derivation in closed domain | |
CN106326733A (en) | Method and apparatus for managing applications in mobile terminal | |
KR101473656B1 (en) | Method and apparatus for security of mobile data | |
KR102542213B1 (en) | Real-time encryption/decryption security system and method for data in network based storage |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant |