CN107292196A - The reading/writing method and device of I/O data - Google Patents

The reading/writing method and device of I/O data Download PDF

Info

Publication number
CN107292196A
CN107292196A CN201710500826.8A CN201710500826A CN107292196A CN 107292196 A CN107292196 A CN 107292196A CN 201710500826 A CN201710500826 A CN 201710500826A CN 107292196 A CN107292196 A CN 107292196A
Authority
CN
China
Prior art keywords
file
written
read
module
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710500826.8A
Other languages
Chinese (zh)
Inventor
张胜玉
游峰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Internet Science And Technology Ltd Of Cloud Of China
Original Assignee
Beijing Internet Science And Technology Ltd Of Cloud Of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Internet Science And Technology Ltd Of Cloud Of China filed Critical Beijing Internet Science And Technology Ltd Of Cloud Of China
Priority to CN201710500826.8A priority Critical patent/CN107292196A/en
Publication of CN107292196A publication Critical patent/CN107292196A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiments of the invention provide a kind of reading/writing method of I/O data and device.The reading/writing method of the I/O data, including:When application call Win32 API application programming interfaces carry out written document, write request is sent to filter Driver on FSD module by Win32 API, and said write asks to carry the mark of file to be written;The filter Driver on FSD module judges whether the file to be written needs encryption according to the application program and the mark and the first prefabricated rule of the file to be written, generates judged result;When the judged result is:When file to be written needs encryption, the write request of the file to be written is redirected to micro- redirector MiniRDR drive modules;The MiniRDR drive modules create the FCB file control blocks or FileObject file objects of the file to be written according to the mark of the file to be written;The data flow of the file to be written is encrypted encrypting module;The data flow of the file to be written after encryption is write disk or network by file I/O module.

Description

The reading/writing method and device of I/O data
Technical field
The present invention relates to the reading/writing method and device of computer field of storage, more particularly to a kind of I/O data.
Background technology
Transparent encryption technology is a kind of file ciphering technology that pin enterprise arises at the historic moment to the privacy requirements of industry file in recent years. It is so-called transparent, refer to it is unknown for user.When user is opening or editing specified file, system will be automatic right The file of unencryption is encrypted, and the file encrypted is decrypted automatically.File is ciphertext on hard disk, is bright in internal memory Text.Once leaving use environment, it can not be opened due to the service that application program can not be decrypted automatically, so that protection of getting up The effect of file content.
Traditional transparent encryption method is to use filter Driver on FSD technology, is encrypted when file is written into, and is read When decrypt.However, the closure (not increasing income) due to Windows file system in itself, and in file system driver The caching of portion's management is uncontrollable, so that having very maximum probability causes file corruption (the partial content encryption of file).
With technological progress, occur one kind on the market and be double-layered transparent encryption technologies, so-called double- Layered refers to double layer encryption, and one layer is filter Driver on FSD, and one layer is oneself to realize a small files system in addition, by Whether filtration drive encrypts according to formula area single cent part.Fcb/fileobject (file control block, or file of the file of encryption Object) by oneself realize small files system creation, therefore identical file two states by different file system drivers Realize, the above will not be caused due to file corruption problem caused by cache.But the shortcoming of the technology be also it is obvious just It is to realize that the workload of a file system is huge (more than 5 man-years), and can not compatible all main flow Windows operations systems System.That is, the realization of current file level transparent encryption is main, implementation is very cumbersome by the way of double medium filtration, And producing problem a lot, reliability is relatively low.
The content of the invention
The embodiment provides a kind of reading/writing method of I/O data and device, the present invention can be simplified The implementation complexity that file system transparent is encrypted under Windows.
To achieve these goals, this invention takes following technical scheme.
A kind of reading/writing method of I/O data, methods described includes:
When application call Win32 API application programming interfaces carry out written document, Win32 API will write please Ask and be sent to filter Driver on FSD module, said write asks to carry the mark of file to be written;
The filter Driver on FSD module is pre- according to the application program and the mark of the file to be written and first System rule, judges whether the file to be written needs encryption, generates judged result;
When the judged result is:When the file to be written needs encryption, by the write request of the file to be written It is redirected to micro- redirector MiniRDR drive modules;
The MiniRDR drive modules create the FCB texts of the file to be written according to the mark of the file to be written Part control block or FileObject file objects;
Encrypting module is according to the FCB or FileObject of the file to be written, to the data flow of the file to be written It is encrypted;
File I/O module is according to the FCB or FileObject of the file to be written, by the text to be written after encryption The data flow write-in disk or network of part.
A kind of read-write equipment of I/O data, including:
Sending module, when application call Win32 API application programming interfaces carry out written document, Win32 Write request is sent to filter Driver on FSD module by API, and said write asks to carry the mark of file to be written;
Filter Driver on FSD module, according to the application program and the mark of the file to be written and the first prefabricated rule Then, judge whether the file to be written needs encryption, generate judged result;
Redirection module, when the judged result is:When the file to be written needs encryption, by the file to be written Write request be redirected to micro- redirector MiniRDR drive modules;
MiniRDR drive modules, according to the mark of the file to be written, create the FCB files of the file to be written Control block or FileObject file objects;
Encrypting module, according to the FCB or FileObject of the file to be written, to the data flow of the file to be written It is encrypted;
File I/O module, according to the FCB or FileObject of the file to be written, by the text to be written after encryption The data flow write-in disk or network of part.
It can be seen from the technical scheme provided by embodiments of the invention described above in the embodiment of the present invention, above-described embodiment In, the present invention can automatically create the corresponding fcb/fileobject of ciphertext, simplify file system transparent under Windows and encrypt Implementation complexity.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, being used required in being described below to embodiment Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this For the those of ordinary skill of field, without having to pay creative labor, other can also be obtained according to these accompanying drawings Accompanying drawing.
Fig. 1 is a kind of process chart of the reading/writing method of I/O data provided in an embodiment of the present invention;
Fig. 2 is a kind of follow-up processing flow figure of the reading/writing method of I/O data provided in an embodiment of the present invention;
Fig. 3 is the process chart of written document in application scenarios of the present invention;
Fig. 4 is the process chart of reading file in application scenarios of the present invention;
Fig. 5 is a kind of connection diagram of the read-write equipment of I/O data provided in an embodiment of the present invention.
Embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning Same or similar element or element with same or like function are represented to same or similar label eventually.Below by ginseng The embodiment for examining accompanying drawing description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
As shown in figure 1, for a kind of reading/writing method of I/O data of the present invention, methods described includes:
Step 11, when application call Win32 API application programming interfaces carry out written document, Win32 API Write request is sent to filter Driver on FSD module, said write asks to carry the mark of file to be written, described to be written The mark for entering file can be file ID or file path, certainly, it will be understood by those skilled in the art that mark not limited to this.
Step 12, the filter Driver on FSD module according to the mark of the application program and the file to be written and First prefabricated rule, judges whether the file to be written needs encryption, generates judged result;Wherein, the first prefabricated rule can Think:When some specified application programs, and when judging file according to the ID of file to be written for predetermined file type, then treat Write-in file is encrypted.It can set according to actual needs.First prefabricated rule and the second prefabricated rule can with identical or It is different.When the judged result is:When the file to be written needs encryption, step 13 is performed;When the judged result is:Institute When stating file to be written and need not encrypt, step 17 is performed;
Step 13, when the judged result is:When the file to be written needs encryption, by writing for the file to be written Enter request and be redirected to micro- redirector MiniRDR drive modules;
Step 14, the MiniRDR drive modules create the file to be written according to the mark of the file to be written FCB file control blocks or FileObject file objects;
Step 15, encrypting module is according to the FCB or FileObject of the file to be written, to the file to be written Data flow is encrypted;
Step 16, file I/O module is according to the FCB or FileObject of the file to be written, will treat described in after encryption Write the data flow write-in disk or network of file.
In above-described embodiment, the present invention can automatically create the corresponding fcb/fileobject of ciphertext, simplify Windows The complexity of lower file system transparent encryption.
Before step 13, methods described also includes:
Step 130, whether judge the application program is trusted applications program;If YES, then step 13 is performed.
Optionally, methods described also includes:
Step 17, when the judged result is:When the file to be written need not be encrypted, by the file to be written Write request is sent to the file system of the underlying system of the filter Driver on FSD module, by the number of the file to be written According to stream write-in disk or network.
Wherein, the file I/O module in step 15 will add according to the FCB or FileObject of the file to be written The step of data flow write-in network of the file to be written after close, includes:
The data flow of the file to be written after encryption is sent to the server in the network so that the service The memory space that device writes the document data flow to be written after encryption on the server.
As shown in Fig. 2 methods described also includes:
Step 21, when application call Win32 API carry out reading file, read requests are sent to by Win32 API Filter Driver on FSD, the read requests carry the mark of file to be read, and the file identification to be read can be file ID Or file path;
Step 22, the filter Driver on FSD module according to the mark of the application program and the file to be read and Second prefabricated rule, whether be encrypted file, generate judged result if judging the file to be read;Second prefabricated rule can be with For:When some specified application programs, and when being judged as predetermined file type according to file ID to be written, then it is assumed that text to be read Part is encrypted.It can set according to actual needs.When the judged result is:The file to be read is encrypting traffic When, step 23 is performed, otherwise, step 27 is performed.
Step 23, when the judged result is:The file to be read is when having encrypted file, by the file to be read Read requests be redirected to micro- redirector MiniRDR drive modules;
Step 24, the MiniRDR drive modules create the file to be read according to the mark of the file to be read FCB or FileObject;
Step 25, file I/O module is according to the literary FCB or FileObject to be read, from hard disk or network site Read the data flow of the file to be read;
Step 26, deciphering module is according to the FCB or FileObject of the file to be read, by the described to be read of reading The data flow of file is decrypted;
Step 27, the MiniRDR drive modules return to the data flow of the file to be read after decryption described Application program.
In above-described embodiment, the present invention can automatically create the corresponding fcb/fileobject of ciphertext, simplify Windows The complexity of lower file system transparent encryption.
Optionally, methods described also includes:
Step 28, when the file to be read is no encryption file, the read requests of the file to be read are sent To the file system of the underlying system of the filter Driver on FSD module, to read the file to be read from disk or network Data flow.
Optionally, before step 23, methods described also includes:
Step 230, whether be trusted applications program, if YES, then perform next step if judging the application program.
The reading/writing method of I/O data of the present invention, is a kind of file-level transparent encryption side based on network or hard disk Method, available for legacy network and NAS etc..Using NFS, (NFS is commonly called as network with filter Driver on FSD The shared agreement CIFS of redirector, such as network-oriented connection), implementation process is simple and effective.
The drive module of a micro- redirector (MiniRDR) is provided in Windows operating system, the drive module can For realizing NFS, therefore the file access of network can be realized, local file access can also be realized.
The present invention realizes the machine using Windows Kernel Technologies, window networking redirector driving (MiniRdr) Or the other transparent encryption of file system level of network.
Due to file system cache presence, it is necessary to different fcb/fileobject correspondence same files plaintext and Two states of ciphertext, present invention, avoiding manual creation and realize fcb/fileobject functional bands come hard work and Drawback.The complexity that file system transparent is encrypted under Windows is simplified, the workload of implementation is simplified and provides preferably steady It is qualitative with it is compatible.
Specifically, system includes following module:
Micro- redirector (MiniRDR) drive module, second fcb/ of the ciphertext state for producing file fileobject;Namely receive, network redirection device (equivalent to micro- redirector MiniRDR drive modules), for realize with File server is interacted, reading and writing of files system data.File flow point is encryption stream and common data stream.Network redirection device, also Encryption and decryption is carried out before and after file for reading and writing server end after being ordered.
Virtual carry point module, in micro- redirector (MiniRdr), it can realize MiniRdr in kernel File directory be mounted to using in transparent system directory, the catalogue can be visible to user or sightless.The module During initialization, encryption menu carry that user is specified simultaneously creates volume/directory device node in kernel state, and the node is used to receive The instruction of filter Driver on FSD;The file transmission of the driving is ciphertext.For receiving and handling file, the read-write to file is entered Row encryption is decrypted.
Filter Driver on FSD module, is operated between application program and file system, for intercepting and changing user file Operation, the main purpose of the driving is that user is redirected into micro- redirector to the operation of cryptograph files.Filtering rule can be by User defines or developer's definition, and purpose is exactly to judge whether file needs encryption.That is, filter Driver on FSD module, For according to subscriber policy, for a file, it is encryption to some processes, is in plain text for trust process.For For trust process, read-write logic can be transmitted directly to server end;And for non-trusted process, filtration drive can be passed through Path is modified and special file path is constructed and is transmitted to network redirection device.Wherein, specific path can be Symbolic Links Or UNC paths (the general naming rules of Universal Naming Convention), for example:Srvname folder,\ Srvname folder etc..
Encrypting module, is mainly used in the encryption to file data.
File I/O module, is created when micro- redirector drives and initialized, (can also with local file for realizing It is network) read-write of system etc. accesses, can be that User space can also be kernel state, disk is written to eventually through file system Or network.
The process of file is created and opened in the present invention to be included:
Application call Win32 API carry out written document, and Win32 API send the requests to the file filter of the present invention Drive module;
Filter Driver on FSD module judges whether this file enters according to current application program and file and prefabricated rule Row encryption;
If do not encrypted, the file system of underlying system in itself is transmitted directly to, is operated unaffected;
If encrypting traffic, file access is redirected to micro- redirector of the present invention in this document filtering (MiniRDR) drive;MiniRDR drives the file according to request, performs and creates or opening operation, in this operation MiniRDR can create the FCB/FileObject of respective file, and this file is correspondence ciphertext.
As shown in figure 3, the written document process in the present invention includes:
Application call Win32 API written documents, the file filter that Win32 API send the requests to the present invention drives It is dynamic;
Filter Driver on FSD judges whether this file is added according to current application program and file and prefabricated rule It is close;
If do not encrypted, be transmitted directly to the file system of underlying system in itself, directly write to disk, operation not by Influence;
If encrypting traffic, file access is redirected to micro- redirector of the present invention in this document filtering (miniRDR) drive;
Redirector is driven through encrypting module and file data is encrypted, and content is write into API by file, performed Write-in;
Wherein, the API of file write-in can be that User space can also be kernel state, recall system file system driving and write Enter disk.
As shown in figure 4, reading file processes includes:
Application call Win32 API read file, and the file filter that Win32 API send the requests to the present invention drives It is dynamic;
Filter Driver on FSD judges whether this file is added according to current application program and file and prefabricated rule It is close;
If do not encrypted, be transmitted directly to the file system of underlying system in itself, directly from disk read, operation not by Influence;
If encrypting traffic, file access is redirected to micro- redirector of the present invention in this document filtering (MiniRDR) drive;
Micro- redirector (MiniRDR) driving can register IRP input output request bags, complete course (for performance), It is sent to file I/O module;File data directly can also be read by file I/O module, obtain after data, utilize deciphering module File data is decrypted.
Data after decryption are returned into upper layer application.
Wherein, it can be that User space can also be kernel state that file, which reads API, recall system file system driving write-in Disk.
As shown in figure 5, be a kind of read-write equipment of I/O data of the present invention, including:
Sending module 51, when application call Win32 API application programming interfaces carry out written document, Win32 Write request is sent to filter Driver on FSD module by API, and said write asks to carry the mark of file to be written, described to treat Write file is designated file ID or file path;
Filter Driver on FSD module 52, it is prefabricated according to the application program and the mark of the file to be written and first Rule, judges whether the file to be written needs encryption, generates judged result;
Redirection module 53, when the judged result is:When the file to be written needs encryption, by the text to be written The write request of part is redirected to micro- redirector MiniRDR drive modules;
MiniRDR drive modules 54, according to the mark of the file to be written, create the FCB texts of the file to be written Part control block or FileObject file objects;
Encrypting module 55, according to the FCB or FileObject of the file to be written, to the data of the file to be written Stream is encrypted;
File I/O module 56, will be described to be written after encryption according to the FCB or FileObject of the file to be written The data flow write-in disk or network of file.
Described device, in addition to:
Whether judge module 57, it is trusted applications program to judge the application program.
Described device, in addition to:
Sending module 58, when the judged result is:When the file to be written need not be encrypted, by the text to be written The write request of part is sent to the file system of the underlying system of the filter Driver on FSD module, by the file to be written Data flow write-in disk or network.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto, Any one skilled in the art the invention discloses technical scope in, the change or replacement that can be readily occurred in, It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims It is defined.

Claims (10)

1. a kind of reading/writing method of I/O data, it is characterised in that methods described includes:
When application call Win32API application programming interfaces carry out written document, Win32API sends write request Filter Driver on FSD module is given, said write asks to carry the mark of file to be written;
The filter Driver on FSD module is according to the application program and the mark of the file to be written and the first prefabricated rule Then, judge whether the file to be written needs encryption, generate judged result;
When the judged result is:When the file to be written needs encryption, the write request of the file to be written is reset To micro- redirector MiniRDR drive modules;
The MiniRDR drive modules create the FCB file controls of the file to be written according to the mark of the file to be written Clamp dog or FileObject file objects;
Encrypting module is according to the FCB or FileObject of the file to be written, the data flow progress to the file to be written Encryption;
File I/O module is according to the FCB or FileObject of the file to be written, by the file to be written after encryption Data flow writes disk or network.
2. according to the method described in claim 1, it is characterised in that the write request by the file to be written is redirected To before the step of micro- redirector MiniRDR drive modules, methods described also includes:
Whether judge the application program is trusted applications program;
If YES, then next step is performed.
3. according to the method described in claim 1, it is characterised in that methods described also includes:
When the judged result is:When the file to be written need not be encrypted, the write request of the file to be written is sent out The file system of the underlying system of the filter Driver on FSD module is given, the data flow of the file to be written is write into magnetic Disk or network.
4. according to the method described in claim 1, it is characterised in that the file I/O module is according to the file to be written FCB or FileObject, the step of data flow of the file to be written after encryption is write into network includes:
The data flow of the file to be written after encryption is sent to the server in the network so that the server will The memory space that the document data flow to be written after encryption is write on the server.
5. according to the method described in claim 1, it is characterised in that methods described also includes:
When application call Win32API carries out reading file, read requests are sent to filter Driver on FSD by Win32API, The read requests carry the mark of file to be read;
The filter Driver on FSD module is according to the application program and the mark of the file to be read and the second prefabricated rule Then, whether be encrypted file, generate judged result if judging the file to be read;
When the judged result is:The file to be read is when having encrypted file, by the read requests of the file to be read It is redirected to micro- redirector MiniRDR drive modules;
The MiniRDR drive modules according to the mark of the file to be read, create the file to be read FCB or FileObject;
File I/O module is treated according to the literary FCB or FileObject to be read from described in hard disk or network site reading Read the data flow of file;
Deciphering module is according to the FCB or FileObject of the file to be read, by the data of the file to be read of reading Stream is decrypted;
The data flow of the file to be read after decryption is returned to the application program by the MiniRDR drive modules.
6. method according to claim 5, it is characterised in that methods described also includes:
When the file to be read is no encryption file, the read requests of the file to be read are sent to the file mistake The file system of the underlying system of drive module is filtered, to read the data flow of the file to be read from disk or network.
7. method according to claim 5, it is characterised in that described to redirect the file redirection to be read to micro- Before the step of device MiniRDR drive modules, methods described also includes:
Whether be trusted applications program, if YES, then perform next step if judging the application program.
8. a kind of read-write equipment of I/O data, it is characterised in that including:
Sending module, when application call Win32API application programming interfaces carry out written document, Win32API will write Enter request and be sent to filter Driver on FSD module, said write asks to carry the mark of file to be written;
Filter Driver on FSD module, according to the application program and the mark and the first prefabricated rule of the file to be written, Judge whether the file to be written needs encryption, generate judged result;
Redirection module, when the judged result is:When the file to be written needs encryption, by writing for the file to be written Enter request and be redirected to micro- redirector MiniRDR drive modules;
MiniRDR drive modules, according to the mark of the file to be written, create the FCB document controls of the file to be written Block or FileObject file objects;
Encrypting module, according to the FCB or FileObject of the file to be written, the data flow to the file to be written is carried out Encryption;
File I/O module, according to the FCB or FileObject of the file to be written, by the file to be written after encryption Data flow writes disk or network.
9. device according to claim 8, it is characterised in that also include:
Whether judge module, it is trusted applications program to judge the application program.
10. device according to claim 8, it is characterised in that also include:
Sending module, when the judged result is:When the file to be written need not be encrypted, by writing for the file to be written Enter the file system that request is sent to the underlying system of the filter Driver on FSD module, by the data of the file to be written Stream write-in disk or network.
CN201710500826.8A 2017-06-27 2017-06-27 The reading/writing method and device of I/O data Pending CN107292196A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710500826.8A CN107292196A (en) 2017-06-27 2017-06-27 The reading/writing method and device of I/O data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710500826.8A CN107292196A (en) 2017-06-27 2017-06-27 The reading/writing method and device of I/O data

Publications (1)

Publication Number Publication Date
CN107292196A true CN107292196A (en) 2017-10-24

Family

ID=60098023

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710500826.8A Pending CN107292196A (en) 2017-06-27 2017-06-27 The reading/writing method and device of I/O data

Country Status (1)

Country Link
CN (1) CN107292196A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112733189A (en) * 2021-01-14 2021-04-30 浪潮云信息技术股份公司 System and method for realizing file storage server side encryption
CN113221171A (en) * 2021-05-21 2021-08-06 杭州弗兰科信息安全科技有限公司 Encrypted file reading and writing method and device, electronic equipment and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040111389A1 (en) * 2002-12-09 2004-06-10 Microsoft Corporation Managed file system filter model and architecture
CN102567670A (en) * 2011-12-28 2012-07-11 南京邮电大学 Filter drive encryption implementing method for file system
CN103077243A (en) * 2013-01-16 2013-05-01 北京数码视讯科技股份有限公司 Processing method and system for file system access
CN104123371A (en) * 2014-07-25 2014-10-29 上海交通大学 Transparent Windows kernel file filtering method based on hierarchical file system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040111389A1 (en) * 2002-12-09 2004-06-10 Microsoft Corporation Managed file system filter model and architecture
CN102567670A (en) * 2011-12-28 2012-07-11 南京邮电大学 Filter drive encryption implementing method for file system
CN103077243A (en) * 2013-01-16 2013-05-01 北京数码视讯科技股份有限公司 Processing method and system for file system access
CN104123371A (en) * 2014-07-25 2014-10-29 上海交通大学 Transparent Windows kernel file filtering method based on hierarchical file system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112733189A (en) * 2021-01-14 2021-04-30 浪潮云信息技术股份公司 System and method for realizing file storage server side encryption
CN113221171A (en) * 2021-05-21 2021-08-06 杭州弗兰科信息安全科技有限公司 Encrypted file reading and writing method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11159518B2 (en) Container independent secure file system for security application containers
US10708051B2 (en) Controlled access to data in a sandboxed environment
US9224002B2 (en) Method and apparatus for file encryption/decryption
US20140108755A1 (en) Mobile data loss prevention system and method using file system virtualization
CN100378689C (en) Enciphered protection and read write control method for computer data
US11755499B2 (en) Locally-stored remote block data integrity
US11848965B2 (en) Secure software defined storage
US20150026465A1 (en) Methods And Devices For Protecting Private Data
US20190238560A1 (en) Systems and methods to provide secure storage
CN103488954A (en) File encryption system
CN108229190B (en) Transparent encryption and decryption control method, device, program, storage medium and electronic equipment
CN113918999B (en) Method and device for establishing safe ferry channel, network disk and storage medium
US10028135B2 (en) Securing enterprise data on mobile devices
CN107292196A (en) The reading/writing method and device of I/O data
KR20130079004A (en) Mobile data loss prevention system and method for providing virtual security environment using file system virtualization on smart phone
CN104123371A (en) Transparent Windows kernel file filtering method based on hierarchical file system
JP2016522511A (en) Management apparatus and management method for file security for protecting system
US20150381353A1 (en) Pluggable cryptography
CN113656817A (en) Data encryption method
EP2827276B1 (en) Secure data processing
CN111753263A (en) Non-inductive encryption and decryption method based on macOS system
CN104580181A (en) Device and method for data encryption and encryption accelerator engine
CN104766018B (en) A kind of Mapinfo maps encipher-decipher method
US11178171B2 (en) Security mechanism for suspicious files
US20220309181A1 (en) Unstructured data access control

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20171024