CN108875403B - File management method and device - Google Patents
File management method and device Download PDFInfo
- Publication number
- CN108875403B CN108875403B CN201810421322.1A CN201810421322A CN108875403B CN 108875403 B CN108875403 B CN 108875403B CN 201810421322 A CN201810421322 A CN 201810421322A CN 108875403 B CN108875403 B CN 108875403B
- Authority
- CN
- China
- Prior art keywords
- file
- data
- target
- key
- header
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a file management method and a device, wherein the method comprises the following steps: if the reading operation of a target file on external equipment is detected, a file key corresponding to the target file is obtained; acquiring first data of the target file from a cache; decrypting the first data by adopting the file key to obtain second data; and returning the second data to the resource browser. Therefore, the problem that the safety of the user data cannot be guaranteed or the user data on the mobile terminal cannot be managed in a unified mode is solved, and the beneficial effect that the safety of the user data is guaranteed and the user data on the mobile terminal can be managed in a unified mode is achieved.
Description
Technical Field
The invention relates to the technical field of computer software, in particular to a file management method and device.
Background
With the wide use of mobile terminals of the android system, a user can take pictures, create files, write information, and the like on the mobile terminal, thereby generating a large amount of user data on the mobile terminal. In practical applications, in order to improve management efficiency, a user may generally perform unified management on data on a mobile terminal through a computer.
In the prior art, a mobile terminal of an android system communicates with a computer by using an MTP (Media transport protocol) protocol, so that user data on the mobile terminal is uniformly managed by the computer. For example, creating a file on the mobile terminal, opening a file on the mobile terminal, writing data to a file on the mobile terminal, reading data in a file on the mobile terminal.
However, the data communication based on the MTP protocol cannot ensure the security of the user data of the mobile terminal, and in addition, the security of the user data is ensured by disabling the mobile terminal, so that the user data on the mobile terminal cannot be uniformly managed by a computer.
Disclosure of Invention
In view of the above, the present invention has been made to provide a file management method and apparatus that solve the above problems, or at least partially solve the above problems.
According to a first aspect of the present invention, there is provided a file management method, the method comprising:
if the reading operation of a target file on external equipment is detected, a file key corresponding to the target file is obtained;
acquiring first data of the target file from a cache;
decrypting the first data by adopting the file key to obtain second data;
and returning the second data to the resource browser.
Optionally, the method further comprises:
if the write-in operation of the target file is detected, a file key corresponding to the target file is obtained;
acquiring third data written in the target file from a cache, wherein the initial position of the third data is the sum of the initial position of the file and the length of a preset file header;
encrypting the third data by adopting the file key to obtain fourth data;
and sending the fourth data to an interface driver, and storing the fourth data to the external equipment.
Optionally, the method further comprises:
if the creation operation of the target file is detected, generating a file key aiming at the target file;
creating a file header, and adding a preset encryption identifier, the file key and an initial file size into the file header;
storing the file key and the file header into a preset file context list;
and writing the file header into the data starting position of the target file.
Optionally, the method further comprises:
if the opening operation of the target file is detected, reading a file header from a data starting position of the target file;
judging whether the encryption identifier in the file header is a target encryption identifier or not;
and if so, acquiring a file key from the file header, and storing the file key and the file header into the file context list.
Optionally, after the step of determining whether the encryption identifier in the file header is the target encryption identifier, the method further includes:
and if not, setting the authority of the target file as read-only.
According to a second aspect of the present invention, there is provided a file management apparatus, the apparatus comprising:
the first file key acquisition module is used for acquiring a file key corresponding to a target file if the reading operation of the target file on the external equipment is detected;
the file data acquisition module is used for acquiring first data of the target file from a cache;
the file data decryption module is used for decrypting the first data by adopting the file key to obtain second data;
and the file returning module is used for returning the second data to the resource browser.
Optionally, the apparatus further comprises:
the second file key acquisition module is used for acquiring a file key corresponding to the target file if the write-in operation of the target file is detected;
the write-in data acquisition module is used for acquiring third data written in the target file from a cache, and the initial position of the third data is the sum of the initial position of the file and the length of a preset file header;
the file data encryption module is used for encrypting the third data by adopting the file key to obtain fourth data;
and the write-in data storage module is used for sending the fourth data to an interface driver and storing the fourth data to the external equipment.
Optionally, the apparatus further comprises:
the file key generation module is used for generating a file key aiming at the target file if the creation operation of the target file is detected;
the file header creating module is used for creating a file header and adding a preset encryption identifier, the file key and the initial file size into the file header;
the first context information storage module is used for storing the file key and the file header into a preset file context list;
and the file header writing module is used for writing the file header into the data starting position of the target file.
Optionally, the apparatus further comprises:
the file header reading module is used for reading a file header from a data starting position of the target file if the opening operation of the target file is detected;
the encrypted identifier judging module is used for judging whether the encrypted identifier in the file header is a target encrypted identifier or not;
and the second context information storage module is used for acquiring a file key from the file header if the file key is in the first context information storage module, and storing the file key and the file header into the file context list.
Optionally, the apparatus further comprises:
and the read-only permission setting module is used for setting the permission of the target file as read-only if the target file is not read.
The embodiment of the invention has the following advantages:
according to the file management method and device provided by the embodiment of the invention, if the reading operation of the target file on the external equipment is detected, the file key corresponding to the target file is obtained; acquiring first data of the target file from a cache; decrypting the first data by adopting the file key to obtain second data; and returning the second data to the resource browser. Therefore, the problem that the safety of the user data cannot be guaranteed or the user data on the mobile terminal cannot be managed in a unified mode is solved, and the beneficial effect that the safety of the user data is guaranteed and the user data on the mobile terminal can be managed in a unified mode is achieved.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow chart illustrating the steps of a first embodiment of a file management method according to the present invention;
FIG. 2 is a flowchart illustrating the steps of an embodiment two of a file management method according to the present invention;
FIG. 3 is a block diagram showing a third configuration of an embodiment of a file management apparatus according to the present invention;
FIG. 4 is a block diagram showing a fourth example of the file management apparatus according to the present invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Example one
Referring to fig. 1, a flowchart illustrating a step of a first embodiment of a file management method according to the present invention is shown, which may specifically include the following steps:
The embodiment of the invention is applied to the management of the external equipment through the computer. The communication Protocol between the computer and the external device is MTP (Media Transport Protocol). The embodiment of the invention is written based on a WPDMTD (WPD (Windows Portable Devices, Windows) Multi-Transport Driver, WPD Multi-Transport Driver) layer, the upper layer is MTP application and comprises a resource browser for displaying file data of external equipment, the lower layer is a USB (Universal Serial Bus) Driver for carrying out data communication with the external equipment, and the lower layer is a USB interface for connecting with the external equipment. It can be understood that data communication between the computer and the external device needs to be processed through the WPDMTD layer.
The external device is a device with a storage function and accessed to the computer through a USB interface, and the external device includes, but is not limited to, a mobile terminal and a tablet computer. Such as android phones.
In an embodiment of the present invention, the file key is stored in a specified object. For example, for an android system, the file key is stored via a ResourceContext object, so that the file key needs to be obtained from the object.
The target file is a file stored on the external device, and it can be understood that the data is stored on the external device in a file form. The file format may include: text documents, pictures, videos, folders, etc. The file format is not limited by the embodiment of the invention.
The file key is used to encrypt or decrypt a file and is generated when the file is created. After that, when the file is opened, read and written, the file needs to be encrypted or decrypted according to the file key, so that the security of the file during the interaction between the computer and the external equipment can be ensured. It is to be understood that in the embodiments of the present invention, encryption and decryption correspond to the same key.
The encryption is used for converting data of the file from a plaintext into a ciphertext through a secret key so as to ensure the security of the file; decryption is used to convert the data of a file from ciphertext to plaintext via a key for easy viewing by a user.
In the embodiment of the present invention, the form of the key used for encryption and decryption is not limited.
And 102, acquiring first data of the target file from a cache.
In practical application, when reading a target file of an external device, firstly reading the target file into a cache; and then acquiring the data from the cache and displaying the data.
Specifically, the first data of the target file can be obtained through pParams- > GetBufferValue.
And 103, decrypting the first data by using the file key to obtain second data.
When reading data from a target file, encrypted file data needs to be decrypted and then displayed.
It will be appreciated that the decryption process differs for different file keys.
And 104, returning the second data to the resource browser.
The resource browser can belong to an upper MTP application and is used for uniformly managing file resources on external equipment and controlling the file resources to be displayed on a preset interface.
The preset interface may be a display interface on a computer. It will be appreciated that different types of software tool displays may be employed for different types of files.
In the embodiment of the present invention, if a reading operation on an object file on an external device is detected, a file key corresponding to the object file may be obtained; acquiring first data of the target file from a cache; decrypting the first data by adopting the file key to obtain second data; and returning the second data to the resource browser. Therefore, the problem that the safety of the user data cannot be guaranteed or the user data on the mobile terminal cannot be managed in a unified mode is solved, and the beneficial effect that the safety of the user data is guaranteed and the user data on the mobile terminal can be managed in a unified mode is achieved.
Example two
Referring to fig. 2, a flowchart illustrating steps of a second embodiment of a file management method according to the present invention is shown, which may specifically include the following steps:
The embodiment of the invention manages the target file on the external equipment, and comprises the following steps: create, open, read, write, etc. In practical application, the file can be directly created, or the file can be created when the target file is opened, read or written and determined not to exist. In writing, the file needs to be opened first.
Specifically, the method and the apparatus for generating the file key may be selected according to an actual application scenario, and the embodiment of the present invention does not limit the method and the apparatus. For example, a portion of the user private key may be intercepted as a file key, or a random number, the user private key, and MD5 may be concatenated to generate the file key.
The preset encryption identifier may be set according to an actual application scenario, and the embodiment of the present invention does not limit the preset encryption identifier. The encryption identifier is used for indicating whether the file is encrypted, and the encryption identifier which accords with a preset rule represents the encryption of the file; the encrypted identifier which does not conform to the preset rule represents that the encrypted identifier is not encrypted.
The file size is the size of the file content. When a file header is created in an actual application, the initial file size is 0.
It can be understood that the file header information consisting of the encryption identifier, the file key and the initial file size can be stored in sequence, for example, the file header size is H bits, the front L bits are the preset encryption identifier, the middle M bits are the file key, and the last H-L-M bits are the initial file size.
The file context list is used for storing the created or opened file context information. In the embodiment of the present invention, the file context information includes a file key and a file header.
It can be understood that when adding the file key and the file header to the context list, a unique identifier is required as a key value for subsequent retrieval of the file key and the file header.
In practical applications, the file context list may be a Map, the key value is a unique identifier, and the file header and the file key serve as two field values. Therefore, the corresponding threshold value can be obtained according to the key value.
In practical application, the file key is frequently used during subsequent opening, writing and reading, so that the file key is stored in a file context list, and the problem of low processing speed caused by acquiring and analyzing the file key from a file header is solved.
And 204, writing the file header into the data starting position of the target file.
Wherein the data start position is a storage area of the external device automatically allocated when the file is created.
It will be appreciated that after the data start location is written to the header, the actual contents of the target file are at a location after the header. For example, for the header size H in step 202, the start position of the actual content of the target file is thus the data start position + H of the target file.
In practical application, when the opening operation of a user on a target file is detected, firstly, the file needs to be decrypted; the decrypted file content is then displayed to the user.
The file key is needed for decrypting the file, so that a file header needs to be read from a data starting position, and then the encryption identifier is obtained from the file header.
Specifically, the encryption identifier obtained from the header may be based on the storage sequence and location of each piece of information in the header. For example, for the H-bit header in step 202, the front L bits are the preset encryption identifier, the middle M bits are the file key, and the last H-L-M bits are the initial file size, so as to obtain information of 1 to L bits to obtain the encryption identifier.
The target encryption identifier is used for judging whether the target file is encrypted. The target encryption identifier may be set according to an actual application scenario, and the embodiment of the present invention does not limit the target encryption identifier. It is understood that the encrypted identifier may be specific to the content, or may be an encrypted identifier that complies with a certain rule. For example, for the target encryption flag "123456 QAZ", it is determined whether the encryption flag in the file header is "123456 QAZ"; for the target encryption flag "123 × QAZ", it is only necessary to determine whether the first four bits of the encryption flag in the file header are "123", the last three bits are "QAZ", and the middle three bits may be any content.
Specifically, when the encryption identifier in the file header is the target encryption identifier, it indicates that the target file is encrypted; and when the encryption identifier in the file header is not the target encryption identifier, indicating that the target file is not encrypted.
And step 207, if yes, acquiring a file key from the file header, and storing the file key and the file header into the file context list.
It can be understood that when the target file is opened, if the target file exists, the target file is directly opened; if the target file does not exist, the file is opened after being created, and no separate opening operation exists.
And step 208, if not, setting the authority of the target file as read-only.
In the embodiment of the invention, if the target file is not encrypted, the authority of the target file is set to be read only, and operations such as writing, deleting and the like of the target file are avoided, so that the safety of the target file is ensured.
This step can refer to the detailed description of step 101, and is not described herein again.
This step can refer to the detailed description of step 102, and is not described herein again.
And step 211, decrypting the first data by using the file key to obtain second data.
This step can refer to the detailed description of step 103, which is not repeated herein.
This step can refer to the detailed description of step 104, and will not be described herein.
The embodiment of the invention can allow a user to write data contents after opening and reading the target file.
Specifically, the obtaining of the file key corresponding to the target file includes: firstly, acquiring a file header of a target file from a file context list according to a key value of the file; then, a file key is obtained from the file header, for example, for the H-bit file header in step 202, the front L bits are the preset encryption identifier, the middle M bits are the file key, and the last H-L-M bits are the initial file size, so as to obtain information of L +1 to L + M bits to obtain the file key.
Specifically, the method may call a pParams- > getbuffervale function to obtain third data written in the target file from the cache. It will be appreciated that the third data follows the existing data content of the target file.
It will be appreciated that after writing the third data, the file size needs to be the original size plus the size of the data written.
In the embodiment of the invention, the data needs to be encrypted before being written into the target file, and the encrypted data is written into the target file. Thereby, the safety of the written data can be ensured.
And step 216, sending the fourth data to an interface driver, and storing the fourth data to the external device.
The interface driver is used for controlling the encrypted data written in the cache to be transmitted to the external equipment so as to be stored.
Specifically, first, a function pResults- > SetBufferValue is called to modify the data in the cache into encrypted data after writing; then, the encrypted data in the buffer is saved to the external device.
In the embodiment of the invention, if the reading operation of the target file on the external equipment is detected, the file key corresponding to the target file is obtained; acquiring first data of the target file from a cache; decrypting the first data by adopting the file key to obtain second data; and returning the second data to the resource browser. Therefore, the problem that the safety of the user data cannot be guaranteed or the user data on the mobile terminal cannot be managed in a unified mode is solved, and the beneficial effect that the safety of the user data is guaranteed and the user data on the mobile terminal can be managed in a unified mode is achieved. In addition, the unified management of the user data on the mobile terminal also comprises operations of creating, opening files, writing data and the like.
EXAMPLE III
Referring to fig. 3, a block diagram of a third embodiment of a file management apparatus according to the present invention is shown, which may specifically include the following modules:
the first file key obtaining module 301 is configured to, if a read operation on a target file on an external device is detected, obtain a file key corresponding to the target file.
A file data obtaining module 302, configured to obtain the first data of the target file from the cache.
And the file data decryption module 303 is configured to decrypt the first data by using the file key to obtain second data.
And the file returning module 304 is used for returning the second data to the resource browser.
In the embodiment of the present invention, if a reading operation on an object file on an external device is detected, a file key corresponding to the object file may be obtained; acquiring first data of the target file from a cache; decrypting the first data by adopting the file key to obtain second data; and returning the second data to the resource browser. Therefore, the problem that the safety of the user data cannot be guaranteed or the user data on the mobile terminal cannot be managed in a unified mode is solved, and the beneficial effect that the safety of the user data is guaranteed and the user data on the mobile terminal can be managed in a unified mode is achieved.
Example four
Referring to fig. 4, a block diagram of a fourth embodiment of a file management apparatus according to the present invention is shown, which may specifically include the following modules:
a file key generating module 401, configured to generate a file key for the target file if a creation operation on the target file is detected.
A file header creating module 402, configured to create a file header, and add a preset encryption identifier, the file key, and an initial file size to the file header.
A first context information saving module 403, configured to save the file key and the file header to a preset file context list.
A file header writing module 404, configured to write the file header into a data start location of the target file.
A header reading module 405, configured to read a header from a data start position of the target file if an opening operation on the target file is detected.
An encrypted identifier determining module 406, configured to determine whether the encrypted identifier in the file header is a target encrypted identifier.
And a second context information saving module 407, configured to, if yes, obtain a file key from the file header, and save the file key and the file header to the file context list.
And a read-only permission setting module 408, configured to set the permission of the target file as read-only if the target file is not read.
The first file key obtaining module 409 is configured to, if a read operation on a target file on an external device is detected, obtain a file key corresponding to the target file.
A file data obtaining module 410, configured to obtain the first data of the target file from the cache.
The file data decryption module 411 is configured to decrypt the first data with the file key to obtain second data.
And a file returning module 412, configured to return the second data to the resource browser.
The second file key obtaining module 413 is configured to, if a write operation to the target file is detected, obtain a file key corresponding to the target file.
And a write data obtaining module 414, configured to obtain third data written in the target file from a cache, where an initial position of the third data is a sum of a file initial position and a preset file header length.
The file data encryption module 415 is configured to encrypt the third data with the file key to obtain fourth data.
And a write data saving module 416, configured to send the fourth data to the interface driver, and save the fourth data to the external device.
In the embodiment of the present invention, if a reading operation on an object file on an external device is detected, a file key corresponding to the object file may be obtained; acquiring first data of the target file from a cache; decrypting the first data by adopting the file key to obtain second data; and returning the second data to the resource browser. Therefore, the problem that the safety of the user data cannot be guaranteed or the user data on the mobile terminal cannot be managed in a unified mode is solved, and the beneficial effect that the safety of the user data is guaranteed and the user data on the mobile terminal can be managed in a unified mode is achieved. In addition, the unified management of the user data on the mobile terminal also comprises operations of creating, opening files, writing data and the like.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with this teaching. The required structure for constructing such a system will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. It will be appreciated by those skilled in the art that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in a document management apparatus according to an embodiment of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (8)
1. A method of file management, the method comprising:
if the creation operation of a target file on external equipment is detected, generating a file key aiming at the target file;
creating a file header, and adding a preset encryption identifier, the file key and an initial file size into the file header;
storing the file key and the file header into a preset file context list;
writing the file header into the data starting position of the target file;
the preset encryption identifier is used for indicating whether the file is encrypted, and the encryption identifier which accords with a preset rule represents file encryption; the encrypted identification which does not accord with the preset rule represents that the encrypted identification is not encrypted;
if the reading operation of the target file is detected, acquiring a file key corresponding to the target file from the preset file context list;
acquiring first data of the target file from a cache;
decrypting the first data by adopting the file key to obtain second data;
and returning the second data to the resource browser.
2. The method of claim 1, further comprising:
if the write-in operation of the target file is detected, acquiring a file key corresponding to the target file from the preset file context list;
acquiring third data written in the target file from a cache, wherein the initial position of the third data is the sum of the initial position of the file and the length of a preset file header;
encrypting the third data by adopting the file key to obtain fourth data;
and sending the fourth data to an interface driver, and storing the fourth data to the external equipment.
3. The method of claim 1, further comprising:
if the opening operation of the target file is detected, reading a file header from a data starting position of the target file;
judging whether the encryption identifier in the file header is a target encryption identifier or not;
and if so, acquiring a file key from the file header, and storing the file key and the file header into the file context list.
4. The method according to claim 3, wherein after the step of determining whether the encryption flag in the file header is a target encryption flag, the method further comprises:
and if not, setting the authority of the target file as read-only.
5. A file management apparatus, characterized in that the apparatus comprises:
the first file key acquisition module is used for acquiring a file key corresponding to a target file from a preset file context list if the reading operation of the target file on the external equipment is detected;
the file data acquisition module is used for acquiring first data of the target file from a cache;
the file data decryption module is used for decrypting the first data by adopting the file key to obtain second data;
the file returning module is used for returning the second data to the resource browser to be displayed on a preset interface;
the file key generation module is used for generating a file key aiming at the target file if the creation operation of the target file is detected;
the file header creating module is used for creating a file header and adding a preset encryption identifier, the file key and the initial file size into the file header;
the first context information storage module is used for storing the file key and the file header into a preset file context list;
a file header writing module, configured to write the file header into a data start position of the target file;
the preset encryption identifier is used for indicating whether the file is encrypted, and the encryption identifier which accords with a preset rule represents file encryption; the encrypted identifier which does not conform to the preset rule represents that the encrypted identifier is not encrypted.
6. The apparatus of claim 5, further comprising:
a second file key obtaining module, configured to obtain, if a write operation on the target file is detected, a file key corresponding to the target file from the preset file context list;
the write-in data acquisition module is used for acquiring third data written in the target file from a cache, and the initial position of the third data is the sum of the initial position of the file and the length of a preset file header;
the file data encryption module is used for encrypting the third data by adopting the file key to obtain fourth data;
and the write-in data storage module is used for sending the fourth data to an interface driver and storing the fourth data to the external equipment.
7. The apparatus of claim 5, further comprising:
the file header reading module is used for reading a file header from a data starting position of the target file if the opening operation of the target file is detected;
the encrypted identifier judging module is used for judging whether the encrypted identifier in the file header is a target encrypted identifier or not;
and the second context information storage module is used for acquiring a file key from the file header if the file key is in the first context information storage module, and storing the file key and the file header into the file context list.
8. The apparatus of claim 7, further comprising:
and the read-only permission setting module is used for setting the permission of the target file as read-only if the target file is not read.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810421322.1A CN108875403B (en) | 2018-05-04 | 2018-05-04 | File management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810421322.1A CN108875403B (en) | 2018-05-04 | 2018-05-04 | File management method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108875403A CN108875403A (en) | 2018-11-23 |
| CN108875403B true CN108875403B (en) | 2020-09-25 |
Family
ID=64327255
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810421322.1A Active CN108875403B (en) | 2018-05-04 | 2018-05-04 | File management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108875403B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102334124A (en) * | 2011-08-15 | 2012-01-25 | 华为终端有限公司 | File protection method and device |
| WO2012151785A1 (en) * | 2011-05-10 | 2012-11-15 | 中兴通讯股份有限公司 | Built-in file encryption method for mobile terminal and mobile terminal |
| CN103379483A (en) * | 2012-04-16 | 2013-10-30 | 中兴通讯股份有限公司 | Method, device and mobile terminal for mobile terminal information security management |
| CN103577769A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | File content safety management method and management system |
| CN104284333A (en) * | 2014-10-11 | 2015-01-14 | 马陆 | Mobile terminal personal data encryption backing-up, recovering and synchronizing controlling method and device |
| CN105095783A (en) * | 2014-05-20 | 2015-11-25 | 中兴通讯股份有限公司 | File encryption method and apparatus, encrypted file reading method and apparatus and terminal |
| CN106815528A (en) * | 2016-12-07 | 2017-06-09 | 重庆软云科技有限公司 | A kind of file management method and device, storage device |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
-
2018
- 2018-05-04 CN CN201810421322.1A patent/CN108875403B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2012151785A1 (en) * | 2011-05-10 | 2012-11-15 | 中兴通讯股份有限公司 | Built-in file encryption method for mobile terminal and mobile terminal |
| CN102334124A (en) * | 2011-08-15 | 2012-01-25 | 华为终端有限公司 | File protection method and device |
| CN103379483A (en) * | 2012-04-16 | 2013-10-30 | 中兴通讯股份有限公司 | Method, device and mobile terminal for mobile terminal information security management |
| CN103577769A (en) * | 2013-11-05 | 2014-02-12 | 曙光云计算技术有限公司 | File content safety management method and management system |
| CN105095783A (en) * | 2014-05-20 | 2015-11-25 | 中兴通讯股份有限公司 | File encryption method and apparatus, encrypted file reading method and apparatus and terminal |
| CN104284333A (en) * | 2014-10-11 | 2015-01-14 | 马陆 | Mobile terminal personal data encryption backing-up, recovering and synchronizing controlling method and device |
| CN106815528A (en) * | 2016-12-07 | 2017-06-09 | 重庆软云科技有限公司 | A kind of file management method and device, storage device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108875403A (en) | 2018-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9037870B1 (en) | Method and system for providing a rotating key encrypted file system | |
| US8542823B1 (en) | Partial file encryption | |
| US10922435B2 (en) | Image encryption method, image viewing method, system, and terminal | |
| CN106971121B (en) | Data processing method, device, server and storage medium | |
| CN112287372B (en) | Method and apparatus for protecting clipboard privacy | |
| CN110266682B (en) | Data encryption method and device, mobile terminal and decryption method | |
| US10461934B2 (en) | Authentication-based message display method and communication terminal thereof | |
| EP3066639B1 (en) | Method and device for image processing, and storage medium | |
| CN110502602B (en) | Data storage method, device, equipment and computer storage medium | |
| CN111262910A (en) | Wireless equipment firmware protection method and system | |
| CN114139204A (en) | Method, device and medium for inquiring hiding trace | |
| CN106682521B (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN108229190B (en) | Transparent encryption and decryption control method, device, program, storage medium and electronic equipment | |
| CN112733180A (en) | Data query method and device and electronic equipment | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| CN103399875A (en) | File managing method and device | |
| US9244918B2 (en) | Locating electronic documents | |
| CN106612283B (en) | Method and device for identifying source of downloaded file | |
| CN112214784A (en) | Resource processing method, device, electronic equipment and medium | |
| CN108875403B (en) | File management method and device | |
| CN108985109B (en) | Data storage method and device | |
| CN115114646B (en) | File authority processing method and device and storage medium | |
| CN114925337B (en) | Data labeling method and device and electronic equipment | |
| JP6755539B2 (en) | Methods and equipment for publishing copyrighted works on networks | |
| US9786205B2 (en) | Techniques for enforcing a depth order policy for graphics in a display scene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |