CN107292196A - The reading/writing method and device of I/O data - Google Patents
The reading/writing method and device of I/O data Download PDFInfo
- Publication number
- CN107292196A CN107292196A CN201710500826.8A CN201710500826A CN107292196A CN 107292196 A CN107292196 A CN 107292196A CN 201710500826 A CN201710500826 A CN 201710500826A CN 107292196 A CN107292196 A CN 107292196A
- Authority
- CN
- China
- Prior art keywords
- file
- written
- read
- module
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiments of the invention provide a kind of reading/writing method of I/O data and device.The reading/writing method of the I/O data, including:When application call Win32 API application programming interfaces carry out written document, write request is sent to filter Driver on FSD module by Win32 API, and said write asks to carry the mark of file to be written;The filter Driver on FSD module judges whether the file to be written needs encryption according to the application program and the mark and the first prefabricated rule of the file to be written, generates judged result;When the judged result is:When file to be written needs encryption, the write request of the file to be written is redirected to micro- redirector MiniRDR drive modules;The MiniRDR drive modules create the FCB file control blocks or FileObject file objects of the file to be written according to the mark of the file to be written;The data flow of the file to be written is encrypted encrypting module;The data flow of the file to be written after encryption is write disk or network by file I/O module.
Description
Technical field
The present invention relates to the reading/writing method and device of computer field of storage, more particularly to a kind of I/O data.
Background technology
Transparent encryption technology is a kind of file ciphering technology that pin enterprise arises at the historic moment to the privacy requirements of industry file in recent years.
It is so-called transparent, refer to it is unknown for user.When user is opening or editing specified file, system will be automatic right
The file of unencryption is encrypted, and the file encrypted is decrypted automatically.File is ciphertext on hard disk, is bright in internal memory
Text.Once leaving use environment, it can not be opened due to the service that application program can not be decrypted automatically, so that protection of getting up
The effect of file content.
Traditional transparent encryption method is to use filter Driver on FSD technology, is encrypted when file is written into, and is read
When decrypt.However, the closure (not increasing income) due to Windows file system in itself, and in file system driver
The caching of portion's management is uncontrollable, so that having very maximum probability causes file corruption (the partial content encryption of file).
With technological progress, occur one kind on the market and be double-layered transparent encryption technologies, so-called double-
Layered refers to double layer encryption, and one layer is filter Driver on FSD, and one layer is oneself to realize a small files system in addition, by
Whether filtration drive encrypts according to formula area single cent part.Fcb/fileobject (file control block, or file of the file of encryption
Object) by oneself realize small files system creation, therefore identical file two states by different file system drivers
Realize, the above will not be caused due to file corruption problem caused by cache.But the shortcoming of the technology be also it is obvious just
It is to realize that the workload of a file system is huge (more than 5 man-years), and can not compatible all main flow Windows operations systems
System.That is, the realization of current file level transparent encryption is main, implementation is very cumbersome by the way of double medium filtration,
And producing problem a lot, reliability is relatively low.
The content of the invention
The embodiment provides a kind of reading/writing method of I/O data and device, the present invention can be simplified
The implementation complexity that file system transparent is encrypted under Windows.
To achieve these goals, this invention takes following technical scheme.
A kind of reading/writing method of I/O data, methods described includes:
When application call Win32 API application programming interfaces carry out written document, Win32 API will write please
Ask and be sent to filter Driver on FSD module, said write asks to carry the mark of file to be written;
The filter Driver on FSD module is pre- according to the application program and the mark of the file to be written and first
System rule, judges whether the file to be written needs encryption, generates judged result;
When the judged result is:When the file to be written needs encryption, by the write request of the file to be written
It is redirected to micro- redirector MiniRDR drive modules;
The MiniRDR drive modules create the FCB texts of the file to be written according to the mark of the file to be written
Part control block or FileObject file objects;
Encrypting module is according to the FCB or FileObject of the file to be written, to the data flow of the file to be written
It is encrypted;
File I/O module is according to the FCB or FileObject of the file to be written, by the text to be written after encryption
The data flow write-in disk or network of part.
A kind of read-write equipment of I/O data, including:
Sending module, when application call Win32 API application programming interfaces carry out written document, Win32
Write request is sent to filter Driver on FSD module by API, and said write asks to carry the mark of file to be written;
Filter Driver on FSD module, according to the application program and the mark of the file to be written and the first prefabricated rule
Then, judge whether the file to be written needs encryption, generate judged result;
Redirection module, when the judged result is:When the file to be written needs encryption, by the file to be written
Write request be redirected to micro- redirector MiniRDR drive modules;
MiniRDR drive modules, according to the mark of the file to be written, create the FCB files of the file to be written
Control block or FileObject file objects;
Encrypting module, according to the FCB or FileObject of the file to be written, to the data flow of the file to be written
It is encrypted;
File I/O module, according to the FCB or FileObject of the file to be written, by the text to be written after encryption
The data flow write-in disk or network of part.
It can be seen from the technical scheme provided by embodiments of the invention described above in the embodiment of the present invention, above-described embodiment
In, the present invention can automatically create the corresponding fcb/fileobject of ciphertext, simplify file system transparent under Windows and encrypt
Implementation complexity.
The additional aspect of the present invention and advantage will be set forth in part in the description, and these will become from the following description
Obtain substantially, or recognized by the practice of the present invention.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, being used required in being described below to embodiment
Accompanying drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the present invention, for this
For the those of ordinary skill of field, without having to pay creative labor, other can also be obtained according to these accompanying drawings
Accompanying drawing.
Fig. 1 is a kind of process chart of the reading/writing method of I/O data provided in an embodiment of the present invention;
Fig. 2 is a kind of follow-up processing flow figure of the reading/writing method of I/O data provided in an embodiment of the present invention;
Fig. 3 is the process chart of written document in application scenarios of the present invention;
Fig. 4 is the process chart of reading file in application scenarios of the present invention;
Fig. 5 is a kind of connection diagram of the read-write equipment of I/O data provided in an embodiment of the present invention.
Embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the drawings, wherein from beginning
Same or similar element or element with same or like function are represented to same or similar label eventually.Below by ginseng
The embodiment for examining accompanying drawing description is exemplary, is only used for explaining the present invention, and is not construed as limiting the claims.
As shown in figure 1, for a kind of reading/writing method of I/O data of the present invention, methods described includes:
Step 11, when application call Win32 API application programming interfaces carry out written document, Win32 API
Write request is sent to filter Driver on FSD module, said write asks to carry the mark of file to be written, described to be written
The mark for entering file can be file ID or file path, certainly, it will be understood by those skilled in the art that mark not limited to this.
Step 12, the filter Driver on FSD module according to the mark of the application program and the file to be written and
First prefabricated rule, judges whether the file to be written needs encryption, generates judged result;Wherein, the first prefabricated rule can
Think:When some specified application programs, and when judging file according to the ID of file to be written for predetermined file type, then treat
Write-in file is encrypted.It can set according to actual needs.First prefabricated rule and the second prefabricated rule can with identical or
It is different.When the judged result is:When the file to be written needs encryption, step 13 is performed;When the judged result is:Institute
When stating file to be written and need not encrypt, step 17 is performed;
Step 13, when the judged result is:When the file to be written needs encryption, by writing for the file to be written
Enter request and be redirected to micro- redirector MiniRDR drive modules;
Step 14, the MiniRDR drive modules create the file to be written according to the mark of the file to be written
FCB file control blocks or FileObject file objects;
Step 15, encrypting module is according to the FCB or FileObject of the file to be written, to the file to be written
Data flow is encrypted;
Step 16, file I/O module is according to the FCB or FileObject of the file to be written, will treat described in after encryption
Write the data flow write-in disk or network of file.
In above-described embodiment, the present invention can automatically create the corresponding fcb/fileobject of ciphertext, simplify Windows
The complexity of lower file system transparent encryption.
Before step 13, methods described also includes:
Step 130, whether judge the application program is trusted applications program;If YES, then step 13 is performed.
Optionally, methods described also includes:
Step 17, when the judged result is:When the file to be written need not be encrypted, by the file to be written
Write request is sent to the file system of the underlying system of the filter Driver on FSD module, by the number of the file to be written
According to stream write-in disk or network.
Wherein, the file I/O module in step 15 will add according to the FCB or FileObject of the file to be written
The step of data flow write-in network of the file to be written after close, includes:
The data flow of the file to be written after encryption is sent to the server in the network so that the service
The memory space that device writes the document data flow to be written after encryption on the server.
As shown in Fig. 2 methods described also includes:
Step 21, when application call Win32 API carry out reading file, read requests are sent to by Win32 API
Filter Driver on FSD, the read requests carry the mark of file to be read, and the file identification to be read can be file ID
Or file path;
Step 22, the filter Driver on FSD module according to the mark of the application program and the file to be read and
Second prefabricated rule, whether be encrypted file, generate judged result if judging the file to be read;Second prefabricated rule can be with
For:When some specified application programs, and when being judged as predetermined file type according to file ID to be written, then it is assumed that text to be read
Part is encrypted.It can set according to actual needs.When the judged result is:The file to be read is encrypting traffic
When, step 23 is performed, otherwise, step 27 is performed.
Step 23, when the judged result is:The file to be read is when having encrypted file, by the file to be read
Read requests be redirected to micro- redirector MiniRDR drive modules;
Step 24, the MiniRDR drive modules create the file to be read according to the mark of the file to be read
FCB or FileObject;
Step 25, file I/O module is according to the literary FCB or FileObject to be read, from hard disk or network site
Read the data flow of the file to be read;
Step 26, deciphering module is according to the FCB or FileObject of the file to be read, by the described to be read of reading
The data flow of file is decrypted;
Step 27, the MiniRDR drive modules return to the data flow of the file to be read after decryption described
Application program.
In above-described embodiment, the present invention can automatically create the corresponding fcb/fileobject of ciphertext, simplify Windows
The complexity of lower file system transparent encryption.
Optionally, methods described also includes:
Step 28, when the file to be read is no encryption file, the read requests of the file to be read are sent
To the file system of the underlying system of the filter Driver on FSD module, to read the file to be read from disk or network
Data flow.
Optionally, before step 23, methods described also includes:
Step 230, whether be trusted applications program, if YES, then perform next step if judging the application program.
The reading/writing method of I/O data of the present invention, is a kind of file-level transparent encryption side based on network or hard disk
Method, available for legacy network and NAS etc..Using NFS, (NFS is commonly called as network with filter Driver on FSD
The shared agreement CIFS of redirector, such as network-oriented connection), implementation process is simple and effective.
The drive module of a micro- redirector (MiniRDR) is provided in Windows operating system, the drive module can
For realizing NFS, therefore the file access of network can be realized, local file access can also be realized.
The present invention realizes the machine using Windows Kernel Technologies, window networking redirector driving (MiniRdr)
Or the other transparent encryption of file system level of network.
Due to file system cache presence, it is necessary to different fcb/fileobject correspondence same files plaintext and
Two states of ciphertext, present invention, avoiding manual creation and realize fcb/fileobject functional bands come hard work and
Drawback.The complexity that file system transparent is encrypted under Windows is simplified, the workload of implementation is simplified and provides preferably steady
It is qualitative with it is compatible.
Specifically, system includes following module:
Micro- redirector (MiniRDR) drive module, second fcb/ of the ciphertext state for producing file
fileobject;Namely receive, network redirection device (equivalent to micro- redirector MiniRDR drive modules), for realize with
File server is interacted, reading and writing of files system data.File flow point is encryption stream and common data stream.Network redirection device, also
Encryption and decryption is carried out before and after file for reading and writing server end after being ordered.
Virtual carry point module, in micro- redirector (MiniRdr), it can realize MiniRdr in kernel
File directory be mounted to using in transparent system directory, the catalogue can be visible to user or sightless.The module
During initialization, encryption menu carry that user is specified simultaneously creates volume/directory device node in kernel state, and the node is used to receive
The instruction of filter Driver on FSD;The file transmission of the driving is ciphertext.For receiving and handling file, the read-write to file is entered
Row encryption is decrypted.
Filter Driver on FSD module, is operated between application program and file system, for intercepting and changing user file
Operation, the main purpose of the driving is that user is redirected into micro- redirector to the operation of cryptograph files.Filtering rule can be by
User defines or developer's definition, and purpose is exactly to judge whether file needs encryption.That is, filter Driver on FSD module,
For according to subscriber policy, for a file, it is encryption to some processes, is in plain text for trust process.For
For trust process, read-write logic can be transmitted directly to server end;And for non-trusted process, filtration drive can be passed through
Path is modified and special file path is constructed and is transmitted to network redirection device.Wherein, specific path can be Symbolic Links
Or UNC paths (the general naming rules of Universal Naming Convention), for example:Srvname folder,\
Srvname folder etc..
Encrypting module, is mainly used in the encryption to file data.
File I/O module, is created when micro- redirector drives and initialized, (can also with local file for realizing
It is network) read-write of system etc. accesses, can be that User space can also be kernel state, disk is written to eventually through file system
Or network.
The process of file is created and opened in the present invention to be included:
Application call Win32 API carry out written document, and Win32 API send the requests to the file filter of the present invention
Drive module;
Filter Driver on FSD module judges whether this file enters according to current application program and file and prefabricated rule
Row encryption;
If do not encrypted, the file system of underlying system in itself is transmitted directly to, is operated unaffected;
If encrypting traffic, file access is redirected to micro- redirector of the present invention in this document filtering
(MiniRDR) drive;MiniRDR drives the file according to request, performs and creates or opening operation, in this operation
MiniRDR can create the FCB/FileObject of respective file, and this file is correspondence ciphertext.
As shown in figure 3, the written document process in the present invention includes:
Application call Win32 API written documents, the file filter that Win32 API send the requests to the present invention drives
It is dynamic;
Filter Driver on FSD judges whether this file is added according to current application program and file and prefabricated rule
It is close;
If do not encrypted, be transmitted directly to the file system of underlying system in itself, directly write to disk, operation not by
Influence;
If encrypting traffic, file access is redirected to micro- redirector of the present invention in this document filtering
(miniRDR) drive;
Redirector is driven through encrypting module and file data is encrypted, and content is write into API by file, performed
Write-in;
Wherein, the API of file write-in can be that User space can also be kernel state, recall system file system driving and write
Enter disk.
As shown in figure 4, reading file processes includes:
Application call Win32 API read file, and the file filter that Win32 API send the requests to the present invention drives
It is dynamic;
Filter Driver on FSD judges whether this file is added according to current application program and file and prefabricated rule
It is close;
If do not encrypted, be transmitted directly to the file system of underlying system in itself, directly from disk read, operation not by
Influence;
If encrypting traffic, file access is redirected to micro- redirector of the present invention in this document filtering
(MiniRDR) drive;
Micro- redirector (MiniRDR) driving can register IRP input output request bags, complete course (for performance),
It is sent to file I/O module;File data directly can also be read by file I/O module, obtain after data, utilize deciphering module
File data is decrypted.
Data after decryption are returned into upper layer application.
Wherein, it can be that User space can also be kernel state that file, which reads API, recall system file system driving write-in
Disk.
As shown in figure 5, be a kind of read-write equipment of I/O data of the present invention, including:
Sending module 51, when application call Win32 API application programming interfaces carry out written document, Win32
Write request is sent to filter Driver on FSD module by API, and said write asks to carry the mark of file to be written, described to treat
Write file is designated file ID or file path;
Filter Driver on FSD module 52, it is prefabricated according to the application program and the mark of the file to be written and first
Rule, judges whether the file to be written needs encryption, generates judged result;
Redirection module 53, when the judged result is:When the file to be written needs encryption, by the text to be written
The write request of part is redirected to micro- redirector MiniRDR drive modules;
MiniRDR drive modules 54, according to the mark of the file to be written, create the FCB texts of the file to be written
Part control block or FileObject file objects;
Encrypting module 55, according to the FCB or FileObject of the file to be written, to the data of the file to be written
Stream is encrypted;
File I/O module 56, will be described to be written after encryption according to the FCB or FileObject of the file to be written
The data flow write-in disk or network of file.
Described device, in addition to:
Whether judge module 57, it is trusted applications program to judge the application program.
Described device, in addition to:
Sending module 58, when the judged result is:When the file to be written need not be encrypted, by the text to be written
The write request of part is sent to the file system of the underlying system of the filter Driver on FSD module, by the file to be written
Data flow write-in disk or network.
The foregoing is only a preferred embodiment of the present invention, but protection scope of the present invention be not limited thereto,
Any one skilled in the art the invention discloses technical scope in, the change or replacement that can be readily occurred in,
It should all be included within the scope of the present invention.Therefore, protection scope of the present invention should be with scope of the claims
It is defined.
Claims (10)
1. a kind of reading/writing method of I/O data, it is characterised in that methods described includes:
When application call Win32API application programming interfaces carry out written document, Win32API sends write request
Filter Driver on FSD module is given, said write asks to carry the mark of file to be written;
The filter Driver on FSD module is according to the application program and the mark of the file to be written and the first prefabricated rule
Then, judge whether the file to be written needs encryption, generate judged result;
When the judged result is:When the file to be written needs encryption, the write request of the file to be written is reset
To micro- redirector MiniRDR drive modules;
The MiniRDR drive modules create the FCB file controls of the file to be written according to the mark of the file to be written
Clamp dog or FileObject file objects;
Encrypting module is according to the FCB or FileObject of the file to be written, the data flow progress to the file to be written
Encryption;
File I/O module is according to the FCB or FileObject of the file to be written, by the file to be written after encryption
Data flow writes disk or network.
2. according to the method described in claim 1, it is characterised in that the write request by the file to be written is redirected
To before the step of micro- redirector MiniRDR drive modules, methods described also includes:
Whether judge the application program is trusted applications program;
If YES, then next step is performed.
3. according to the method described in claim 1, it is characterised in that methods described also includes:
When the judged result is:When the file to be written need not be encrypted, the write request of the file to be written is sent out
The file system of the underlying system of the filter Driver on FSD module is given, the data flow of the file to be written is write into magnetic
Disk or network.
4. according to the method described in claim 1, it is characterised in that the file I/O module is according to the file to be written
FCB or FileObject, the step of data flow of the file to be written after encryption is write into network includes:
The data flow of the file to be written after encryption is sent to the server in the network so that the server will
The memory space that the document data flow to be written after encryption is write on the server.
5. according to the method described in claim 1, it is characterised in that methods described also includes:
When application call Win32API carries out reading file, read requests are sent to filter Driver on FSD by Win32API,
The read requests carry the mark of file to be read;
The filter Driver on FSD module is according to the application program and the mark of the file to be read and the second prefabricated rule
Then, whether be encrypted file, generate judged result if judging the file to be read;
When the judged result is:The file to be read is when having encrypted file, by the read requests of the file to be read
It is redirected to micro- redirector MiniRDR drive modules;
The MiniRDR drive modules according to the mark of the file to be read, create the file to be read FCB or
FileObject;
File I/O module is treated according to the literary FCB or FileObject to be read from described in hard disk or network site reading
Read the data flow of file;
Deciphering module is according to the FCB or FileObject of the file to be read, by the data of the file to be read of reading
Stream is decrypted;
The data flow of the file to be read after decryption is returned to the application program by the MiniRDR drive modules.
6. method according to claim 5, it is characterised in that methods described also includes:
When the file to be read is no encryption file, the read requests of the file to be read are sent to the file mistake
The file system of the underlying system of drive module is filtered, to read the data flow of the file to be read from disk or network.
7. method according to claim 5, it is characterised in that described to redirect the file redirection to be read to micro-
Before the step of device MiniRDR drive modules, methods described also includes:
Whether be trusted applications program, if YES, then perform next step if judging the application program.
8. a kind of read-write equipment of I/O data, it is characterised in that including:
Sending module, when application call Win32API application programming interfaces carry out written document, Win32API will write
Enter request and be sent to filter Driver on FSD module, said write asks to carry the mark of file to be written;
Filter Driver on FSD module, according to the application program and the mark and the first prefabricated rule of the file to be written,
Judge whether the file to be written needs encryption, generate judged result;
Redirection module, when the judged result is:When the file to be written needs encryption, by writing for the file to be written
Enter request and be redirected to micro- redirector MiniRDR drive modules;
MiniRDR drive modules, according to the mark of the file to be written, create the FCB document controls of the file to be written
Block or FileObject file objects;
Encrypting module, according to the FCB or FileObject of the file to be written, the data flow to the file to be written is carried out
Encryption;
File I/O module, according to the FCB or FileObject of the file to be written, by the file to be written after encryption
Data flow writes disk or network.
9. device according to claim 8, it is characterised in that also include:
Whether judge module, it is trusted applications program to judge the application program.
10. device according to claim 8, it is characterised in that also include:
Sending module, when the judged result is:When the file to be written need not be encrypted, by writing for the file to be written
Enter the file system that request is sent to the underlying system of the filter Driver on FSD module, by the data of the file to be written
Stream write-in disk or network.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710500826.8A CN107292196A (en) | 2017-06-27 | 2017-06-27 | The reading/writing method and device of I/O data |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710500826.8A CN107292196A (en) | 2017-06-27 | 2017-06-27 | The reading/writing method and device of I/O data |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107292196A true CN107292196A (en) | 2017-10-24 |
Family
ID=60098023
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710500826.8A Pending CN107292196A (en) | 2017-06-27 | 2017-06-27 | The reading/writing method and device of I/O data |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107292196A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112733189A (en) * | 2021-01-14 | 2021-04-30 | 浪潮云信息技术股份公司 | System and method for realizing file storage server side encryption |
CN113221171A (en) * | 2021-05-21 | 2021-08-06 | 杭州弗兰科信息安全科技有限公司 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040111389A1 (en) * | 2002-12-09 | 2004-06-10 | Microsoft Corporation | Managed file system filter model and architecture |
CN102567670A (en) * | 2011-12-28 | 2012-07-11 | 南京邮电大学 | Filter drive encryption implementing method for file system |
CN103077243A (en) * | 2013-01-16 | 2013-05-01 | 北京数码视讯科技股份有限公司 | Processing method and system for file system access |
CN104123371A (en) * | 2014-07-25 | 2014-10-29 | 上海交通大学 | Transparent Windows kernel file filtering method based on hierarchical file system |
-
2017
- 2017-06-27 CN CN201710500826.8A patent/CN107292196A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040111389A1 (en) * | 2002-12-09 | 2004-06-10 | Microsoft Corporation | Managed file system filter model and architecture |
CN102567670A (en) * | 2011-12-28 | 2012-07-11 | 南京邮电大学 | Filter drive encryption implementing method for file system |
CN103077243A (en) * | 2013-01-16 | 2013-05-01 | 北京数码视讯科技股份有限公司 | Processing method and system for file system access |
CN104123371A (en) * | 2014-07-25 | 2014-10-29 | 上海交通大学 | Transparent Windows kernel file filtering method based on hierarchical file system |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112733189A (en) * | 2021-01-14 | 2021-04-30 | 浪潮云信息技术股份公司 | System and method for realizing file storage server side encryption |
CN113221171A (en) * | 2021-05-21 | 2021-08-06 | 杭州弗兰科信息安全科技有限公司 | Encrypted file reading and writing method and device, electronic equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11159518B2 (en) | Container independent secure file system for security application containers | |
US10708051B2 (en) | Controlled access to data in a sandboxed environment | |
US9224002B2 (en) | Method and apparatus for file encryption/decryption | |
US20140108755A1 (en) | Mobile data loss prevention system and method using file system virtualization | |
CN100378689C (en) | Enciphered protection and read write control method for computer data | |
US11755499B2 (en) | Locally-stored remote block data integrity | |
US11848965B2 (en) | Secure software defined storage | |
US20150026465A1 (en) | Methods And Devices For Protecting Private Data | |
US20190238560A1 (en) | Systems and methods to provide secure storage | |
CN103488954A (en) | File encryption system | |
CN108229190B (en) | Transparent encryption and decryption control method, device, program, storage medium and electronic equipment | |
CN113918999B (en) | Method and device for establishing safe ferry channel, network disk and storage medium | |
US10028135B2 (en) | Securing enterprise data on mobile devices | |
CN107292196A (en) | The reading/writing method and device of I/O data | |
KR20130079004A (en) | Mobile data loss prevention system and method for providing virtual security environment using file system virtualization on smart phone | |
CN104123371A (en) | Transparent Windows kernel file filtering method based on hierarchical file system | |
JP2016522511A (en) | Management apparatus and management method for file security for protecting system | |
US20150381353A1 (en) | Pluggable cryptography | |
CN113656817A (en) | Data encryption method | |
EP2827276B1 (en) | Secure data processing | |
CN111753263A (en) | Non-inductive encryption and decryption method based on macOS system | |
CN104580181A (en) | Device and method for data encryption and encryption accelerator engine | |
CN104766018B (en) | A kind of Mapinfo maps encipher-decipher method | |
US11178171B2 (en) | Security mechanism for suspicious files | |
US20220309181A1 (en) | Unstructured data access control |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171024 |