CN105893852A - First author leakage prevention application system based on Windows EFS transparent encryption - Google Patents

First author leakage prevention application system based on Windows EFS transparent encryption Download PDF

Info

Publication number
CN105893852A
CN105893852A CN201510309895.1A CN201510309895A CN105893852A CN 105893852 A CN105893852 A CN 105893852A CN 201510309895 A CN201510309895 A CN 201510309895A CN 105893852 A CN105893852 A CN 105893852A
Authority
CN
China
Prior art keywords
file
module
program
efs
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510309895.1A
Other languages
Chinese (zh)
Inventor
随海涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinan Ya Dong Software Technology Co Ltd
Original Assignee
Jinan Ya Dong Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinan Ya Dong Software Technology Co Ltd filed Critical Jinan Ya Dong Software Technology Co Ltd
Priority to CN201510309895.1A priority Critical patent/CN105893852A/en
Publication of CN105893852A publication Critical patent/CN105893852A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6281Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database at program execution time, where the protection is within the operating system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention provides a first author leakage prevention application system based on Windows EFS transparent encryption. The system mainly comprises three modules: a user creating module, a HOOK loading module and a file operation module. The user creating module starts a dlp program at first, determines whether an account is created by a program itself, and if the account is not created by the program itself, creates a new user, imports a security certificate and sets a login password, or if the account is created by the program itself, calls a GetUserName function to obtain information of a current user, and calls CreateProcessWithLogon to start a program. The HOOK loading module intercepts various operations performed on a file by means of an API function, and if the file is additionally stored, encrypts the file by means of an EncryptFile function. The file operation module is logged into by using the account created by the program itself, so a corresponding session is also an account created by the program itself, and therefore, the encrypted file of the dlp program can be opened. The system adds the DLP program in addition to the EFS carried by the system to prevent transfer and leakage, so as to reduce leakage of company information and decrease economic losses.

Description

The anti-application system of divulging a secret of a kind of the first authors based on Windows EFS transparent encryption
Technical field
The present invention relates to the anti-application system of divulging a secret of a kind of the first authors based on Windows EFS transparent encryption, particularly The various operating functions of file are encrypted on the basis of EFS again, prevent the leakage of company information, cause economy Loss.
Background technology
EFS encrypts based on PKI, is transparent to user, if you have encrypted some data, you are to these data Access allow completely, various file operation can be carried out, will not be any way limited.But this system be On the basis of file encryption system, be again encrypted and imported safety certificate and user logs in password etc., first Judge whether it is self program account, be not to create, and call HOOK module and be encrypted, make file carrying out each Judge whether to belong to safe condition when planting operation.
Along with the development of science and technology, the flow of personnel of various companies is bigger, and company personnel's registration is left office, public to this Department's information technology can get compromised, and this causes serious economic loss generally exist.Based on Windows EFS The anti-application system of divulging a secret of the first authors of transparent encryption well solves this problem, in the various situations of company's license Under carry out the various operations of file, unallowed operation, then intercepted by EncryptFile function, protect The information of company.
Summary of the invention
The invention aims to effectively prevent divulging a secret of Company File information, it is achieved the safeguard protection of file.
The present invention relates to the anti-application system of divulging a secret of a kind of the first authors based on Windows EFS transparent encryption, including using Family creation module, HOOK module, file operation module three parts.Wherein, HOOK module runs through whole program.
System of the present invention uses the api interface of standard, user application, operational order three architecture, based on behaviour The user interface exploitation making system forms, and by open api interface platform, carrys out the file encryption within calling system System, and the application program of user oneself, by sending operational order to computer, computer is by the bottom of calling system The program in portion produces response, and is encrypted file, the information protecting company with this, causes sternly with anti-leak The economic loss of weight.The cipher mode that native system uses is on the basis of EFS, by login user account, and imports Safety certificate, realizes the first step of file security, after logging in successfully, when carrying out the various operating function of file, File can be judged again, if the function that company forbids, then call the EncryptFile function oneself write The function the most further fileinfo carrying out stoping file to be forbidden will not be compromised, the file sent out in time Also being the file through having encrypted, open is also ciphertext, will not normally show, or be denied access.
The EFS that windows carries is accomplished that:
1, EFS the machine will not active encryption file, need user to be manually set to encrypted state.
As long as 2, the machine logs in, all programs can have access in plain text..
3, after the machine logs in, file copies to fatU dish or subregion, can automatically decipher.
4, network program, send is directly normal plaintext.
Being different from the EFS that windows carries is:
As long as 1 opens the document that editor specifies, document will automatically become ciphertext.
Even if 2 log in, log in the program of startup so long as not secured account, just cannot open the document of encryption.
3, when file is carried out network program, what document sent out remains encryption file, or is denied access.
Accompanying drawing explanation
Fig. 1 is the file encryption schematic flow sheet of the present invention.
Fig. 2 is the flow chart of three big modules.
Detailed description of the invention
Below in conjunction with specific embodiment, the present invention will be described in detail.
Owing to the present invention is the EFS carried based on windows, before carrying out the operation of file, first determine whether It is program account, if system account, then carries out the operation of file, and the most also can be by loading HOOK module API Function, intercepts the various forbidden operation of file, and carrying out the guarantee of a series of encipheror will not Occur in plain text.If not program account, then with new program creation account, and import the use certificate of secured account, And it is provided with login password, and carry out following operation, the protection carrying out file with this and encryption, prevent information Reveal, in case causing serious economic loss.
The first authors based on Windows EFS transparent encryption prevents divulging a secret the realization of application system:
1, user's creation module:
Before file operates, system starts Aegis dlp program automatically, it is judged that whether self is program account, If it is import the use certificate of secured account, and setting logs in password;If not system self program account, Then system will not give this account authorization.
2, safe HOOK module is loaded:
HOOK module is by api function, the file of hook procedure separately deposit operation, if saving as, or newly The file built, just calls EncryptFile function and file is encrypted.Ensure the file of encryption, do not have bright Literary composition file, even if transmitting or copying away, is also the file of encryption, or forbids accessing.
3, file operation module:
When opening file, system can start the application program of correspondence, because dlp is logging in by existing account, So being also allowed account at the session environment that startup program is corresponding, the literary composition of dlp encryption therefore can be opened Part.
The above, the only present invention preferably detailed description of the invention, but protection scope of the present invention is not limited thereto, Any those familiar with the art is in the technical scope that the invention discloses, according to technical scheme And inventive concept equivalent or change in addition, all should contain within protection scope of the present invention.

Claims (3)

1. the anti-application system of divulging a secret of the first authors based on Windows EFS transparent encryption, it is characterised in that bag Include open platform api interface, user's creation module, load safe HOOK module and file operation module;
User's creation module: judge whether self is program user, judges whether to need to create account with this;
HOOK load-on module: load HOOK module when file operates, prevent the leakage of information;
File operation module: staff carry out the writing of file, revise, the various operations such as preservation;
Aegis dlp starts, if program user then loads HOOK module, and the protection literary composition when file carries out various operation Part information, if not the most newly created user of program user, the forbidden operation of file can under the protection of HOOK module not Give mandate quiescing.
The anti-application system of divulging a secret of the first authors based on Windows EFS transparent encryption the most according to claim 1, It is characterized in that, utilize api interface open platform to write, and the EFS carried based on windows, in file operation On the basis of added safe key and user's login security mode, prevent the leakage of information.
The anti-application system of divulging a secret of the first authors based on Windows EFS transparent encryption the most according to claim 1, It is characterized in that, by api interface, user application, three structural framings of operational order realize adding of file Close.
CN201510309895.1A 2015-06-04 2015-06-04 First author leakage prevention application system based on Windows EFS transparent encryption Pending CN105893852A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510309895.1A CN105893852A (en) 2015-06-04 2015-06-04 First author leakage prevention application system based on Windows EFS transparent encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510309895.1A CN105893852A (en) 2015-06-04 2015-06-04 First author leakage prevention application system based on Windows EFS transparent encryption

Publications (1)

Publication Number Publication Date
CN105893852A true CN105893852A (en) 2016-08-24

Family

ID=57002124

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510309895.1A Pending CN105893852A (en) 2015-06-04 2015-06-04 First author leakage prevention application system based on Windows EFS transparent encryption

Country Status (1)

Country Link
CN (1) CN105893852A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351269A (en) * 2019-07-05 2019-10-18 苏州思必驰信息科技有限公司 The method for logging in open platform by third-party server

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof
CN101901313A (en) * 2010-06-10 2010-12-01 中科方德软件有限公司 Linux file protection system and method
US8386768B2 (en) * 2006-02-08 2013-02-26 Safenet, Inc. High performance data encryption server and method for transparently encrypting/decrypting data
CN103530570A (en) * 2013-09-24 2014-01-22 国家电网公司 Electronic document safety management system and method
CN104426836A (en) * 2013-08-20 2015-03-18 深圳市腾讯计算机系统有限公司 Invasion detection method and device
CN104680079A (en) * 2015-02-04 2015-06-03 上海信息安全工程技术研究中心 Electronic document security management system and electronic document security management method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8386768B2 (en) * 2006-02-08 2013-02-26 Safenet, Inc. High performance data encryption server and method for transparently encrypting/decrypting data
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof
CN101901313A (en) * 2010-06-10 2010-12-01 中科方德软件有限公司 Linux file protection system and method
CN104426836A (en) * 2013-08-20 2015-03-18 深圳市腾讯计算机系统有限公司 Invasion detection method and device
CN103530570A (en) * 2013-09-24 2014-01-22 国家电网公司 Electronic document safety management system and method
CN104680079A (en) * 2015-02-04 2015-06-03 上海信息安全工程技术研究中心 Electronic document security management system and electronic document security management method

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110351269A (en) * 2019-07-05 2019-10-18 苏州思必驰信息科技有限公司 The method for logging in open platform by third-party server
CN110351269B (en) * 2019-07-05 2021-09-24 思必驰科技股份有限公司 Method for logging in open platform through third-party server

Similar Documents

Publication Publication Date Title
US9009858B2 (en) Systems and methods for providing and managing distributed enclaves
CN104331644B (en) A kind of transparent encipher-decipher method of intelligent terminal file
CN101453327B (en) Information leakage prevention system
CN103686716B (en) Android access control system for enhancing confidentiality and integrality
Dye et al. A standard for developing secure mobile applications
CN104168291A (en) Data access method, data access device and terminal
CN105718794B (en) The method and system of safeguard protection are carried out to virtual machine based on VTPM
CN102043927A (en) Computer system for data divulgence protection
CN107852585A (en) improve the performance of packaged application program
CN102799539B (en) A kind of safe USB disk and data active protection method thereof
CN104077244A (en) Process isolation and encryption mechanism based security disc model and generation method thereof
CN104113839A (en) Mobile data safety protection system and method based on SDN
CN105843653A (en) TA (trusted application) configuration method and device
CN102611732A (en) Encryption document outgoing control system and method on basis of B/S (Browser/Server) framework
CN104219077A (en) Information management system for middle and small-sized enterprises
CN102663313B (en) Method for realizing information security of computer system
CN103457736A (en) System and method for receiving and sending official document based on WEB
Mustyala et al. Advanced Security Mechanisms in Kubernetes: Isolation and Access Control Strategies
WO2014067222A1 (en) System and method for isolating mobile data
CN103870761B (en) Divulgence prevention method and device based on local virtual environment
CN104182667B (en) Data guard method and device based on screen locking
CN105893852A (en) First author leakage prevention application system based on Windows EFS transparent encryption
CN108614709A (en) A kind of method and system of control Android applications secure access network
CN106453398B (en) A kind of data encryption system and method
CN104820803B (en) Data sharing method between enterprise mobile application

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20160824

WD01 Invention patent application deemed withdrawn after publication