CN108763401A - A kind of reading/writing method and equipment of file - Google Patents

A kind of reading/writing method and equipment of file Download PDF

Info

Publication number
CN108763401A
CN108763401A CN201810496735.6A CN201810496735A CN108763401A CN 108763401 A CN108763401 A CN 108763401A CN 201810496735 A CN201810496735 A CN 201810496735A CN 108763401 A CN108763401 A CN 108763401A
Authority
CN
China
Prior art keywords
file
read
write
file destination
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810496735.6A
Other languages
Chinese (zh)
Inventor
王义文
王健宗
肖京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN201810496735.6A priority Critical patent/CN108763401A/en
Priority to PCT/CN2018/097310 priority patent/WO2019223098A1/en
Publication of CN108763401A publication Critical patent/CN108763401A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Abstract

The present invention is suitable for technical field of information processing, provides a kind of reading/writing method and equipment of file, including:The read-write requests of file destination are received, and read-write requests are converted into the readable general read write command of IO management interfaces;General read write command is imported into IO management interfaces, creates the buffer zone for exporting file destination;The file identification is extracted from general read write command by IO management interfaces, and target cipher key is inquired from cipher key store;File destination is obtained based on file identification, and file destination is directed into buffer zone;File destination is decrypted by target cipher key, and read-write operation is executed to the file destination after decryption.In the present invention, the decryption oprerations of file destination be for a user it is transparent, user initiate read-write operation when, it is identical as the operation without encrypted file, read-write requests only need to be initiated, the extraction of target cipher key and the documentary read-write equipment of the decryption of file are automatically performed.

Description

A kind of reading/writing method and equipment of file
Technical field
The invention belongs to technical field of information processing more particularly to the reading/writing methods and equipment of a kind of file.
Background technology
Competition between enterprise can be regarded as the competition in core technology, therefore enterprise can make the core technology of itself It is preserved for classified papers, thus how protection is encrypted to classified papers, prevented classified papers from leaking, then directly affect Enterprise competitiveness in the market.Existing file encrypting method, usually user or company create a common password, It is encrypted with all classified papers in a pair of enterprise, but user is required to be manually entered when carrying out file read-write every time, To reduce efficiency of the user to file read-write operations, confidentiality and the convenience of read-write operation can not be taken into account simultaneously.
Invention content
In view of this, an embodiment of the present invention provides a kind of reading/writing method of file and equipment, to solve existing file Reading/writing method, the problem of convenience of confidentiality and read-write operation can not be taken into account simultaneously.
The first aspect of the embodiment of the present invention provides a kind of reading/writing method of file, including:
The read-write requests of file destination are received, and it is readable that the read-write requests are converted to input/output IO management interfaces General read write command;The general read write command includes the file identification of the file destination;
The general read write command is imported into the IO management interfaces, creates the buffer area for exporting the file destination Domain;
It calls the IO management interfaces to extract the file identification from the general read write command, and is looked into from cipher key store Ask the corresponding target cipher key of the file identification;
The file destination is obtained based on the file identification, and the file destination is directed into the buffer zone It is interior;
The file destination is decrypted by the target cipher key, and the reading is executed to the file destination after decryption The corresponding read-write operation of write request.
The second aspect of the embodiment of the present invention provides a kind of read-write equipment of file, including memory, processor and It is stored in the computer program that can be run in the memory and on the processor, the processor executes the computer Each step of first aspect is realized when program.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage Media storage has computer program, and each step of first aspect is realized when the computer program is executed by processor.
The reading/writing method and terminal device for implementing a kind of file provided in an embodiment of the present invention have the advantages that:
The embodiment of the present invention, can be by IO management interfaces in cache module by after receiving the read-write requests of user A buffer zone for output, and the file based on the file destination are created for the required file destination for being written and read operation Mark obtains the corresponding encryption key of this document mark from cipher key store, and file destination is imported into buffer zone, is caching Operation is decrypted to file destination in region, then user can be written and read operation to the file destination after decryption, right In the case that protection is encrypted in file destination, user improves the operating efficiency of user without clear crytpographic key is manually entered. Compared with the reading/writing method of existing file, the decryption oprerations of file destination are transparent for a user, and user initiates to read It is identical as the operation without encrypted file when write operation, only it need to initiate read-write requests, the extraction of target cipher key and file The documentary read-write equipment of decryption be automatically performed.On the other hand, it is transparent, target cipher key to user due to decryption oprerations Even user can not also be known, can not be also decrypted even if file destination is stolen, further improve file destination Confidentiality reduces the risk of outflow of document.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these Attached drawing obtains other attached drawings.
Fig. 1 is a kind of implementation flow chart of the reading/writing method for file that first embodiment of the invention provides;
Fig. 2 is a kind of reading/writing method S105 specific implementation flow charts for file that second embodiment of the invention provides;
Fig. 3 is a kind of reading/writing method specific implementation flow chart for file that third embodiment of the invention provides;
Fig. 4 is a kind of reading/writing method specific implementation flow chart for file that fourth embodiment of the invention provides;
Fig. 5 is a kind of specific implementation flow chart of the reading/writing method for file that fourth embodiment of the invention provides;
Fig. 6 is a kind of structure diagram of the read-write equipment for file that one embodiment of the invention provides;
Fig. 7 is a kind of schematic diagram of the read-write equipment for file that another embodiment of the present invention provides.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and It is not used in the restriction present invention.
The embodiment of the present invention, can be by IO management interfaces in cache module by after receiving the read-write requests of user A buffer zone for output, and the file based on the file destination are created for the required file destination for being written and read operation Mark obtains the corresponding encryption key of this document mark from cipher key store, and file destination is imported into buffer zone, is caching Operation is decrypted to file destination in region, then user can be written and read operation to the file destination after decryption, right In the case that protection is encrypted in file destination, user improves the operating efficiency of user without clear crytpographic key is manually entered, It solves the reading/writing method for solving existing file, the confidentiality of file and the convenience of read-write operation can not be taken into account simultaneously Problem.
In embodiments of the present invention, the executive agent of flow is the read-write equipment of file.The read-write equipment of this document includes But it is not limited to:Laptop, computer, server, tablet computer and smart mobile phone etc. have documentary read-write capability Equipment.Fig. 1 shows the implementation flow chart of the reading/writing method for the file that first embodiment of the invention provides, and details are as follows:
In S101, the read-write requests of file destination are received, and the read-write requests are converted into input/output IO management The readable general read write command of interface;The general read write command includes the file identification of the file destination.
In the present embodiment, in order to realize that encryption and decryption operation is transparent purpose to user, application program can not directly from Required file destination is obtained in memory module, but need by input/output (Input/Output, IO) management interface from Corresponding file is extracted in memory module, after then being exported the file after decryption, could execute read-write operation;Apply It is that there are data interactions to be isolated between program and memory module, needs that interaction could be completed after being converted by IO management interfaces Operation.Thus, when the read-write requests that each application program is initiated, the read-write equipment of file can be converted to read-write requests IO management The readable general read write command of interface, to be written and read the target of operation required for will pass through after the output decryption of IO management interfaces File.
In the present embodiment, read-write requests are converted into general read write command in addition to the transparent of encryption and decryption operation may be implemented It is outside the pale of civilization, additionally it is possible to realize and carry out telefile read-write operation between the read-write equipment of different files in file read-write system.? In this document read-write system, the read-write equipment of All Files is all made of the IO management interfaces of unified standard, i.e., general read write command It is applicable in the read-write equipment of each file.If when the read-write equipment A of a certain user's operation file, needing the reading for accessing file The file stored in write device B can also generate read-write requests, and pass through based on the file identification of the file of the required access IO management interfaces in the read-write equipment A of file are converted to general read write command, and by the LAN in system that this is general Read write command is sent to the read-write equipment B of file, since general read write command is general in the read-write equipment of All Files, because The IO management interfaces of the read-write equipment B of this file are general can to identify the general read write command, obtain corresponding file destination hair The read-write equipment A of file is given, and executes the relevant operation of S102 to S105, responds the read-write requests of user.Optionally, target File may be stored in cloud server, which also is provided with IO management interfaces, with reference to above-mentioned different files The read-write equipment of interactive process between read-write equipment, file can also be fetched by general read write command from cloud server File destination.
In the present embodiment, it is had a certain difference between the read-write requests that different application programs is generated, therefore In order to improve the treatment effeciency of IO management interfaces, read-write equipment can be based on general read write command template, be extracted from read-write requests Required parameter information is imported into the general read write command template, and generates the corresponding general read write command of the read-write requests, And in order to which file destination is accurately positioned, which can include the file identification of file destination.
In S102, the general read write command is imported into the IO management interfaces, is created for exporting the target text The buffer zone of part.
In the present embodiment, which can then imported by read-write equipment after generating general read write command IO management interfaces, the startup file of IO management interfaces meeting at this time reads and writes flow, and creates a buffer area to export the file destination File destination can be imported into the buffer zone by domain by the buffer zone, then carry out encryption and decryption operation, and then solution File destination after close is exported executes read-write operation to corresponding application program.
Optionally, in the present embodiment, IO management interfaces can extract the general read-write after receiving general read write command The file identification for including in instruction, and the mapping table based on file identification and buffer zone, inquiry whether there is this document Identify corresponding buffer zone, and if it exists, then directly invoke this document and identify corresponding buffer zone, no longer need to be delayed Deposit region establishment.Since partial target file may be by multiple application calls, in the IO read-writes of response other applications It when request, has created this document and has identified corresponding buffer zone, wasted cache resources in order to avoid repeating to create, read and write Equipment can also export the file destination using the buffer zone that this has been created.
Optionally, in the present embodiment, in general read-write requests also include file type.IO management interfaces are creating mesh Before the buffer zone for marking file, the data volume of file destination can be predicted based on file type, and the data volume based on prediction creates Corresponding buffer zone, so that the data volume of buffer zone and file destination matches.
In S103, the IO management interfaces is called to extract the file identification from the general read write command, and from The corresponding target cipher key of the file identification is inquired in cipher key store.
In the present embodiment, buffer zone used in output file has been divided in cache module by IO management interfaces Afterwards, this document mark can be extracted from general read write command, and the corresponding target of this document mark is obtained from cipher key store Key.Specifically, it is stored with the key of each file for needing that operation is encrypted in cipher key store, and establishes key and files-designated Correspondence between knowledge, therefore, IO management interfaces, can be with bases after the file identification for including in being extracted general read requests Corresponding key is inquired as target cipher key, will pass through the target cipher key to target in cipher key store in this document mark Operation is decrypted in file.
Optionally, in the present embodiment, the corresponding key of institute's encrypted file in need can be identical, and the key can be with The preset period is updated, and operation can be decrypted by not newer key pair All Files in IO management interfaces, decrypted Cheng Hou, IO management interface can be based on preset key schedule, determine the key corresponding to next period, and by update after Key All Files are encrypted and are stored again again.In this case, the corresponding key of All Files mark is For the effective key of current period.
Optionally, IO management interfaces are after being extracted file identification, can be based on this document mark location file destination, and Detect whether the file destination includes encrypted identifier.The read-write equipment of file can distinguish machine by adding encrypted identifier Ciphertext part and ordinary file.Therefore, if file destination includes encrypted identifier, the file is inquired in execution from cipher key store Identify the operation of corresponding target cipher key;If conversely, the file destination does not include encrypted identifier, directly from the target is literary Part imported into buffer zone, and exports and execute read-write operation to application program.
In S104, the file destination is obtained based on the file identification, and the file destination is directed into described In buffer zone.
In the present embodiment, read-write equipment obtains the text of file destination in S103 by calling IO management interfaces Part identifies, therefore the operation of file extraction can be executed by an other thread while inquiring corresponding target cipher key. Specifically, read-write equipment inquires the corresponding file destination of this document mark, this document based on file identification from storage unit Mark can be the store path of filename or file, if this document is identified as the filename of file destination, by storage unit In the filename of each file matched with file identification, extract the file of successful match as file destination.If this document It is identified as the store path of file destination, then read-write equipment can position file destination in the memory unit by the store path Position, and extract the file stored in the store path as file destination.
In the present embodiment, since read-write equipment is after obtaining file destination, which is by encryption , therefore can not directly export and execute read-write operation, in this case, in order to which behaviour is decrypted to the file destination Make, read-write equipment can imported into file destination in the buffer zone created in above-mentioned steps, due to buffer zone and application layer Between carry out data interaction and still need by IO management interfaces, therefore file destination is decrypted still in buffer zone It can ensure that the content of file destination is not stolen, improve the confidentiality of file.
In S105, the file destination is decrypted by the target cipher key, and to the file destination after decryption Execute the corresponding read-write operation of the read-write requests.
In the present embodiment, read-write equipment is decrypted file destination by target cipher key, the target after output decryption File, and the read-write requests sent based on application program execute corresponding read-write operation to the file destination after the decryption.Example Such as, if user needs to check that file destination, IO management interfaces, can be by the mesh after decryption after the file destination after obtaining decryption Mark file is directly output to the corresponding serial ports of display module, to export file destination to user by display module;It is looked into user It during seeing file destination, needs to modify to the data in file, a number can be initiated in corresponding application program According to edit instruction, data edition instruction can be converted to general read write command by read-write equipment first, and is imported into IO management and connect Mouthful, and corresponding edit operation is executed to the file destination after decryption, to change output to the output signal of display module, use Family may also reach real time inspection and be changed to file content, it can be seen that, all read-write operations are required to call IO management interfaces It is responded, is leaked so as to be effectively prevented file destination data, and whole operation process is for the angle of user, It is no different with conventional read-write operation, additional operation is carried out without user, has taken into account confidentiality and simple operation.
Above as can be seen that a kind of reading/writing method of file provided in an embodiment of the present invention passes through in the reading for receiving user Can be that the required file destination establishment one for being written and read operation is used in cache module by IO management interfaces after write request The buffer zone of output, and the file identification based on the file destination obtain the corresponding encryption of this document mark from cipher key store Key, and file destination is imported into buffer zone, operation is decrypted to file destination in buffer zone, then user can To be written and read operation to the file destination after decryption, in the case where protection is encrypted to file destination, user without It is manually entered clear crytpographic key, improves the operating efficiency of user.Compared with the reading/writing method of existing file, the solution of file destination It is close operation be for a user it is transparent, user initiate read-write operation when, it is identical as the operation without encrypted file, only need to send out Read-write requests are played, the extraction of target cipher key and the documentary read-write equipment of the decryption of file are automatically performed.Another party Face, since decryption oprerations are transparent to user, target cipher key even user can not also be known, even if file destination is stolen Also it can not be decrypted, further improve the confidentiality of file destination, reduce the risk of outflow of document.
Fig. 2 shows the specific implementation flows of the reading/writing method S105 of file of second embodiment of the invention offer a kind of Figure.It is shown in Figure 2, state embodiment relative to Fig. 1, S105 includes in a kind of reading/writing method of file provided in this embodiment S1051 and S1052, specific details are as follows:
In S1051, it is based on preset Secret splitting algorithm, the target cipher key is divided into N number of sub-key, and according to Each sub-key determines the decryption order of each sub-key in the position of the target cipher key;The N be more than or Positive integer equal to 2.
In the present embodiment, it is specially to recycle encryption method to the method that file destination is encrypted, i.e., by multiple close File destination is encrypted in key cycle, so as to improve the confidentiality of file destination.Correspondingly, it is encrypted by Multiple Cycle The file that method is encrypted, when operation is decrypted, it is also desirable to multiple keys are utilized, file destination is decrypted successively, Successfully file destination could be decrypted.It is close based on multiple sons to read equipment i.e. in the present embodiment and acquire target cipher key What key integrated, it is therefore desirable to by preset key partitioning algorithm, which be split, be divided into N number of son Key.
In the present embodiment, preset Secret splitting algorithm can be based on preset spliting node, by target cipher key point It is segmented into multiple segment data, per segment data as a sub-key.For example, reading equipment with every 4 bytes as a spliting node, incite somebody to action One data volume is that the target cipher key of 64 bytes is divided into the data in 16 sections, and the data for including in each section are as one Sub-key, to obtain 16 sub-keys.It is, of course, also possible to target cipher key is split by other partitioning algorithms, it will be close Each character in key is imported successively in N number of queue, after the completion of importing, character that each queue is included then as segmentation after Sub-key, the serial number of queue are then the number of the sub-key.
In the present embodiment, due to being encrypted based on fixed secondary ordered pair file destination in cycle Encryption Algorithm, When therefore executing decryption oprerations, it is also desirable to based on the file destination decryption of certain decryption time ordered pair, in the present embodiment, decryption time Sequence is related to position of the sub-key in target cipher key, can determine that each height is close based on the precedence in target cipher key The decryption order of key, i.e. position of the sub-key in key is more forward, and corresponding decryption order is also corresponding forward.
It should be noted that since cryptographic operation and decryption oprerations are common same target cipher keys, to target When the operation that file is encrypted, it can be equally based on Secret splitting algorithm, N number of sub-key is divided into target cipher key, and be based on The backward of each sub-key, is decrypted file destination, and realization is mutually matched with decryption oprerations.
In S1052, it is based on the decryption order, each sub-key is passed sequentially through and file destination execution is followed Ring decryption oprerations, will be by the file destination of n times cycle decryption as the file destination after the decryption;The circulant solution Close operation includes:It shifts recovery operation and/or substitutes character filter operation.
In the present embodiment, read-write equipment can be minimum by the numerical value of decryption order based on the decryption order of each sub-key Sub-key start that file destination is decrypted, after successful decryption, output first decryption file, and passing through decrypt order Numerical value be 2 sub-key pair first decrypt file and be decrypted, after successful decryption, output third decrypts file, successively class It pushes away, after n-th sub-key pair N-1 decryption files are decrypted, output N decrypts file, and is identified as after decrypting File destination.
It should be noted that cycle decryption oprerations include displacement recovery operation and/or replacement character filter operation.Displacement is multiple Origin operation is specially:Due to during file destination is encrypted by sub-key, needing to certain row or a few rows Data are shifted, and are obscured the data of certain row or a few row, therefore in decryption oprerations, and the row to default displacement is needed The state to before shifting is restored, the row for obscuring operation will be executed and be reduced to the state before obscuring, aforesaid operations are to shift to restore Operation.The line number and columns specifically shifted can be extracted from sub-key and be obtained.Replacement character comes to operate:Pass through During file destination is encrypted in sub-key, the character or character for meeting default rule can be searched in file destination String, by above-mentioned character or character string replace with it is preset obscure character, therefore during operation is decrypted, mesh can be inquired Include in mark file obscures character, and the character for the character replacement that is confused or character string are reduced to the state of script, and realization is replaced For the purpose of character filtering.
In the present embodiment, the decryption oprerations that each sub-key is included may be the same or different, and be specifically based on son The content of decryption response mode field in key determines.That is the corresponding cycle decryption oprerations of the first sub-key can include to substitute Character filter operation, and the corresponding cycle decryption oprerations of the second sub-key can include displacement recovery operation;And third sub-key Corresponding cycle decryption oprerations can both include to substitute character filter operation and displacement recovery operation.It does not limit one by one herein.
In embodiments of the present invention, file destination is encrypted by Multiple Cycle encryption technology, can be effectively improved The confidentiality of file destination, correspondingly, in order to be written and read operation to file destination, read-write equipment can carry out Multiple Cycle File destination is decrypted in decryption oprerations, to while taking into account confidentiality, can not also influence the operating efficiency of user.
Fig. 3 shows a kind of specific implementation flow chart of the reading/writing method for file that third embodiment of the invention provides.Ginseng As shown in Figure 3, relative to embodiment described in Fig. 1, after a kind of reading/writing method of file provided in this embodiment is decrypted at described Dui File destination execute the corresponding read-write operation of the read-write requests after, further include S301~S304, specific details are as follows:
In S301, request is completed in the read-write for receiving the file destination, and instruction is completed in the read-write and is converted to institute State the readable general completion instruction of IO management interfaces.
In the present embodiment, the read-write equipment of file needs to edit after to completing to the read-write operation of file destination File afterwards is preserved, then can send a read-write to read-write equipment and complete instruction, and be written and read similar, the Suo Youying of request The operation initiated with layer is required to that IO management interfaces is called to execute, therefore read-write equipment can be based on read-write and complete request, by its turn It is changed to the readable general completion instruction of IO management interfaces, to be stored to edited file destination by IO management interfaces. As described in S101, the general completion instruction that read-write equipment generates can also include the file identification of file destination.
In the present embodiment, user initiates read-write and completes the mode of request be to click save button or click file to close Button is closed, read-write equipment is when detecting that user initiates aforesaid operations, then it represents that user has completed file destination corresponding Write operation or read operation, thus application program can generate the read-write completion request of a file destination, performance objective file is write Enter flow.
In S302, the general completion instruction is imported into the IO management interfaces, where positioning the file destination Buffer zone.
In the present embodiment, the general completion instruction of generation is imported into IO management interfaces by read-write equipment, and IO management connects Mouth can extract the general file identification for completing to include in instruction, and based on the caching where this document mark location file destination Region.It should be noted that file destination leaks in order to prevent, all read-write operations are completed in buffer zone, Neng Goutong Cross IO management interfaces isolation exception request.
In the present embodiment, different buffer zones can mark occupied Data Identification or file identification, read-write equipment File identification of the meeting based on the file destination, inquires corresponding buffer zone, will be with the matched buffer zone of file identification Buffer zone as the file destination.
In S303, the file destination of the buffer zone is encrypted by the target cipher key, and store encryption The file destination afterwards.
In the present embodiment, equipment is read behind the buffer zone where file destination is determined, will be based on S103 and be obtained Operation is encrypted to the file destination in the buffer zone in obtained target cipher key, it should be noted that the encryption in S303 Operation is inverse operation each other with the decryption oprerations in S105, so as to which file destination is carried out plus solved by same target cipher key It is close.It, will be in the storage to corresponding storage unit of encrypted file destination after the completion of being encrypted to file destination.If the target is literary Part is local file, then is stored in the local storage unit of read-write equipment;It, will encryption if the file destination is telefile File destination afterwards is sent in corresponding equipment or database and is stored.
Optionally, if cryptographic operation carries out file destination using the Multiple Cycle decryption oprerations described in second embodiment Decryption, the then backward based on each sub-key pass sequentially through each sub-key and execute cryptographic operation to file destination, will pass through N Secondary encrypted file destination is stored as encrypted file destination.Specific cryptographic operation can refer to above-mentioned decryption Operation description, details are not described herein.
In S304, the data in the buffer zone are deleted by the IO management interfaces, and discharge the buffer area The storage resource in domain.
In the present embodiment, read-write equipment is after storing file destination, in order to discharge the occupied caching of file destination Resource and user is avoided to steal file destination by the residual data of buffer zone, IO management interfaces is called to delete the buffer area The data stored in domain, realize the format manipulation of buffer zone, and discharge the storage resource of the buffer zone.Specifically, it reads Address field corresponding to the buffer zone can be adjusted to idle by write device from occupancy.
In embodiments of the present invention, after read-write operation, file destination is encrypted again by target cipher key Operation, to ensure that after the completion of Document Editing, still can improve the safety of file destination by encipherment protection.
Fig. 4 shows a kind of specific implementation flow chart of the reading/writing method for file that fourth embodiment of the invention provides.Ginseng As shown in Figure 4, relative to embodiment described in Fig. 1~Fig. 3, further include in a kind of reading/writing method of file provided in this embodiment: S401~S403, specific details are as follows:
In S401, the addition request for increasing file newly is received.
In the present embodiment, the read-write equipment of file to saved file in addition to that can carry out transparent encryption protection Outside, additionally it is possible to corresponding encryption and decryption strategy be disposed to newly added file, i.e. S401 can be in S101 to S105 implementation procedures Arbitrary opportunity triggering, as long as detecting that addition request executes the relevant operation of S401.
In the present embodiment, when user needs to import new file to the read-write equipment of file, one can be generated and increased newly The addition of file is asked, and the required file destination added is contained in addition request.Optionally, in order to improve import operation Addition request can also be converted to the readable general addition of IO management interfaces and instructed by safety, read-write equipment, and this is general Addition instruction imported into IO management interfaces, by calling IO management interfaces to execute the operation of file addition.
In S402, if detecting, in the addition request include encryption identification, is based on random key generating algorithm, defeated Go out the newly-increased key of the newly-increased file, and establishes the file identification of the newly-increased file and newly-increased key in the cipher key store Correspondence.
In the present embodiment, whether it includes encryption identification that read-write equipment can detect in addition request, for classified papers, User can be one encryption identification of newly-increased file configuration, to which when generating corresponding addition request, addition request can be taken With the encryption identification in newly-increased file, the purpose for distinguishing classified papers and ordinary file is realized.
In the present embodiment, if read-write equipment, which detects in addition request, carries encryption identification, then it represents that newly-increased text Part is classified papers, needs to increase the corresponding encryption and decryption strategy of file configuration newly for this, therefore random key can be called to generate Algorithm exports and increases the corresponding newly-increased key of file newly.Optionally, which can be based on Multiple Cycle encryption and decryption mode Key, i.e., the newly-increased key generated according to preset clustering rule by multiple sub-keys.
In the present embodiment, after read-write equipment determines corresponding newly-increased key, file identification can be established and increased newly Correspondence between key, so that in subsequent operation, IO management interfaces can be based on the correspondence and get File identification, determine the newly-increased corresponding key of file.
It in S403, is encrypted, and stored encrypted described new by increasing file described in the newly-increased key pair newly Increase file.
In the present embodiment, read-write equipment increases file newly by newly-increased key pair and operation, wherein cryptographic operation is encrypted It is related to the attribute of the key, if as described above, the key is Multiple Cycle key, it can be by the operation of S303 to newly-increased File is encrypted.After the completion of encryption, read-write equipment can be encrypted newly-increased file storage to corresponding memory module.
In embodiments of the present invention, after by receiving addition request, key is increased newly accordingly for newly-increased file configuration, and Newly-increased file is encrypted, stored file can not only be protected, the file of addition can also be realized It is effectively protected, improves the flexibility of operation and the confidentiality of newly-increased file.
Fig. 5 shows a kind of specific implementation flow chart of the reading/writing method for file that fifth embodiment of the invention provides.Ginseng As shown in Figure 5, relative to embodiment described in Fig. 1-Fig. 3, a kind of reading/writing method of file provided in this embodiment includes:S501~ S502, specific details are as follows:
In S501, if meeting preset key updating condition, by random key generating algorithm, to remember in cipher key store Each encrypted file of record configures new key.
In the present embodiment, the read-write equipment of file, can be periodically to All Files in order to improve the confidentiality of whole equipment Key be updated, the key updating condition can be time triggered condition, can also be trigger conditions.Wherein, when Between trigger condition be specially:Read-write equipment can be with the preset update cycle, all keys being spaced in update cipher key store, or Corresponding timing node is set, when detecting that current time reaches preset timing node, then carries out the key in cipher key store Update operation.And trigger conditions can be:Read-write equipment is provided with update trigger event, such as data read-write operation reaches Certain number or quantity of documents reach the events such as preset threshold value, when read-write equipment detects that current time meets above-mentioned triggering When the condition of event, then the relevant operation of S501 is executed.
In the present embodiment, read-write equipment can be by random key generating algorithm, to be configured newly with a encrypted file Key can be carried out certainly before deleting the key before updating by the corresponding encrypted file of key pair before update Decryption oprerations, and after generating new key, encryption is re-started by the new each file of key pair.
In S502, the read-write for each file updated cipher key store being synchronized in file read-write system is set It is standby.
In the present embodiment, in order to realize that same file read-write equipment of All Files in file read-write system is compatible And readable, file identical for file identification, corresponding key all same in each read-write equipment, to a certain When the read-write equipment of file sends encrypted file to the read-write equipment of another file, it can also be solved by correct key It is close, execute corresponding read-write operation.Therefore, after being updated operation to key, the file read-write equipment of update operation is executed A broadcast message can be sent in file read-write system, updated cipher key store is synchronized to each in file read-write system The read-write equipment of a file.
In embodiments of the present invention, cipher key store is updated according to preset condition, to improve in whole system The confidentiality of storage file, and in the updated all devices in system are carried out with the synchronization of cipher key store, facilitate distinct device Between file it is mutual biography and access, improve operating efficiency.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit It is fixed.
Fig. 6 shows a kind of structure diagram of the read-write equipment for file that one embodiment of the invention provides, the reading of this document The each unit that write device includes is used to execute each step in the corresponding embodiments of Fig. 1.Corresponding to Fig. 1 and Fig. 1 Embodiment in associated description.For convenience of description, only the parts related to this embodiment are shown.
Referring to Fig. 6, the read-write equipment of the file includes:
Read-write requests converting unit 61, the read-write requests for receiving file destination, and the read-write requests are converted to The readable general read write command of input/output IO management interfaces;The general read write command includes the file of the file destination Mark;
Buffer zone creating unit 62, for the general read write command to be imported the IO management interfaces, establishment is used for Export the buffer zone of the file destination;
Target cipher key acquiring unit 63, for calling described in the IO management interfaces extract from the general read write command File identification, and the corresponding target cipher key of the file identification is inquired from cipher key store;
File extraction unit 64, for obtaining the file destination based on the file identification, and by the file destination It is directed into the buffer zone;
File destination decryption unit 65, for the file destination to be decrypted by the target cipher key, and to solution File destination after close executes the corresponding read-write operation of the read-write requests.
Optionally, the file destination decryption unit 65 includes:
It is close to be divided into N number of son for being based on preset Secret splitting algorithm by Secret splitting unit for the target cipher key Key, and the decryption order of each sub-key is determined in the position of the target cipher key according to each sub-key;It is described N is the positive integer more than or equal to 2;
Decryption unit is recycled, for being based on the decryption order, passes sequentially through each sub-key to target text Part executes cycle decryption oprerations, will be by the file destination of n times cycle decryption as the file destination after the decryption;Institute Stating cycle decryption oprerations includes:It shifts recovery operation and/or substitutes character filter operation.
Optionally, the read-write equipment of the file further includes:
Request converting unit is completed in read-write, and request is completed in the read-write for receiving the file destination, and by the read-write It completes instruction and is converted to the readable general completion instruction of the IO management interfaces;
Buffer zone positioning unit positions the mesh for the general completion instruction to be imported the IO management interfaces Mark the buffer zone where file;
File destination encryption unit, for being added to the file destination of the buffer zone by the target cipher key It is close, and store the encrypted file destination;
Buffer zone releasing unit for deleting the data in the buffer zone by the IO management interfaces, and is released Put the storage resource of the buffer zone.
Optionally, the read-write equipment of the file further includes:
Request reception unit is added, the addition for receiving newly-increased file is asked;
Newly-increased Key generating unit, if for detecting that in the addition request include encryption identification, based on secret Key generating algorithm exports the newly-increased key of the newly-increased file, and the file of the newly-increased file is established in the cipher key store The correspondence of mark and newly-increased key;
Newly-increased file storage unit for being encrypted by increasing file described in the newly-increased key pair newly, and stores and adds The newly-increased file after close.
Optionally, the read-write equipment of the file further includes:
Cipher key store updating unit, if being by random key generating algorithm for meeting preset key updating condition The each encrypted file recorded in cipher key store configures new key;
Cipher key store synchronization unit, each file for being synchronized to the updated cipher key store in file read-write system Read-write equipment.
Therefore, in the read-write equipment of file provided in an embodiment of the present invention, the decryption oprerations of file destination for user and Speech be it is transparent, user initiate read-write operation when, it is identical as the operation without encrypted file, only need to initiate read-write requests, The extraction of target cipher key and the documentary read-write equipment of the decryption of file are automatically performed.On the other hand, due to decryption oprerations It is transparent to user, target cipher key even user can not also be known, can not be also decrypted even if file destination is stolen, The confidentiality for further improving file destination reduces the risk of outflow of document.
Fig. 7 is a kind of schematic diagram of the read-write equipment for file that another embodiment of the present invention provides.As shown in fig. 7, the reality The read-write equipment 7 for applying the file of example includes:It processor 70, memory 71 and is stored in the memory 71 and can be described The computer program 72 run on processor 70, for example, file read-write program.The processor 70 executes the computer journey The step in the reading/writing method embodiment of above-mentioned each file, such as S101 shown in FIG. 1 to S105 are realized when sequence 72.Alternatively, The processor 70 realizes the function of each unit in above-mentioned each device embodiment, such as Fig. 6 when executing the computer program 72 61 to 65 function of shown module.
Illustratively, the computer program 72 can be divided into one or more units, one or more of Unit is stored in the memory 71, and is executed by the processor 70, to complete the present invention.One or more of lists Member can complete the series of computation machine program instruction section of specific function, and the instruction segment is for describing the computer journey Implementation procedure of the sequence 72 in the read-write equipment 7 of the file.It is asked for example, the computer program 72 can be divided into read-write Ask converting unit, buffer zone creating unit, target cipher key acquiring unit, file extraction unit and file destination decryption single Member, each unit concrete function are as described above.
The read-write equipment 7 of the file can be the meters such as desktop PC, notebook, palm PC and cloud server Calculate equipment.The read-write equipment of the file may include, but be not limited only to, processor 70, memory 71.Those skilled in the art can To understand, Fig. 7 is only the example of the read-write equipment 7 of file, does not constitute the restriction to the read-write equipment 7 of file, can wrap It includes than illustrating more or fewer components, either combines certain components or different components, such as the read-write of the file is set Standby can also include input-output equipment, network access equipment, bus etc..
Alleged processor 70 can be central processing unit (Central Processing Unit, CPU), can also be Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit (Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field- Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic, Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor Deng.
The memory 71 can be the internal storage unit of the read-write equipment 7 of the file, such as the read-write of file is set Standby 7 hard disk or memory.The memory 71 can also be the External memory equipment of the read-write equipment 7 of the file, such as institute State the plug-in type hard disk being equipped on the read-write equipment 7 of file, intelligent memory card (Smart Media Card, SMC), secure digital (Secure Digital, SD) blocks, flash card (FlashCard) etc..Further, the memory 71 can also both include institute The internal storage unit for stating the read-write equipment 7 of file also includes External memory equipment.The memory 71 by store it is described based on Other programs needed for the read-write equipment of calculation machine program and the file and data.The memory 71 can be also used for temporarily Ground stores the data that has exported or will export.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed Or replace, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution should all It is included within protection scope of the present invention.

Claims (10)

1. a kind of reading/writing method of file, which is characterized in that including:
It receives the read-write requests of file destination, and the read-write requests is converted into readable logical of input/output IO management interfaces Use read write command;The general read write command includes the file identification of the file destination;
The general read write command is imported into the IO management interfaces, creates the buffer zone for exporting the file destination;
It calls the IO management interfaces to extract the file identification from the general read write command, and inquires institute from cipher key store State the corresponding target cipher key of file identification;
The file destination is obtained based on the file identification, and the file destination is directed into the buffer zone;
The file destination is decrypted by the target cipher key, and the read-write is executed to the file destination after decryption and is asked Seek corresponding read-write operation.
2. reading/writing method according to claim 1, which is characterized in that described literary to the target by the target cipher key Part is decrypted, including:
Based on preset Secret splitting algorithm, the target cipher key is divided into N number of sub-key, and according to each sub-key In the position of the target cipher key, the decryption order of each sub-key is determined;The N is the positive integer more than or equal to 2;
Based on the decryption order, passes sequentially through each sub-key and cycle decryption oprerations are executed to the file destination, it will By the file destination of n times cycle decryption as the file destination after the decryption;The cycle decryption oprerations include:It moves Position recovery operation and/or replacement character filter operation.
3. reading/writing method according to claim 1, which is characterized in that described in the file destination after decrypting at described Dui executes After the corresponding read-write operation of read-write requests, further include:
Request is completed in the read-write for receiving the file destination, and read-write completion instruction is converted to the IO management interfaces can The general completion instruction read;
The general completion instruction is imported into the IO management interfaces, positions the buffer zone where the file destination;
The file destination of the buffer zone is encrypted by the target cipher key, and stores the encrypted target text Part;
The data in the buffer zone are deleted by the IO management interfaces, and discharge the storage resource of the buffer zone.
4. according to claim 1-3 any one of them reading/writing methods, which is characterized in that further include:
Receive the addition request for increasing file newly;
If detecting, in the addition request include encryption identification, is based on random key generating algorithm, exports the newly-increased text The newly-increased key of part, and establish in the cipher key store correspondence of the file identification and newly-increased key of the newly-increased file;
It is encrypted by increasing file described in the newly-increased key pair newly, and stores the encrypted newly-increased file.
5. according to claim 1-3 any one of them reading/writing methods, which is characterized in that further include:
If meeting preset key updating condition, by random key generating algorithm, each add for what is recorded in cipher key store The new key of close file configuration;
The updated cipher key store is synchronized to the read-write equipment of each file in file read-write system.
6. a kind of read-write equipment of file, which is characterized in that the read-write equipment of the file includes memory, processor and deposits The computer program that can be run in the memory and on the processor is stored up, the processor executes the computer journey Following steps are realized when sequence:
It receives the read-write requests of file destination, and the read-write requests is converted into readable logical of input/output IO management interfaces Use read write command;The general read write command includes the file identification of the file destination;
The general read write command is imported into the IO management interfaces, creates the buffer zone for exporting the file destination;
It calls the IO management interfaces to extract the file identification from the general read write command, and inquires institute from cipher key store State the corresponding target cipher key of file identification;
The file destination is obtained based on the file identification, and the file destination is directed into the buffer zone;
The file destination is decrypted by the target cipher key, and the read-write is executed to the file destination after decryption and is asked Seek corresponding read-write operation.
7. read-write equipment according to claim 6, which is characterized in that described literary to the target by the target cipher key Part is decrypted, including:
Based on preset Secret splitting algorithm, the target cipher key is divided into N number of sub-key, and according to each sub-key In the position of the target cipher key, the decryption order of each sub-key is determined;The N is the positive integer more than or equal to 2;
Based on the decryption order, passes sequentially through each sub-key and cycle decryption oprerations are executed to the file destination, it will By the file destination of n times cycle decryption as the file destination after the decryption;The cycle decryption oprerations include:It moves Position recovery operation and/or replacement character filter operation.
8. read-write equipment according to claim 6, which is characterized in that described in the file destination after decrypting at described Dui executes After the corresponding read-write operation of read-write requests, the processor also realizes following steps when executing the computer program:
Request is completed in the read-write for receiving the file destination, and read-write completion instruction is converted to the IO management interfaces can The general completion instruction read;
The general completion instruction is imported into the IO management interfaces, positions the buffer zone where the file destination;
The file destination of the buffer zone is encrypted by the target cipher key, and stores the encrypted target text Part;
The data in the buffer zone are deleted by the IO management interfaces, and discharge the storage resource of the buffer zone.
It is arranged 9. being read and write according to claim 6-8 any one of them, which is characterized in that the processor executes the computer Following steps are also realized when program:
Receive the addition request for increasing file newly;
If detecting, in the addition request include encryption identification, is based on random key generating algorithm, exports the newly-increased text The newly-increased key of part, and establish in the cipher key store correspondence of the file identification and newly-increased key of the newly-increased file;
It is encrypted by increasing file described in the newly-increased key pair newly, and stores the encrypted newly-increased file.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist In when the computer program is executed by processor the step of any one of such as claim 1 to 5 of realization the method.
CN201810496735.6A 2018-05-22 2018-05-22 A kind of reading/writing method and equipment of file Pending CN108763401A (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN201810496735.6A CN108763401A (en) 2018-05-22 2018-05-22 A kind of reading/writing method and equipment of file
PCT/CN2018/097310 WO2019223098A1 (en) 2018-05-22 2018-07-27 File reading and writing method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810496735.6A CN108763401A (en) 2018-05-22 2018-05-22 A kind of reading/writing method and equipment of file

Publications (1)

Publication Number Publication Date
CN108763401A true CN108763401A (en) 2018-11-06

Family

ID=64008428

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810496735.6A Pending CN108763401A (en) 2018-05-22 2018-05-22 A kind of reading/writing method and equipment of file

Country Status (2)

Country Link
CN (1) CN108763401A (en)
WO (1) WO2019223098A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112257122A (en) * 2020-10-22 2021-01-22 深圳软牛科技有限公司 Data processing method, device and equipment based on T2 chip and storage medium
CN113900993A (en) * 2021-10-13 2022-01-07 吴江绿控电控科技有限公司 Method for improving file creating efficiency of CAN data recorder based on FAT32 file system
CN113934691A (en) * 2021-12-08 2022-01-14 荣耀终端有限公司 Method for accessing file, electronic device and readable storage medium
CN115186300A (en) * 2022-09-08 2022-10-14 粤港澳大湾区数字经济研究院(福田) File security processing system and file security processing method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853363A (en) * 2010-05-07 2010-10-06 北京飞天诚信科技有限公司 File protection method and system
CN105308616A (en) * 2013-04-18 2016-02-03 费思康有限公司 File security method and apparatus for same
CN105939190A (en) * 2016-06-23 2016-09-14 天津中安华典数据安全科技有限公司 AES data encryption method for offline key generation based on FPGA

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4923928B2 (en) * 2006-09-29 2012-04-25 富士通株式会社 Information processing apparatus, control method thereof, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101853363A (en) * 2010-05-07 2010-10-06 北京飞天诚信科技有限公司 File protection method and system
CN105308616A (en) * 2013-04-18 2016-02-03 费思康有限公司 File security method and apparatus for same
CN105939190A (en) * 2016-06-23 2016-09-14 天津中安华典数据安全科技有限公司 AES data encryption method for offline key generation based on FPGA

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112257122A (en) * 2020-10-22 2021-01-22 深圳软牛科技有限公司 Data processing method, device and equipment based on T2 chip and storage medium
CN113900993A (en) * 2021-10-13 2022-01-07 吴江绿控电控科技有限公司 Method for improving file creating efficiency of CAN data recorder based on FAT32 file system
CN113900993B (en) * 2021-10-13 2022-06-28 吴江绿控电控科技有限公司 Method for improving file creating efficiency of CAN data recorder based on FAT32 file system
CN113934691A (en) * 2021-12-08 2022-01-14 荣耀终端有限公司 Method for accessing file, electronic device and readable storage medium
CN113934691B (en) * 2021-12-08 2022-05-17 荣耀终端有限公司 Method for accessing file, electronic device and readable storage medium
CN115186300A (en) * 2022-09-08 2022-10-14 粤港澳大湾区数字经济研究院(福田) File security processing system and file security processing method

Also Published As

Publication number Publication date
WO2019223098A1 (en) 2019-11-28

Similar Documents

Publication Publication Date Title
US8918633B2 (en) Information processing device, information processing system, and program
EP3937046A1 (en) Trusted startup methods and apparatuses of dedicated blockchain node device
CN102945355B (en) Fast Data Encipherment strategy based on sector map is deferred to
CN108763401A (en) A kind of reading/writing method and equipment of file
KR101405720B1 (en) Accelerated cryptography with an encryption attribute
CN104252605B (en) A kind of file transparent encrypting and deciphering system of Android platform and method
KR101613146B1 (en) Method for encrypting database
CN110147684B (en) Method and device for realizing privacy protection of blockchain data
CN103106372A (en) Lightweight class privacy data encryption method and system for Android system
KR20190018869A (en) System and method for providing storage service based on block chain
CN101655858B (en) Cryptograph index structure based on blocking organization and management method thereof
CN102855452A (en) Method for following quick data encryption strategy based on encryption piece
CN105612715A (en) Security processing unit with configurable access control
EP2778953A1 (en) Encoded-search database device, method for adding and deleting data for encoded search, and addition/deletion program
CN106682521B (en) File transparent encryption and decryption system and method based on driver layer
CN105630965A (en) System and method for securely deleting file from user space on mobile terminal flash medium
CN109802832A (en) A kind of processing method of data file, system, big data processing server and computer storage medium
CN107066346A (en) A kind of data back up method, data reconstruction method and device
CN107315966A (en) Solid state hard disc data ciphering method and system
KR100692999B1 (en) Key cache management through multiple localities
CN108154042B (en) File system encryption method and device
CN106612247A (en) A data processing method and a storage gateway
CN109977692B (en) Data processing method and device, storage medium and electronic equipment
US20050071662A1 (en) Method of managing file structure in memory card and its related technology
CN111143879A (en) Android platform SD card file protection method, terminal device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination