CN104462999B - FAT32 file system data encryption methods - Google Patents

FAT32 file system data encryption methods Download PDF

Info

Publication number
CN104462999B
CN104462999B CN201410773806.4A CN201410773806A CN104462999B CN 104462999 B CN104462999 B CN 104462999B CN 201410773806 A CN201410773806 A CN 201410773806A CN 104462999 B CN104462999 B CN 104462999B
Authority
CN
China
Prior art keywords
data
encryption
file system
fat32
fat32 file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410773806.4A
Other languages
Chinese (zh)
Other versions
CN104462999A (en
Inventor
杨举岷
刘海
殷国良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Hangxing Technology Co Ltd
Original Assignee
Beijing Hangxing Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Hangxing Technology Co Ltd filed Critical Beijing Hangxing Technology Co Ltd
Priority to CN201410773806.4A priority Critical patent/CN104462999B/en
Publication of CN104462999A publication Critical patent/CN104462999A/en
Application granted granted Critical
Publication of CN104462999B publication Critical patent/CN104462999B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/1737Details of further file system functions for reducing power consumption or coping with limited storage space, e.g. in mobile devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of FAT32 file system datas encryption protecting method, information security field and field of data storage are related to.This method is relative to the cipher mode of traditional FTA32 file system, and clear portion and cipher text part are respectively by the mode of special FAT table progress encryption and decryption index progress encryption and decryption.The present invention carries out encryption and decryption index management using cleartext-ciphertext is unified by same FAT table.The method can unify the size in plaintext region and ciphertext region inside subregion with dynamically distributes, so as to reduce to the full extent because cleartext-ciphertext is stored separately the wasted storage brought, have higher practical value.

Description

FAT32 file system data encryption methods
Technical field
It is more particularly to a kind of for now widely used the invention belongs to information security field and field of data storage FAT32 file system data encryption protecting methods.
Background technology
With the rapid development of information technology, increasing information is stored in the form of computer documents, such as FAT32 Document form.Along with the convenient of information-based storage, storage security problem has been to be concerned by more and more people.
While strengthening storage safety by the way that file is encrypted in the prior art, but strengthen storing safe, also Bring some inconvenience:Such as the cipher mode to FTA32 file system, parsed just in subregion, so that it is determined that plus The mode of the encryption technology scope of ciphertext data.In actual use, traditional mode, i.e., the encryption model carried out for subregion Enclosing the mode of delimitation can bring some inconvenient for use.Such as when total storage space size is 2G, encrypted partition and non-encrypted point Area is respectively 1G.When using encrypted partition and non-encrypted subregion simultaneously, the waste of memory space is likely to result in.Reason is root According to FAT32 file organization form, it is necessary to first appoint partition size, FAT table organizational form is big according to pre-assigned subregion It is small and determine.I.e. after the 1G encrypted partitions whole use distributed, and when there are the new needs to store the data of encryption, do not have Enough memory spaces.By subregion is limited, it is impossible to dynamic adjustment encryption part and the size space of non-encrypted part.Tradition Mode core is stored in clear index with ciphertext storage so for two independent FAT tables.
The content of the invention
In order to solve the above problems, the invention provides a kind of FAT32 file system datas encryption protecting method, and it is wrapped Include:Preamble reception step, FAT32 file system data information, institute are intercepted and captured before FAT32 file system is stored in storage medium Stating FAT32 file system datas information includes FAT table, DBR areas and data numeric field data;Address date analyzing step, described in reception The FAT32 file system datas information that preamble reception step is sent, and parsed with by the data field region and FAT Table, DBR are distinguished and left;The data encryption step of symmetry algorithm, use symmetry algorithm to be encrypted the data numeric field data with Encryption data is obtained, to obtain the data encrypted are not done without encrypting to FAT table and DBR areas, wherein, encryption key and decryption Key is identical and unique, and the step is carried out when CPU writes the file of FAT32 forms to the storage medium;Data forwarding walks Suddenly, the encryption data that the data encryption step through the symmetry algorithm is obtained and the data encrypted are not done forwarded.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that in the data encryption of symmetry algorithm Before step, the FAT32 file system datas encryption method also includes:The enabled step of encryption, notifies the symmetry algorithm Whether the currently processed data of data encryption step are encrypted.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that the FAT32 file system number Also include according to encryption protecting method:The data decryption step of symmetry algorithm, the data encryption step through the symmetry algorithm is obtained To encryption data be decrypted, the step CPU from the storage medium read FAT32 forms file when carry out.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that in the data deciphering of symmetry algorithm Before step, the FAT32 file system datas encryption protecting method also includes:The enabled step of decryption, notify the symmetrical calculation Whether the data that the data decryption step of method is currently processed are decrypted.
According to FAT32 file system datas encryption protecting method as described above, it is preferable that by through the symmetry algorithm When the encryption data and clear data that data encryption step obtains are stored, for storing the plaintext of the clear data Storage region and the storage index in the cipher text storage area domain for storing the encryption data are a public index.
The beneficial effect that technical scheme provided in an embodiment of the present invention is brought is:
Feature division is not encrypted for subregion in the present invention.Change traditional first agreement encrypted partition, after used Mode.By the way of whether real-time man-machine interface mark needs to encrypt.Parsed for this to FTA32 file system When, it is different from traditional approach encrypted partition internal data and all encrypts, including (data numeric field data, FAT table data);This method is only Encrypted data fields partial data (FAT table data are not encrypted).Because file system is in actual use, file index is by FAT table Carry out, and all (index and ciphertext index in plain text) is a public index to the file inside this subregion, cleartext-ciphertext is unified Encryption and decryption index management is carried out by same FAT table, shares its global storage space, you can realize plaintext region and ciphertext region Dynamic size distribution, so as to reducing to the full extent because cleartext-ciphertext is stored separately the wasted storage brought, have higher Practical value.
Brief description of the drawings
Fig. 1 is that a kind of entirety of execution FAT32 file system data encryption protecting methods provided in an embodiment of the present invention is patrolled Collect configuration diagram;
Fig. 2 is a kind of logic realization side of FAT32 file system datas encryption protecting method provided in an embodiment of the present invention Formula schematic diagram:
Fig. 3 is a kind of FAT32 file system structures schematic diagram provided in an embodiment of the present invention.
Embodiment
The present invention is described in further details with reference to the accompanying drawings and detailed description.
Referring to Fig. 1-Fig. 3, the embodiments of the invention provide a kind of FAT32 file system datas encryption protecting method, and it is wrapped Include following steps:
Preamble reception step, FAT32 file system datas letter is intercepted and captured before FAT32 file system is stored in storage medium Breath, FAT32 file system datas information include FAT table, DBR areas and data numeric field data;
Address date analyzing step, the FAT32 file system data information that preamble reception step is sent is received, and solved Analyse to distinguish and leave data field region and FAT table, DBR;
Specifically, address date analyzing step parsing data method need analysis judgment to go out, data field partial data and Non-data domain partial data, so as to define the data of part FAT32 file system whether be encryption actually active part.And Be not by subregion is different or hidden partition form judge the partial data whether be encryption actually active part.I.e. originally Method encrypted data fields part in file system, and it is different from the form that other modes data field is encrypted together with FAT table.
The data encryption step of symmetry algorithm, symmetry algorithm is used to be encrypted data numeric field data to obtain encryption number According to, to obtain the data encrypted are not done without encrypting to FAT table and DBR areas, wherein, encryption key it is identical with decruption key and Uniquely, the step is carried out when CPU writes the file of FAT32 forms to storage medium;
Data forwarding step, the encryption data that the data encryption step through symmetry algorithm is obtained and does not do the data encrypted Forwarded.
Specifically, data forwarding step includes:
When the encryption data and clear data for obtaining the data encryption step through symmetry algorithm are stored, it is used for Store the storage index (FAT table) in the stored in clear region and the cipher text storage area domain for storing encryption data of clear data For a public index (FAT table).The file index in stored in clear region and cipher text storage area domain is not individually divided into two Individual or multiple independent indexes (FAT table)
For the ease of the use of user, that is, meet the needs of personalized, before the data encryption step of symmetry algorithm, FAT32 file system data encryption methods also include:The enabled step of encryption, notifies the data encryption step of symmetry algorithm currently to locate Whether the data of reason are encrypted.In practice, the pattern of human intervention can be used to cause the step to perform or abandon.
FAT32 file system data encryption protecting methods also include:
The data decryption step of symmetry algorithm, the encryption data obtained to the data encryption step through symmetry algorithm solve Close, the step is carried out when CPU reads the file of FAT32 forms from storage medium.
Before the data decryption step of symmetry algorithm, FAT32 file system data encryption protecting methods also include:Decryption Enabled step, notifies whether the currently processed data of the data decryption step of symmetry algorithm are decrypted.
It should be noted that:Above-mentioned encrypting/decrypting method is applied to bridge joint in any type of operating system and FAT32 texts Between part system.Characterized in that, when operating system (OS) writes FAT32 file system datas, realized and added by this method Close service.When operating system reads data from FAT32 file system, decryption service is realized by this method.
The embodiments of the invention provide a kind of FAT32 file system datas encipherment protection device, it includes preamble reception mould Block, address date parsing module, the number FAT32 file system data encipherment protection devices of symmetry algorithm are according to encrypting module and data Forwarding module.
Preamble reception device:For a kind of data processing module, its module application position is operating system (OS) and file system Between the medium (CD, hard disk, FLASH storage mediums) of (FS) data storage of uniting.Its physical manifestation is hardware or soft Part.Its function is that all files system data information is intercepted and captured before FAT32 file system is stored in storage medium, including FAT Table, DBR areas, data field etc..The data message that the module is intercepted and captured is forwarded to address date parsing module.
Address date parsing module:For a kind of data resolution module, its module application position is after preposition receiving device. Receive preamble reception apparatus module and change the whole FAT32 file system datas come, and parsed.The module is by number of files Separated according to numeric field data and FAT32 chained lists, DBR areas etc., and the data division for needing to decrypt is forwarded to the data of symmetry algorithm Encrypting module;
The data encryption module of symmetry algorithm:One kind data is encrypted/deciphering module by symmetry algorithm.It is applied Position is after address date parsing module.For to forwarding the data message come to be encrypted and decrypted.Encryption key and solution Key is identical and unique.Its encryption behavior refers to be carried out when writing the file of FAT32 forms from CPU to storage medium.It is solved Space-in is carried out to refer to when reading the file of FAT32 forms from storage medium from CPU.The module only adds to data numeric field data It is close, for FAT table, DBR regional documents without encryption.The module can enable module by encryption/transparent transmission and be controlled, and open Open and close encrypting and decrypting function;
Data forwarding module:A kind of data forwarding module, its forward data received including preamble reception device after not The data encrypted, including FAT table, DBR areas are done, and claims the data after data encryption module encryption/decryption of algorithm;
FAT32 file system data encipherment protection devices also include:Encryption/transparent transmission enables module:One kind is used to notify to claim The data encryption module of algorithm is currently needed for the module whether data of processing are encrypted/decrypt.Its advice method can lead to With hardware or software.The module reserves man-machine interface and is used for whether the module by the pattern notification of human intervention to start encryption Function;It can be realized the module in a manner of man-machine interaction, open or forbid encryption/decryption functionality.The feature of its module Show as a kind of physical equipment of hardware or a kind of software program.
During practical application, since 0 sector for boot sector, DBR areas (DOS BOOT RECORD) is that operating system is drawn Lead the meaning of recording areas, generally take up the 0th sector of subregion totally 512 bytes (special circumstances will also take other reserve sectors, We first say the 0th fan).In this 512 bytes, it is that manufacturer indicates and operating system version number again by jump instruction in fact, BPB (BIOS Parameter Block), extend BPB, OS bootstrap, a few part compositions of end mark.DBR phases in FAT32 It is as follows to close implication:
FAT1, FAT2, it is two chained lists, have recorded whether corresponding cluster has taken ground with next cluster respectively Location.It can be discussed in detail below.
Root directory table have recorded the related data of file of storage, including filename, file size, starting cluster, during establishment Between etc. information.Want to realize the encryption storage to encryption data, it is necessary to information above is realized and filtered, and passes through this method pair Information above does not do encryption and decryption processing, operating system is correctly identified, file format in storage medium, and cluster uses feelings Condition.Because the starting cluster of information above in media as well can be according to the different and variant of amount of capacity, it is necessary to according to actual conditions Calculate specific address.
DBR
Storage location is fixed as 512 bytes in the 0th sector to DBR in media as well, DBR reserve sectors defined in DBR Size, so DBR=Reserved sector
FAT1 FAT2
FAT32 relevant information defined in DBR.
FAT=sector per FAT*numbers of FATS
Root directory table
4k catalogue list files can be created after formatting after immediately following FAT table, catalogue listing as a kind of special in FAT32 File, its store mode by generic-document store in the way of carry out.
That is the starting 4k files of root are stored in immediately following the position after FAT table, and when catalogue listing is not enough, meeting Inquiry FAT table continues to preserve file directory in other places.Therefore, the position of catalogue listing and do not know, it is desirable to preserve all Catalogue listing FAT table must be traveled through, and the position that FAT table is preserved preserves, in data communication phase, to FAT table Read-write operation does not do encryption and decryption processing.
Pass through filter operation of the stage of communication to DBR+FAT+ roots, you can realize the dynamic encryption to file.
In summary, the embodiment of the present invention has the beneficial effect that:
Feature division is not encrypted for subregion in the present invention.Change traditional first agreement encrypted partition, after used Mode.By the way of whether real-time man-machine interface mark needs to encrypt.Parsed for this to FTA32 file system When, it is different from traditional approach encrypted partition internal data and all encrypts, including (data numeric field data, FAT table data);This method is only Encrypted data fields partial data (FAT table data are not encrypted).Because file system is in actual use, file index is by FAT table Carry out, and all (index and ciphertext index in plain text) is a public index to the file inside this subregion, cleartext-ciphertext is unified Encryption and decryption index management is carried out by same FAT table, shares its global storage space, you can realize plaintext region and ciphertext region Dynamic size distribution, so as to reducing to the full extent because cleartext-ciphertext is stored separately the wasted storage brought, have higher Practical value.
Unspecified part of the present invention belongs to general knowledge as well known to those skilled in the art.

Claims (4)

  1. A kind of 1. FAT32 file system datas encryption protecting method, it is characterised in that the FAT32 file system datas encryption Method includes:
    Preamble reception step, FAT32 file system data information is intercepted and captured before FAT32 file system is stored in storage medium, The FAT32 file system datas information includes FAT table, DBR areas and data numeric field data;
    Address date analyzing step, the FAT32 file system datas information that the preamble reception step is sent is received, and added The data field region and FAT table, DBR are distinguished and left to parse;
    The data encryption step of symmetry algorithm, symmetry algorithm is used to be encrypted the data numeric field data to obtain encryption number According to, to obtain the data encrypted are not done without encrypting to FAT table and DBR areas, wherein, encryption key it is identical with decruption key and Uniquely, the step is carried out when CPU writes the file of FAT32 forms to the storage medium;
    In data forwarding step, encryption and decryption index management pattern is carried out by same FAT table using cleartext-ciphertext is unified, in number When the encryption data and clear data obtained according to encrypting step is stored, for storing the stored in clear area of clear data The storage index in domain and the cipher text storage area domain for storing encryption data is a public index.
  2. 2. FAT32 file system datas encryption protecting method according to claim 1, it is characterised in that in symmetry algorithm Data encryption step before, the FAT32 file system datas encryption method also includes:Encrypt and enable step, described in notice Whether the data that the data encryption step of symmetry algorithm is currently processed are encrypted.
  3. 3. FAT32 file system datas encryption method according to claim 1, it is characterised in that the FAT32 files system System protecting data encryption method also includes:
    The data decryption step of symmetry algorithm, the encryption data obtained to the data encryption step through the symmetry algorithm solve Close, the step is carried out when CPU reads the file of FAT32 forms from the storage medium.
  4. 4. FAT32 file system datas encryption method according to claim 3, it is characterised in that in the number of symmetry algorithm Before decryption step, the FAT32 file system datas encryption protecting method also includes:
    The enabled step of decryption, notifies whether the currently processed data of the data decryption step of the symmetry algorithm are decrypted.
CN201410773806.4A 2014-12-12 2014-12-12 FAT32 file system data encryption methods Active CN104462999B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410773806.4A CN104462999B (en) 2014-12-12 2014-12-12 FAT32 file system data encryption methods

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410773806.4A CN104462999B (en) 2014-12-12 2014-12-12 FAT32 file system data encryption methods

Publications (2)

Publication Number Publication Date
CN104462999A CN104462999A (en) 2015-03-25
CN104462999B true CN104462999B (en) 2018-01-12

Family

ID=52909021

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410773806.4A Active CN104462999B (en) 2014-12-12 2014-12-12 FAT32 file system data encryption methods

Country Status (1)

Country Link
CN (1) CN104462999B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112148791B (en) * 2020-09-15 2024-05-24 张立旭 Distributed data dynamic adjustment storage method and system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916948A (en) * 2012-09-29 2013-02-06 深圳市易联盛世科技有限公司 Data safety processing method and device, and terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7917479B2 (en) * 2007-03-20 2011-03-29 Micron Technology, Inc. Non-volatile memory devices, systems including same and associated methods
CN101441634A (en) * 2007-11-19 2009-05-27 凤凰微电子(中国)有限公司 Embedded type file system suitable for smart card application environment
CN101667162B (en) * 2008-09-02 2011-03-23 英业达股份有限公司 System and method for encrypting and decrypting file
CN102654870A (en) * 2011-03-03 2012-09-05 赛酷特(北京)信息技术有限公司 Data protection method based on fat32 file system format
CN103558994A (en) * 2013-09-29 2014-02-05 记忆科技(深圳)有限公司 Method for encrypting solid state disk partitions and solid state disk

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102916948A (en) * 2012-09-29 2013-02-06 深圳市易联盛世科技有限公司 Data safety processing method and device, and terminal

Also Published As

Publication number Publication date
CN104462999A (en) 2015-03-25

Similar Documents

Publication Publication Date Title
JP4398145B2 (en) Method and apparatus for automatic database encryption
US8621241B1 (en) Storage and recovery of cryptographic key identifiers
JP3741357B2 (en) Data storage method and system, and data storage processing recording medium
JP4593549B2 (en) File automatic decryption encryption system and program
KR20080090672A (en) Method and apparatus for protecting digital contents stored in usb mass storage device
CN105701410B (en) The method, apparatus and system of information in a kind of acquisition source code
WO2001075562A3 (en) Digital rights management within an embedded storage device
US20140129848A1 (en) Method and Apparatus for Writing and Reading Hard Disk Data
CN105718808A (en) File encryption storage system and method based on multiple network disks
EP3248135A1 (en) File encryption support for fat file systems
Bagci et al. Codo: Confidential data storage for wireless sensor networks
WO2021169121A1 (en) Method for switching between data storage schemes, device, and storage medium
CN106713334A (en) Encryption method, decryption method, access method and corresponding apparatuses of virtual storage volume
CN115268793A (en) Data safety deleting method based on data encryption and overwriting
CN111581647B (en) File encryption and decryption method and device
CN103425938B (en) The folder encryption method of one kind Unix operating system and device
CN104462999B (en) FAT32 file system data encryption methods
JP2009064055A (en) Computer system and security management method
EP2487619A2 (en) Information processing apparatus, information processing method and program
CN101908361A (en) Method for hiding private information of U disk
US20170139842A1 (en) Storage system and cache control apparatus for storage system
CN115470506B (en) Homomorphic mapping-based secure file system implementation method
CN108737553B (en) Virtual data terminal for LAN ad hoc network and system thereof
JP2004326260A (en) Data writing method and data reading method and data recording device using them
CN104036201A (en) Application-layer file hiding method on Windows operating system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
ASS Succession or assignment of patent right

Owner name: BEIJING HANGXING TECHNOLOGY CO., LTD.;CHINA JILIAN

Free format text: FORMER OWNER: BEIJING HANGXING TECHNOLOGY DEVELOPMENT CO., LTD.

Effective date: 20150721

C41 Transfer of patent application or patent right or utility model
TA01 Transfer of patent application right

Effective date of registration: 20150721

Address after: 100013 Beijing City, Dongcheng District Hepingli Street No. 11

Applicant after: Beijing Hangxing Technology Co., Ltd.

Address before: 100013 Beijing City, Dongcheng District Hepingli Street No. 11

Applicant before: Beijing Hangxing Technology Development Co., Ltd.

GR01 Patent grant
GR01 Patent grant