CN108763401A - A kind of reading/writing method and equipment of file - Google Patents
A kind of reading/writing method and equipment of file Download PDFInfo
- Publication number
- CN108763401A CN108763401A CN201810496735.6A CN201810496735A CN108763401A CN 108763401 A CN108763401 A CN 108763401A CN 201810496735 A CN201810496735 A CN 201810496735A CN 108763401 A CN108763401 A CN 108763401A
- Authority
- CN
- China
- Prior art keywords
- file
- read
- write
- file destination
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The present invention is suitable for technical field of information processing, provides a kind of reading/writing method and equipment of file, including:The read-write requests of file destination are received, and read-write requests are converted into the readable general read write command of IO management interfaces;General read write command is imported into IO management interfaces, creates the buffer zone for exporting file destination;The file identification is extracted from general read write command by IO management interfaces, and target cipher key is inquired from cipher key store;File destination is obtained based on file identification, and file destination is directed into buffer zone;File destination is decrypted by target cipher key, and read-write operation is executed to the file destination after decryption.In the present invention, the decryption oprerations of file destination be for a user it is transparent, user initiate read-write operation when, it is identical as the operation without encrypted file, read-write requests only need to be initiated, the extraction of target cipher key and the documentary read-write equipment of the decryption of file are automatically performed.
Description
Technical field
The invention belongs to technical field of information processing more particularly to the reading/writing methods and equipment of a kind of file.
Background technology
Competition between enterprise can be regarded as the competition in core technology, therefore enterprise can make the core technology of itself
It is preserved for classified papers, thus how protection is encrypted to classified papers, prevented classified papers from leaking, then directly affect
Enterprise competitiveness in the market.Existing file encrypting method, usually user or company create a common password,
It is encrypted with all classified papers in a pair of enterprise, but user is required to be manually entered when carrying out file read-write every time,
To reduce efficiency of the user to file read-write operations, confidentiality and the convenience of read-write operation can not be taken into account simultaneously.
Invention content
In view of this, an embodiment of the present invention provides a kind of reading/writing method of file and equipment, to solve existing file
Reading/writing method, the problem of convenience of confidentiality and read-write operation can not be taken into account simultaneously.
The first aspect of the embodiment of the present invention provides a kind of reading/writing method of file, including:
The read-write requests of file destination are received, and it is readable that the read-write requests are converted to input/output IO management interfaces
General read write command;The general read write command includes the file identification of the file destination;
The general read write command is imported into the IO management interfaces, creates the buffer area for exporting the file destination
Domain;
It calls the IO management interfaces to extract the file identification from the general read write command, and is looked into from cipher key store
Ask the corresponding target cipher key of the file identification;
The file destination is obtained based on the file identification, and the file destination is directed into the buffer zone
It is interior;
The file destination is decrypted by the target cipher key, and the reading is executed to the file destination after decryption
The corresponding read-write operation of write request.
The second aspect of the embodiment of the present invention provides a kind of read-write equipment of file, including memory, processor and
It is stored in the computer program that can be run in the memory and on the processor, the processor executes the computer
Each step of first aspect is realized when program.
The third aspect of the embodiment of the present invention provides a kind of computer readable storage medium, the computer-readable storage
Media storage has computer program, and each step of first aspect is realized when the computer program is executed by processor.
The reading/writing method and terminal device for implementing a kind of file provided in an embodiment of the present invention have the advantages that:
The embodiment of the present invention, can be by IO management interfaces in cache module by after receiving the read-write requests of user
A buffer zone for output, and the file based on the file destination are created for the required file destination for being written and read operation
Mark obtains the corresponding encryption key of this document mark from cipher key store, and file destination is imported into buffer zone, is caching
Operation is decrypted to file destination in region, then user can be written and read operation to the file destination after decryption, right
In the case that protection is encrypted in file destination, user improves the operating efficiency of user without clear crytpographic key is manually entered.
Compared with the reading/writing method of existing file, the decryption oprerations of file destination are transparent for a user, and user initiates to read
It is identical as the operation without encrypted file when write operation, only it need to initiate read-write requests, the extraction of target cipher key and file
The documentary read-write equipment of decryption be automatically performed.On the other hand, it is transparent, target cipher key to user due to decryption oprerations
Even user can not also be known, can not be also decrypted even if file destination is stolen, further improve file destination
Confidentiality reduces the risk of outflow of document.
Description of the drawings
It to describe the technical solutions in the embodiments of the present invention more clearly, below will be to embodiment or description of the prior art
Needed in attached drawing be briefly described, it should be apparent that, the accompanying drawings in the following description be only the present invention some
Embodiment for those of ordinary skill in the art without having to pay creative labor, can also be according to these
Attached drawing obtains other attached drawings.
Fig. 1 is a kind of implementation flow chart of the reading/writing method for file that first embodiment of the invention provides;
Fig. 2 is a kind of reading/writing method S105 specific implementation flow charts for file that second embodiment of the invention provides;
Fig. 3 is a kind of reading/writing method specific implementation flow chart for file that third embodiment of the invention provides;
Fig. 4 is a kind of reading/writing method specific implementation flow chart for file that fourth embodiment of the invention provides;
Fig. 5 is a kind of specific implementation flow chart of the reading/writing method for file that fourth embodiment of the invention provides;
Fig. 6 is a kind of structure diagram of the read-write equipment for file that one embodiment of the invention provides;
Fig. 7 is a kind of schematic diagram of the read-write equipment for file that another embodiment of the present invention provides.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to the accompanying drawings and embodiments, right
The present invention is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, and
It is not used in the restriction present invention.
The embodiment of the present invention, can be by IO management interfaces in cache module by after receiving the read-write requests of user
A buffer zone for output, and the file based on the file destination are created for the required file destination for being written and read operation
Mark obtains the corresponding encryption key of this document mark from cipher key store, and file destination is imported into buffer zone, is caching
Operation is decrypted to file destination in region, then user can be written and read operation to the file destination after decryption, right
In the case that protection is encrypted in file destination, user improves the operating efficiency of user without clear crytpographic key is manually entered,
It solves the reading/writing method for solving existing file, the confidentiality of file and the convenience of read-write operation can not be taken into account simultaneously
Problem.
In embodiments of the present invention, the executive agent of flow is the read-write equipment of file.The read-write equipment of this document includes
But it is not limited to:Laptop, computer, server, tablet computer and smart mobile phone etc. have documentary read-write capability
Equipment.Fig. 1 shows the implementation flow chart of the reading/writing method for the file that first embodiment of the invention provides, and details are as follows:
In S101, the read-write requests of file destination are received, and the read-write requests are converted into input/output IO management
The readable general read write command of interface;The general read write command includes the file identification of the file destination.
In the present embodiment, in order to realize that encryption and decryption operation is transparent purpose to user, application program can not directly from
Required file destination is obtained in memory module, but need by input/output (Input/Output, IO) management interface from
Corresponding file is extracted in memory module, after then being exported the file after decryption, could execute read-write operation;Apply
It is that there are data interactions to be isolated between program and memory module, needs that interaction could be completed after being converted by IO management interfaces
Operation.Thus, when the read-write requests that each application program is initiated, the read-write equipment of file can be converted to read-write requests IO management
The readable general read write command of interface, to be written and read the target of operation required for will pass through after the output decryption of IO management interfaces
File.
In the present embodiment, read-write requests are converted into general read write command in addition to the transparent of encryption and decryption operation may be implemented
It is outside the pale of civilization, additionally it is possible to realize and carry out telefile read-write operation between the read-write equipment of different files in file read-write system.?
In this document read-write system, the read-write equipment of All Files is all made of the IO management interfaces of unified standard, i.e., general read write command
It is applicable in the read-write equipment of each file.If when the read-write equipment A of a certain user's operation file, needing the reading for accessing file
The file stored in write device B can also generate read-write requests, and pass through based on the file identification of the file of the required access
IO management interfaces in the read-write equipment A of file are converted to general read write command, and by the LAN in system that this is general
Read write command is sent to the read-write equipment B of file, since general read write command is general in the read-write equipment of All Files, because
The IO management interfaces of the read-write equipment B of this file are general can to identify the general read write command, obtain corresponding file destination hair
The read-write equipment A of file is given, and executes the relevant operation of S102 to S105, responds the read-write requests of user.Optionally, target
File may be stored in cloud server, which also is provided with IO management interfaces, with reference to above-mentioned different files
The read-write equipment of interactive process between read-write equipment, file can also be fetched by general read write command from cloud server
File destination.
In the present embodiment, it is had a certain difference between the read-write requests that different application programs is generated, therefore
In order to improve the treatment effeciency of IO management interfaces, read-write equipment can be based on general read write command template, be extracted from read-write requests
Required parameter information is imported into the general read write command template, and generates the corresponding general read write command of the read-write requests,
And in order to which file destination is accurately positioned, which can include the file identification of file destination.
In S102, the general read write command is imported into the IO management interfaces, is created for exporting the target text
The buffer zone of part.
In the present embodiment, which can then imported by read-write equipment after generating general read write command
IO management interfaces, the startup file of IO management interfaces meeting at this time reads and writes flow, and creates a buffer area to export the file destination
File destination can be imported into the buffer zone by domain by the buffer zone, then carry out encryption and decryption operation, and then solution
File destination after close is exported executes read-write operation to corresponding application program.
Optionally, in the present embodiment, IO management interfaces can extract the general read-write after receiving general read write command
The file identification for including in instruction, and the mapping table based on file identification and buffer zone, inquiry whether there is this document
Identify corresponding buffer zone, and if it exists, then directly invoke this document and identify corresponding buffer zone, no longer need to be delayed
Deposit region establishment.Since partial target file may be by multiple application calls, in the IO read-writes of response other applications
It when request, has created this document and has identified corresponding buffer zone, wasted cache resources in order to avoid repeating to create, read and write
Equipment can also export the file destination using the buffer zone that this has been created.
Optionally, in the present embodiment, in general read-write requests also include file type.IO management interfaces are creating mesh
Before the buffer zone for marking file, the data volume of file destination can be predicted based on file type, and the data volume based on prediction creates
Corresponding buffer zone, so that the data volume of buffer zone and file destination matches.
In S103, the IO management interfaces is called to extract the file identification from the general read write command, and from
The corresponding target cipher key of the file identification is inquired in cipher key store.
In the present embodiment, buffer zone used in output file has been divided in cache module by IO management interfaces
Afterwards, this document mark can be extracted from general read write command, and the corresponding target of this document mark is obtained from cipher key store
Key.Specifically, it is stored with the key of each file for needing that operation is encrypted in cipher key store, and establishes key and files-designated
Correspondence between knowledge, therefore, IO management interfaces, can be with bases after the file identification for including in being extracted general read requests
Corresponding key is inquired as target cipher key, will pass through the target cipher key to target in cipher key store in this document mark
Operation is decrypted in file.
Optionally, in the present embodiment, the corresponding key of institute's encrypted file in need can be identical, and the key can be with
The preset period is updated, and operation can be decrypted by not newer key pair All Files in IO management interfaces, decrypted
Cheng Hou, IO management interface can be based on preset key schedule, determine the key corresponding to next period, and by update after
Key All Files are encrypted and are stored again again.In this case, the corresponding key of All Files mark is
For the effective key of current period.
Optionally, IO management interfaces are after being extracted file identification, can be based on this document mark location file destination, and
Detect whether the file destination includes encrypted identifier.The read-write equipment of file can distinguish machine by adding encrypted identifier
Ciphertext part and ordinary file.Therefore, if file destination includes encrypted identifier, the file is inquired in execution from cipher key store
Identify the operation of corresponding target cipher key;If conversely, the file destination does not include encrypted identifier, directly from the target is literary
Part imported into buffer zone, and exports and execute read-write operation to application program.
In S104, the file destination is obtained based on the file identification, and the file destination is directed into described
In buffer zone.
In the present embodiment, read-write equipment obtains the text of file destination in S103 by calling IO management interfaces
Part identifies, therefore the operation of file extraction can be executed by an other thread while inquiring corresponding target cipher key.
Specifically, read-write equipment inquires the corresponding file destination of this document mark, this document based on file identification from storage unit
Mark can be the store path of filename or file, if this document is identified as the filename of file destination, by storage unit
In the filename of each file matched with file identification, extract the file of successful match as file destination.If this document
It is identified as the store path of file destination, then read-write equipment can position file destination in the memory unit by the store path
Position, and extract the file stored in the store path as file destination.
In the present embodiment, since read-write equipment is after obtaining file destination, which is by encryption
, therefore can not directly export and execute read-write operation, in this case, in order to which behaviour is decrypted to the file destination
Make, read-write equipment can imported into file destination in the buffer zone created in above-mentioned steps, due to buffer zone and application layer
Between carry out data interaction and still need by IO management interfaces, therefore file destination is decrypted still in buffer zone
It can ensure that the content of file destination is not stolen, improve the confidentiality of file.
In S105, the file destination is decrypted by the target cipher key, and to the file destination after decryption
Execute the corresponding read-write operation of the read-write requests.
In the present embodiment, read-write equipment is decrypted file destination by target cipher key, the target after output decryption
File, and the read-write requests sent based on application program execute corresponding read-write operation to the file destination after the decryption.Example
Such as, if user needs to check that file destination, IO management interfaces, can be by the mesh after decryption after the file destination after obtaining decryption
Mark file is directly output to the corresponding serial ports of display module, to export file destination to user by display module;It is looked into user
It during seeing file destination, needs to modify to the data in file, a number can be initiated in corresponding application program
According to edit instruction, data edition instruction can be converted to general read write command by read-write equipment first, and is imported into IO management and connect
Mouthful, and corresponding edit operation is executed to the file destination after decryption, to change output to the output signal of display module, use
Family may also reach real time inspection and be changed to file content, it can be seen that, all read-write operations are required to call IO management interfaces
It is responded, is leaked so as to be effectively prevented file destination data, and whole operation process is for the angle of user,
It is no different with conventional read-write operation, additional operation is carried out without user, has taken into account confidentiality and simple operation.
Above as can be seen that a kind of reading/writing method of file provided in an embodiment of the present invention passes through in the reading for receiving user
Can be that the required file destination establishment one for being written and read operation is used in cache module by IO management interfaces after write request
The buffer zone of output, and the file identification based on the file destination obtain the corresponding encryption of this document mark from cipher key store
Key, and file destination is imported into buffer zone, operation is decrypted to file destination in buffer zone, then user can
To be written and read operation to the file destination after decryption, in the case where protection is encrypted to file destination, user without
It is manually entered clear crytpographic key, improves the operating efficiency of user.Compared with the reading/writing method of existing file, the solution of file destination
It is close operation be for a user it is transparent, user initiate read-write operation when, it is identical as the operation without encrypted file, only need to send out
Read-write requests are played, the extraction of target cipher key and the documentary read-write equipment of the decryption of file are automatically performed.Another party
Face, since decryption oprerations are transparent to user, target cipher key even user can not also be known, even if file destination is stolen
Also it can not be decrypted, further improve the confidentiality of file destination, reduce the risk of outflow of document.
Fig. 2 shows the specific implementation flows of the reading/writing method S105 of file of second embodiment of the invention offer a kind of
Figure.It is shown in Figure 2, state embodiment relative to Fig. 1, S105 includes in a kind of reading/writing method of file provided in this embodiment
S1051 and S1052, specific details are as follows:
In S1051, it is based on preset Secret splitting algorithm, the target cipher key is divided into N number of sub-key, and according to
Each sub-key determines the decryption order of each sub-key in the position of the target cipher key;The N be more than or
Positive integer equal to 2.
In the present embodiment, it is specially to recycle encryption method to the method that file destination is encrypted, i.e., by multiple close
File destination is encrypted in key cycle, so as to improve the confidentiality of file destination.Correspondingly, it is encrypted by Multiple Cycle
The file that method is encrypted, when operation is decrypted, it is also desirable to multiple keys are utilized, file destination is decrypted successively,
Successfully file destination could be decrypted.It is close based on multiple sons to read equipment i.e. in the present embodiment and acquire target cipher key
What key integrated, it is therefore desirable to by preset key partitioning algorithm, which be split, be divided into N number of son
Key.
In the present embodiment, preset Secret splitting algorithm can be based on preset spliting node, by target cipher key point
It is segmented into multiple segment data, per segment data as a sub-key.For example, reading equipment with every 4 bytes as a spliting node, incite somebody to action
One data volume is that the target cipher key of 64 bytes is divided into the data in 16 sections, and the data for including in each section are as one
Sub-key, to obtain 16 sub-keys.It is, of course, also possible to target cipher key is split by other partitioning algorithms, it will be close
Each character in key is imported successively in N number of queue, after the completion of importing, character that each queue is included then as segmentation after
Sub-key, the serial number of queue are then the number of the sub-key.
In the present embodiment, due to being encrypted based on fixed secondary ordered pair file destination in cycle Encryption Algorithm,
When therefore executing decryption oprerations, it is also desirable to based on the file destination decryption of certain decryption time ordered pair, in the present embodiment, decryption time
Sequence is related to position of the sub-key in target cipher key, can determine that each height is close based on the precedence in target cipher key
The decryption order of key, i.e. position of the sub-key in key is more forward, and corresponding decryption order is also corresponding forward.
It should be noted that since cryptographic operation and decryption oprerations are common same target cipher keys, to target
When the operation that file is encrypted, it can be equally based on Secret splitting algorithm, N number of sub-key is divided into target cipher key, and be based on
The backward of each sub-key, is decrypted file destination, and realization is mutually matched with decryption oprerations.
In S1052, it is based on the decryption order, each sub-key is passed sequentially through and file destination execution is followed
Ring decryption oprerations, will be by the file destination of n times cycle decryption as the file destination after the decryption;The circulant solution
Close operation includes:It shifts recovery operation and/or substitutes character filter operation.
In the present embodiment, read-write equipment can be minimum by the numerical value of decryption order based on the decryption order of each sub-key
Sub-key start that file destination is decrypted, after successful decryption, output first decryption file, and passing through decrypt order
Numerical value be 2 sub-key pair first decrypt file and be decrypted, after successful decryption, output third decrypts file, successively class
It pushes away, after n-th sub-key pair N-1 decryption files are decrypted, output N decrypts file, and is identified as after decrypting
File destination.
It should be noted that cycle decryption oprerations include displacement recovery operation and/or replacement character filter operation.Displacement is multiple
Origin operation is specially:Due to during file destination is encrypted by sub-key, needing to certain row or a few rows
Data are shifted, and are obscured the data of certain row or a few row, therefore in decryption oprerations, and the row to default displacement is needed
The state to before shifting is restored, the row for obscuring operation will be executed and be reduced to the state before obscuring, aforesaid operations are to shift to restore
Operation.The line number and columns specifically shifted can be extracted from sub-key and be obtained.Replacement character comes to operate:Pass through
During file destination is encrypted in sub-key, the character or character for meeting default rule can be searched in file destination
String, by above-mentioned character or character string replace with it is preset obscure character, therefore during operation is decrypted, mesh can be inquired
Include in mark file obscures character, and the character for the character replacement that is confused or character string are reduced to the state of script, and realization is replaced
For the purpose of character filtering.
In the present embodiment, the decryption oprerations that each sub-key is included may be the same or different, and be specifically based on son
The content of decryption response mode field in key determines.That is the corresponding cycle decryption oprerations of the first sub-key can include to substitute
Character filter operation, and the corresponding cycle decryption oprerations of the second sub-key can include displacement recovery operation;And third sub-key
Corresponding cycle decryption oprerations can both include to substitute character filter operation and displacement recovery operation.It does not limit one by one herein.
In embodiments of the present invention, file destination is encrypted by Multiple Cycle encryption technology, can be effectively improved
The confidentiality of file destination, correspondingly, in order to be written and read operation to file destination, read-write equipment can carry out Multiple Cycle
File destination is decrypted in decryption oprerations, to while taking into account confidentiality, can not also influence the operating efficiency of user.
Fig. 3 shows a kind of specific implementation flow chart of the reading/writing method for file that third embodiment of the invention provides.Ginseng
As shown in Figure 3, relative to embodiment described in Fig. 1, after a kind of reading/writing method of file provided in this embodiment is decrypted at described Dui
File destination execute the corresponding read-write operation of the read-write requests after, further include S301~S304, specific details are as follows:
In S301, request is completed in the read-write for receiving the file destination, and instruction is completed in the read-write and is converted to institute
State the readable general completion instruction of IO management interfaces.
In the present embodiment, the read-write equipment of file needs to edit after to completing to the read-write operation of file destination
File afterwards is preserved, then can send a read-write to read-write equipment and complete instruction, and be written and read similar, the Suo Youying of request
The operation initiated with layer is required to that IO management interfaces is called to execute, therefore read-write equipment can be based on read-write and complete request, by its turn
It is changed to the readable general completion instruction of IO management interfaces, to be stored to edited file destination by IO management interfaces.
As described in S101, the general completion instruction that read-write equipment generates can also include the file identification of file destination.
In the present embodiment, user initiates read-write and completes the mode of request be to click save button or click file to close
Button is closed, read-write equipment is when detecting that user initiates aforesaid operations, then it represents that user has completed file destination corresponding
Write operation or read operation, thus application program can generate the read-write completion request of a file destination, performance objective file is write
Enter flow.
In S302, the general completion instruction is imported into the IO management interfaces, where positioning the file destination
Buffer zone.
In the present embodiment, the general completion instruction of generation is imported into IO management interfaces by read-write equipment, and IO management connects
Mouth can extract the general file identification for completing to include in instruction, and based on the caching where this document mark location file destination
Region.It should be noted that file destination leaks in order to prevent, all read-write operations are completed in buffer zone, Neng Goutong
Cross IO management interfaces isolation exception request.
In the present embodiment, different buffer zones can mark occupied Data Identification or file identification, read-write equipment
File identification of the meeting based on the file destination, inquires corresponding buffer zone, will be with the matched buffer zone of file identification
Buffer zone as the file destination.
In S303, the file destination of the buffer zone is encrypted by the target cipher key, and store encryption
The file destination afterwards.
In the present embodiment, equipment is read behind the buffer zone where file destination is determined, will be based on S103 and be obtained
Operation is encrypted to the file destination in the buffer zone in obtained target cipher key, it should be noted that the encryption in S303
Operation is inverse operation each other with the decryption oprerations in S105, so as to which file destination is carried out plus solved by same target cipher key
It is close.It, will be in the storage to corresponding storage unit of encrypted file destination after the completion of being encrypted to file destination.If the target is literary
Part is local file, then is stored in the local storage unit of read-write equipment;It, will encryption if the file destination is telefile
File destination afterwards is sent in corresponding equipment or database and is stored.
Optionally, if cryptographic operation carries out file destination using the Multiple Cycle decryption oprerations described in second embodiment
Decryption, the then backward based on each sub-key pass sequentially through each sub-key and execute cryptographic operation to file destination, will pass through N
Secondary encrypted file destination is stored as encrypted file destination.Specific cryptographic operation can refer to above-mentioned decryption
Operation description, details are not described herein.
In S304, the data in the buffer zone are deleted by the IO management interfaces, and discharge the buffer area
The storage resource in domain.
In the present embodiment, read-write equipment is after storing file destination, in order to discharge the occupied caching of file destination
Resource and user is avoided to steal file destination by the residual data of buffer zone, IO management interfaces is called to delete the buffer area
The data stored in domain, realize the format manipulation of buffer zone, and discharge the storage resource of the buffer zone.Specifically, it reads
Address field corresponding to the buffer zone can be adjusted to idle by write device from occupancy.
In embodiments of the present invention, after read-write operation, file destination is encrypted again by target cipher key
Operation, to ensure that after the completion of Document Editing, still can improve the safety of file destination by encipherment protection.
Fig. 4 shows a kind of specific implementation flow chart of the reading/writing method for file that fourth embodiment of the invention provides.Ginseng
As shown in Figure 4, relative to embodiment described in Fig. 1~Fig. 3, further include in a kind of reading/writing method of file provided in this embodiment:
S401~S403, specific details are as follows:
In S401, the addition request for increasing file newly is received.
In the present embodiment, the read-write equipment of file to saved file in addition to that can carry out transparent encryption protection
Outside, additionally it is possible to corresponding encryption and decryption strategy be disposed to newly added file, i.e. S401 can be in S101 to S105 implementation procedures
Arbitrary opportunity triggering, as long as detecting that addition request executes the relevant operation of S401.
In the present embodiment, when user needs to import new file to the read-write equipment of file, one can be generated and increased newly
The addition of file is asked, and the required file destination added is contained in addition request.Optionally, in order to improve import operation
Addition request can also be converted to the readable general addition of IO management interfaces and instructed by safety, read-write equipment, and this is general
Addition instruction imported into IO management interfaces, by calling IO management interfaces to execute the operation of file addition.
In S402, if detecting, in the addition request include encryption identification, is based on random key generating algorithm, defeated
Go out the newly-increased key of the newly-increased file, and establishes the file identification of the newly-increased file and newly-increased key in the cipher key store
Correspondence.
In the present embodiment, whether it includes encryption identification that read-write equipment can detect in addition request, for classified papers,
User can be one encryption identification of newly-increased file configuration, to which when generating corresponding addition request, addition request can be taken
With the encryption identification in newly-increased file, the purpose for distinguishing classified papers and ordinary file is realized.
In the present embodiment, if read-write equipment, which detects in addition request, carries encryption identification, then it represents that newly-increased text
Part is classified papers, needs to increase the corresponding encryption and decryption strategy of file configuration newly for this, therefore random key can be called to generate
Algorithm exports and increases the corresponding newly-increased key of file newly.Optionally, which can be based on Multiple Cycle encryption and decryption mode
Key, i.e., the newly-increased key generated according to preset clustering rule by multiple sub-keys.
In the present embodiment, after read-write equipment determines corresponding newly-increased key, file identification can be established and increased newly
Correspondence between key, so that in subsequent operation, IO management interfaces can be based on the correspondence and get
File identification, determine the newly-increased corresponding key of file.
It in S403, is encrypted, and stored encrypted described new by increasing file described in the newly-increased key pair newly
Increase file.
In the present embodiment, read-write equipment increases file newly by newly-increased key pair and operation, wherein cryptographic operation is encrypted
It is related to the attribute of the key, if as described above, the key is Multiple Cycle key, it can be by the operation of S303 to newly-increased
File is encrypted.After the completion of encryption, read-write equipment can be encrypted newly-increased file storage to corresponding memory module.
In embodiments of the present invention, after by receiving addition request, key is increased newly accordingly for newly-increased file configuration, and
Newly-increased file is encrypted, stored file can not only be protected, the file of addition can also be realized
It is effectively protected, improves the flexibility of operation and the confidentiality of newly-increased file.
Fig. 5 shows a kind of specific implementation flow chart of the reading/writing method for file that fifth embodiment of the invention provides.Ginseng
As shown in Figure 5, relative to embodiment described in Fig. 1-Fig. 3, a kind of reading/writing method of file provided in this embodiment includes:S501~
S502, specific details are as follows:
In S501, if meeting preset key updating condition, by random key generating algorithm, to remember in cipher key store
Each encrypted file of record configures new key.
In the present embodiment, the read-write equipment of file, can be periodically to All Files in order to improve the confidentiality of whole equipment
Key be updated, the key updating condition can be time triggered condition, can also be trigger conditions.Wherein, when
Between trigger condition be specially:Read-write equipment can be with the preset update cycle, all keys being spaced in update cipher key store, or
Corresponding timing node is set, when detecting that current time reaches preset timing node, then carries out the key in cipher key store
Update operation.And trigger conditions can be:Read-write equipment is provided with update trigger event, such as data read-write operation reaches
Certain number or quantity of documents reach the events such as preset threshold value, when read-write equipment detects that current time meets above-mentioned triggering
When the condition of event, then the relevant operation of S501 is executed.
In the present embodiment, read-write equipment can be by random key generating algorithm, to be configured newly with a encrypted file
Key can be carried out certainly before deleting the key before updating by the corresponding encrypted file of key pair before update
Decryption oprerations, and after generating new key, encryption is re-started by the new each file of key pair.
In S502, the read-write for each file updated cipher key store being synchronized in file read-write system is set
It is standby.
In the present embodiment, in order to realize that same file read-write equipment of All Files in file read-write system is compatible
And readable, file identical for file identification, corresponding key all same in each read-write equipment, to a certain
When the read-write equipment of file sends encrypted file to the read-write equipment of another file, it can also be solved by correct key
It is close, execute corresponding read-write operation.Therefore, after being updated operation to key, the file read-write equipment of update operation is executed
A broadcast message can be sent in file read-write system, updated cipher key store is synchronized to each in file read-write system
The read-write equipment of a file.
In embodiments of the present invention, cipher key store is updated according to preset condition, to improve in whole system
The confidentiality of storage file, and in the updated all devices in system are carried out with the synchronization of cipher key store, facilitate distinct device
Between file it is mutual biography and access, improve operating efficiency.
It should be understood that the size of the serial number of each step is not meant that the order of the execution order in above-described embodiment, each process
Execution sequence should be determined by its function and internal logic, the implementation process without coping with the embodiment of the present invention constitutes any limit
It is fixed.
Fig. 6 shows a kind of structure diagram of the read-write equipment for file that one embodiment of the invention provides, the reading of this document
The each unit that write device includes is used to execute each step in the corresponding embodiments of Fig. 1.Corresponding to Fig. 1 and Fig. 1
Embodiment in associated description.For convenience of description, only the parts related to this embodiment are shown.
Referring to Fig. 6, the read-write equipment of the file includes:
Read-write requests converting unit 61, the read-write requests for receiving file destination, and the read-write requests are converted to
The readable general read write command of input/output IO management interfaces;The general read write command includes the file of the file destination
Mark;
Buffer zone creating unit 62, for the general read write command to be imported the IO management interfaces, establishment is used for
Export the buffer zone of the file destination;
Target cipher key acquiring unit 63, for calling described in the IO management interfaces extract from the general read write command
File identification, and the corresponding target cipher key of the file identification is inquired from cipher key store;
File extraction unit 64, for obtaining the file destination based on the file identification, and by the file destination
It is directed into the buffer zone;
File destination decryption unit 65, for the file destination to be decrypted by the target cipher key, and to solution
File destination after close executes the corresponding read-write operation of the read-write requests.
Optionally, the file destination decryption unit 65 includes:
It is close to be divided into N number of son for being based on preset Secret splitting algorithm by Secret splitting unit for the target cipher key
Key, and the decryption order of each sub-key is determined in the position of the target cipher key according to each sub-key;It is described
N is the positive integer more than or equal to 2;
Decryption unit is recycled, for being based on the decryption order, passes sequentially through each sub-key to target text
Part executes cycle decryption oprerations, will be by the file destination of n times cycle decryption as the file destination after the decryption;Institute
Stating cycle decryption oprerations includes:It shifts recovery operation and/or substitutes character filter operation.
Optionally, the read-write equipment of the file further includes:
Request converting unit is completed in read-write, and request is completed in the read-write for receiving the file destination, and by the read-write
It completes instruction and is converted to the readable general completion instruction of the IO management interfaces;
Buffer zone positioning unit positions the mesh for the general completion instruction to be imported the IO management interfaces
Mark the buffer zone where file;
File destination encryption unit, for being added to the file destination of the buffer zone by the target cipher key
It is close, and store the encrypted file destination;
Buffer zone releasing unit for deleting the data in the buffer zone by the IO management interfaces, and is released
Put the storage resource of the buffer zone.
Optionally, the read-write equipment of the file further includes:
Request reception unit is added, the addition for receiving newly-increased file is asked;
Newly-increased Key generating unit, if for detecting that in the addition request include encryption identification, based on secret
Key generating algorithm exports the newly-increased key of the newly-increased file, and the file of the newly-increased file is established in the cipher key store
The correspondence of mark and newly-increased key;
Newly-increased file storage unit for being encrypted by increasing file described in the newly-increased key pair newly, and stores and adds
The newly-increased file after close.
Optionally, the read-write equipment of the file further includes:
Cipher key store updating unit, if being by random key generating algorithm for meeting preset key updating condition
The each encrypted file recorded in cipher key store configures new key;
Cipher key store synchronization unit, each file for being synchronized to the updated cipher key store in file read-write system
Read-write equipment.
Therefore, in the read-write equipment of file provided in an embodiment of the present invention, the decryption oprerations of file destination for user and
Speech be it is transparent, user initiate read-write operation when, it is identical as the operation without encrypted file, only need to initiate read-write requests,
The extraction of target cipher key and the documentary read-write equipment of the decryption of file are automatically performed.On the other hand, due to decryption oprerations
It is transparent to user, target cipher key even user can not also be known, can not be also decrypted even if file destination is stolen,
The confidentiality for further improving file destination reduces the risk of outflow of document.
Fig. 7 is a kind of schematic diagram of the read-write equipment for file that another embodiment of the present invention provides.As shown in fig. 7, the reality
The read-write equipment 7 for applying the file of example includes:It processor 70, memory 71 and is stored in the memory 71 and can be described
The computer program 72 run on processor 70, for example, file read-write program.The processor 70 executes the computer journey
The step in the reading/writing method embodiment of above-mentioned each file, such as S101 shown in FIG. 1 to S105 are realized when sequence 72.Alternatively,
The processor 70 realizes the function of each unit in above-mentioned each device embodiment, such as Fig. 6 when executing the computer program 72
61 to 65 function of shown module.
Illustratively, the computer program 72 can be divided into one or more units, one or more of
Unit is stored in the memory 71, and is executed by the processor 70, to complete the present invention.One or more of lists
Member can complete the series of computation machine program instruction section of specific function, and the instruction segment is for describing the computer journey
Implementation procedure of the sequence 72 in the read-write equipment 7 of the file.It is asked for example, the computer program 72 can be divided into read-write
Ask converting unit, buffer zone creating unit, target cipher key acquiring unit, file extraction unit and file destination decryption single
Member, each unit concrete function are as described above.
The read-write equipment 7 of the file can be the meters such as desktop PC, notebook, palm PC and cloud server
Calculate equipment.The read-write equipment of the file may include, but be not limited only to, processor 70, memory 71.Those skilled in the art can
To understand, Fig. 7 is only the example of the read-write equipment 7 of file, does not constitute the restriction to the read-write equipment 7 of file, can wrap
It includes than illustrating more or fewer components, either combines certain components or different components, such as the read-write of the file is set
Standby can also include input-output equipment, network access equipment, bus etc..
Alleged processor 70 can be central processing unit (Central Processing Unit, CPU), can also be
Other general processors, digital signal processor (Digital Signal Processor, DSP), application-specific integrated circuit
(Application Specific Integrated Circuit, ASIC), ready-made programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
Discrete hardware components etc..General processor can be microprocessor or the processor can also be any conventional processor
Deng.
The memory 71 can be the internal storage unit of the read-write equipment 7 of the file, such as the read-write of file is set
Standby 7 hard disk or memory.The memory 71 can also be the External memory equipment of the read-write equipment 7 of the file, such as institute
State the plug-in type hard disk being equipped on the read-write equipment 7 of file, intelligent memory card (Smart Media Card, SMC), secure digital
(Secure Digital, SD) blocks, flash card (FlashCard) etc..Further, the memory 71 can also both include institute
The internal storage unit for stating the read-write equipment 7 of file also includes External memory equipment.The memory 71 by store it is described based on
Other programs needed for the read-write equipment of calculation machine program and the file and data.The memory 71 can be also used for temporarily
Ground stores the data that has exported or will export.
In addition, each functional unit in each embodiment of the present invention can be integrated in a processing unit, it can also
It is that each unit physically exists alone, it can also be during two or more units be integrated in one unit.Above-mentioned integrated list
The form that hardware had both may be used in member is realized, can also be realized in the form of SFU software functional unit.
Embodiment described above is merely illustrative of the technical solution of the present invention, rather than its limitations;Although with reference to aforementioned reality
Applying example, invention is explained in detail, it will be understood by those of ordinary skill in the art that:It still can be to aforementioned each
Technical solution recorded in embodiment is modified or equivalent replacement of some of the technical features;And these are changed
Or replace, the spirit and scope for various embodiments of the present invention technical solution that it does not separate the essence of the corresponding technical solution should all
It is included within protection scope of the present invention.
Claims (10)
1. a kind of reading/writing method of file, which is characterized in that including:
It receives the read-write requests of file destination, and the read-write requests is converted into readable logical of input/output IO management interfaces
Use read write command;The general read write command includes the file identification of the file destination;
The general read write command is imported into the IO management interfaces, creates the buffer zone for exporting the file destination;
It calls the IO management interfaces to extract the file identification from the general read write command, and inquires institute from cipher key store
State the corresponding target cipher key of file identification;
The file destination is obtained based on the file identification, and the file destination is directed into the buffer zone;
The file destination is decrypted by the target cipher key, and the read-write is executed to the file destination after decryption and is asked
Seek corresponding read-write operation.
2. reading/writing method according to claim 1, which is characterized in that described literary to the target by the target cipher key
Part is decrypted, including:
Based on preset Secret splitting algorithm, the target cipher key is divided into N number of sub-key, and according to each sub-key
In the position of the target cipher key, the decryption order of each sub-key is determined;The N is the positive integer more than or equal to 2;
Based on the decryption order, passes sequentially through each sub-key and cycle decryption oprerations are executed to the file destination, it will
By the file destination of n times cycle decryption as the file destination after the decryption;The cycle decryption oprerations include:It moves
Position recovery operation and/or replacement character filter operation.
3. reading/writing method according to claim 1, which is characterized in that described in the file destination after decrypting at described Dui executes
After the corresponding read-write operation of read-write requests, further include:
Request is completed in the read-write for receiving the file destination, and read-write completion instruction is converted to the IO management interfaces can
The general completion instruction read;
The general completion instruction is imported into the IO management interfaces, positions the buffer zone where the file destination;
The file destination of the buffer zone is encrypted by the target cipher key, and stores the encrypted target text
Part;
The data in the buffer zone are deleted by the IO management interfaces, and discharge the storage resource of the buffer zone.
4. according to claim 1-3 any one of them reading/writing methods, which is characterized in that further include:
Receive the addition request for increasing file newly;
If detecting, in the addition request include encryption identification, is based on random key generating algorithm, exports the newly-increased text
The newly-increased key of part, and establish in the cipher key store correspondence of the file identification and newly-increased key of the newly-increased file;
It is encrypted by increasing file described in the newly-increased key pair newly, and stores the encrypted newly-increased file.
5. according to claim 1-3 any one of them reading/writing methods, which is characterized in that further include:
If meeting preset key updating condition, by random key generating algorithm, each add for what is recorded in cipher key store
The new key of close file configuration;
The updated cipher key store is synchronized to the read-write equipment of each file in file read-write system.
6. a kind of read-write equipment of file, which is characterized in that the read-write equipment of the file includes memory, processor and deposits
The computer program that can be run in the memory and on the processor is stored up, the processor executes the computer journey
Following steps are realized when sequence:
It receives the read-write requests of file destination, and the read-write requests is converted into readable logical of input/output IO management interfaces
Use read write command;The general read write command includes the file identification of the file destination;
The general read write command is imported into the IO management interfaces, creates the buffer zone for exporting the file destination;
It calls the IO management interfaces to extract the file identification from the general read write command, and inquires institute from cipher key store
State the corresponding target cipher key of file identification;
The file destination is obtained based on the file identification, and the file destination is directed into the buffer zone;
The file destination is decrypted by the target cipher key, and the read-write is executed to the file destination after decryption and is asked
Seek corresponding read-write operation.
7. read-write equipment according to claim 6, which is characterized in that described literary to the target by the target cipher key
Part is decrypted, including:
Based on preset Secret splitting algorithm, the target cipher key is divided into N number of sub-key, and according to each sub-key
In the position of the target cipher key, the decryption order of each sub-key is determined;The N is the positive integer more than or equal to 2;
Based on the decryption order, passes sequentially through each sub-key and cycle decryption oprerations are executed to the file destination, it will
By the file destination of n times cycle decryption as the file destination after the decryption;The cycle decryption oprerations include:It moves
Position recovery operation and/or replacement character filter operation.
8. read-write equipment according to claim 6, which is characterized in that described in the file destination after decrypting at described Dui executes
After the corresponding read-write operation of read-write requests, the processor also realizes following steps when executing the computer program:
Request is completed in the read-write for receiving the file destination, and read-write completion instruction is converted to the IO management interfaces can
The general completion instruction read;
The general completion instruction is imported into the IO management interfaces, positions the buffer zone where the file destination;
The file destination of the buffer zone is encrypted by the target cipher key, and stores the encrypted target text
Part;
The data in the buffer zone are deleted by the IO management interfaces, and discharge the storage resource of the buffer zone.
It is arranged 9. being read and write according to claim 6-8 any one of them, which is characterized in that the processor executes the computer
Following steps are also realized when program:
Receive the addition request for increasing file newly;
If detecting, in the addition request include encryption identification, is based on random key generating algorithm, exports the newly-increased text
The newly-increased key of part, and establish in the cipher key store correspondence of the file identification and newly-increased key of the newly-increased file;
It is encrypted by increasing file described in the newly-increased key pair newly, and stores the encrypted newly-increased file.
10. a kind of computer readable storage medium, the computer-readable recording medium storage has computer program, feature to exist
In when the computer program is executed by processor the step of any one of such as claim 1 to 5 of realization the method.
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810496735.6A CN108763401A (en) | 2018-05-22 | 2018-05-22 | A kind of reading/writing method and equipment of file |
PCT/CN2018/097310 WO2019223098A1 (en) | 2018-05-22 | 2018-07-27 | File reading and writing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810496735.6A CN108763401A (en) | 2018-05-22 | 2018-05-22 | A kind of reading/writing method and equipment of file |
Publications (1)
Publication Number | Publication Date |
---|---|
CN108763401A true CN108763401A (en) | 2018-11-06 |
Family
ID=64008428
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810496735.6A Pending CN108763401A (en) | 2018-05-22 | 2018-05-22 | A kind of reading/writing method and equipment of file |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN108763401A (en) |
WO (1) | WO2019223098A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
CN113900993A (en) * | 2021-10-13 | 2022-01-07 | 吴江绿控电控科技有限公司 | Method for improving file creating efficiency of CAN data recorder based on FAT32 file system |
CN113934691A (en) * | 2021-12-08 | 2022-01-14 | 荣耀终端有限公司 | Method for accessing file, electronic device and readable storage medium |
CN115186300A (en) * | 2022-09-08 | 2022-10-14 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101853363A (en) * | 2010-05-07 | 2010-10-06 | 北京飞天诚信科技有限公司 | File protection method and system |
CN105308616A (en) * | 2013-04-18 | 2016-02-03 | 费思康有限公司 | File security method and apparatus for same |
CN105939190A (en) * | 2016-06-23 | 2016-09-14 | 天津中安华典数据安全科技有限公司 | AES data encryption method for offline key generation based on FPGA |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4923928B2 (en) * | 2006-09-29 | 2012-04-25 | 富士通株式会社 | Information processing apparatus, control method thereof, and program |
-
2018
- 2018-05-22 CN CN201810496735.6A patent/CN108763401A/en active Pending
- 2018-07-27 WO PCT/CN2018/097310 patent/WO2019223098A1/en active Application Filing
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101853363A (en) * | 2010-05-07 | 2010-10-06 | 北京飞天诚信科技有限公司 | File protection method and system |
CN105308616A (en) * | 2013-04-18 | 2016-02-03 | 费思康有限公司 | File security method and apparatus for same |
CN105939190A (en) * | 2016-06-23 | 2016-09-14 | 天津中安华典数据安全科技有限公司 | AES data encryption method for offline key generation based on FPGA |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112257122A (en) * | 2020-10-22 | 2021-01-22 | 深圳软牛科技有限公司 | Data processing method, device and equipment based on T2 chip and storage medium |
CN113900993A (en) * | 2021-10-13 | 2022-01-07 | 吴江绿控电控科技有限公司 | Method for improving file creating efficiency of CAN data recorder based on FAT32 file system |
CN113900993B (en) * | 2021-10-13 | 2022-06-28 | 吴江绿控电控科技有限公司 | Method for improving file creating efficiency of CAN data recorder based on FAT32 file system |
CN113934691A (en) * | 2021-12-08 | 2022-01-14 | 荣耀终端有限公司 | Method for accessing file, electronic device and readable storage medium |
CN113934691B (en) * | 2021-12-08 | 2022-05-17 | 荣耀终端有限公司 | Method for accessing file, electronic device and readable storage medium |
CN115186300A (en) * | 2022-09-08 | 2022-10-14 | 粤港澳大湾区数字经济研究院(福田) | File security processing system and file security processing method |
Also Published As
Publication number | Publication date |
---|---|
WO2019223098A1 (en) | 2019-11-28 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US8918633B2 (en) | Information processing device, information processing system, and program | |
EP3937046A1 (en) | Trusted startup methods and apparatuses of dedicated blockchain node device | |
CN102945355B (en) | Fast Data Encipherment strategy based on sector map is deferred to | |
CN108763401A (en) | A kind of reading/writing method and equipment of file | |
KR101405720B1 (en) | Accelerated cryptography with an encryption attribute | |
CN104252605B (en) | A kind of file transparent encrypting and deciphering system of Android platform and method | |
KR101613146B1 (en) | Method for encrypting database | |
CN110147684B (en) | Method and device for realizing privacy protection of blockchain data | |
CN103106372A (en) | Lightweight class privacy data encryption method and system for Android system | |
KR20190018869A (en) | System and method for providing storage service based on block chain | |
CN101655858B (en) | Cryptograph index structure based on blocking organization and management method thereof | |
CN102855452A (en) | Method for following quick data encryption strategy based on encryption piece | |
CN105612715A (en) | Security processing unit with configurable access control | |
EP2778953A1 (en) | Encoded-search database device, method for adding and deleting data for encoded search, and addition/deletion program | |
CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
CN105630965A (en) | System and method for securely deleting file from user space on mobile terminal flash medium | |
CN109802832A (en) | A kind of processing method of data file, system, big data processing server and computer storage medium | |
CN107066346A (en) | A kind of data back up method, data reconstruction method and device | |
CN107315966A (en) | Solid state hard disc data ciphering method and system | |
KR100692999B1 (en) | Key cache management through multiple localities | |
CN108154042B (en) | File system encryption method and device | |
CN106612247A (en) | A data processing method and a storage gateway | |
CN109977692B (en) | Data processing method and device, storage medium and electronic equipment | |
US20050071662A1 (en) | Method of managing file structure in memory card and its related technology | |
CN111143879A (en) | Android platform SD card file protection method, terminal device and storage medium |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |