CN110569651A - file transparent encryption and decryption method and system based on domestic operating system - Google Patents
file transparent encryption and decryption method and system based on domestic operating system Download PDFInfo
- Publication number
- CN110569651A CN110569651A CN201910798532.7A CN201910798532A CN110569651A CN 110569651 A CN110569651 A CN 110569651A CN 201910798532 A CN201910798532 A CN 201910798532A CN 110569651 A CN110569651 A CN 110569651A
- Authority
- CN
- China
- Prior art keywords
- file
- operating system
- decryption
- encryption
- domestic operating
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a file transparent encryption and decryption method and system based on a domestic operating system, wherein the system comprises the following steps: the file system comprises a file system calling interface, a file redirection module, a VFS system, a stack type encryption file system, a real file system and a disk system. The file redirection module is deployed in a kernel layer of a domestic operating system to intercept and check an access request of the file, and the stacked encrypted file system is formed by inserting a layer of file system drive between a VFS system and a real file system and is used for calling a real file system interface to realize the access request of the file; the stackable encrypted file system calls a file authority control module to control the file access authority. According to the scheme of the invention, the secret leakage of the ciphertext under the unauthorized condition is prevented, and the operation safety can be ensured.
Description
Technical Field
The invention relates to the field of information security, in particular to a file transparent encryption and decryption method and system based on a domestic operating system.
background
At present, transparent file encryption and decryption software under a more mature windows operating system exists in the market, but with the change of information processing requirements, a domestic, safe and credible operating system and software matched with the domestic operating system are more and more needed at present. The existing file encryption and decryption software supporting the domestic operating system is few.
the directory protection product based on the LUKS disk encryption scheme can realize the protection of files of the specified directory, only allows a credit process to access the files under the specified directory, and after the system is shut down, data is stored in a ciphertext form without losing and divulging the secret. For directory protection products based on the LUKS disk encryption scheme, untrusted processes cannot access files in a protected directory. Fig. 1 illustrates a method for executing a directory protection product based on a LUKS disk encryption scheme in the prior art. However, directory protection products based on the LUKS disk encryption scheme can only achieve local protection, and when a file in a directory has an interaction requirement, or a trusted process copies the file from a protected directory to another directory, or the trusted process sends the file out or shares the file with others, the file cannot be protected, which causes a risk of disclosure.
disclosure of Invention
in order to solve the technical problems, the invention provides a file transparent encryption and decryption method and system based on a domestic operating system, and the method and system are used for solving the technical problem that files in a protected directory are divulged by users with access rights in the prior art.
according to a first aspect of the present invention, there is provided a file transparent encryption and decryption system based on a domestic operating system, comprising:
the file transparent encryption and decryption system based on the domestic operating system comprises a file system calling interface, a file redirection module, a VFS (very fast transient file system), a stacked encrypted file system, a real file system, a disk system, a ciphertext check module, a trusted process check module, a file authority control module and a data encryption and decryption module, wherein the file system calling interface, the file redirection module, the VFS system, the stacked encrypted file system, the real file system and the disk system are communicated with each other from top to bottom;
the file system calling interface is used for completing an access request of an application program to a file, and the access request submitted by the application program is converted into a system calling interface related to the file to complete the access request to the file through a VFS (virtual file system) after entering a kernel of a domestic operating system;
The file redirection module is deployed in a kernel layer of a domestic operating system and is automatically loaded after the domestic operating system is started, so that the access request of the file is intercepted; the ciphertext access request passing through the ciphertext checking module and the trusted process checking module is redirected to the corresponding mounting directory;
The VFS system is used for converting the format command of the file system calling interface into the calling of the corresponding operation interface of the real file system;
The stack type encryption file system inserts a layer of file system drive between the VFS system and the real file system, and is used for calling a real file system interface to realize the access request of the file; the stackable encrypted file system calls a file authority control module to control the access authority of the file;
The disk system is used for receiving an access request to a file, and reading data from a disk or writing data into the disk.
further, the ciphertext consists of a ciphertext header and encrypted file data. The ciphertext header comprises a ciphertext identifier, an authority control identifier field, an encryption related field and a file information field.
Further, the file redirection module performs hook operation on an interface function of the file system call interface to intercept the access request of the file.
further, after the domestic operating system is started, the stack-type encrypted file system appoints the stack-type encrypted file system as a parameter to the partition directory existing in the operating system, and then re-mounts the partition directory to the appointed temporary directory.
According to a second aspect of the present invention, there is provided a loading method for a file transparent encryption and decryption system based on a home-made operating system, where the file transparent encryption and decryption system of the home-made operating system has the file transparent encryption and decryption system as described above, and the following steps are performed:
S101: after the computer is powered on, the domestic operating system completes self-checking and guides the domestic operating system to start;
S102: after the domestic operating system is started, the file redirection module is loaded, and the file redirection module carries out hook operation on system call of a file to intercept a file access command;
s103: reading a trusted process configuration file, and configuring a trusted process module so as to check whether the process has the authority of accessing the encrypted file;
S104: and designating the stack type encryption file system as a parameter, and re-mounting the partition directory existing in the domestic operating system to the designated directory.
According to a third aspect of the present invention, there is provided a file transparent encryption and decryption method based on a domestic operating system, having the file transparent encryption and decryption system based on a domestic operating system as described above, and performing the following steps:
s201: a user executes file opening operation on a disk on a domestic operating system;
s202: intercepting the opening operation of the file by a file redirection module;
s203: checking whether the file to be opened is a ciphertext or not, if so, entering S204; otherwise, go to S208;
S204: checking whether the process corresponding to the opening operation is a trusted process, if so, entering S205; otherwise, go to S208;
s205: the file redirection module modifies the file path of the file to be opened and points to the corresponding path of the mounted file for encryption and decryption;
s206: the stack type encryption file system executes authority management and encryption/decryption operation on a file to be opened;
S207: calling a real file system to perform file read/write operation, and entering S209;
S208: directly accessing files on a real file system;
S209: searching whether to quit the domestic operating system, if so, quitting the domestic operating system, and ending the method; otherwise, the process proceeds to S201.
according to a fourth aspect of the present invention, there is provided a file transparent encryption and decryption system of a domestic operating system based on a domestic operating system, comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
the instructions are used for being stored by the memory and loaded and executed by the processor by the loading method of the domestic operating system-based file transparent encryption and decryption system.
According to a fifth aspect of the present invention, there is provided a computer readable storage medium having a plurality of instructions stored therein; the instructions are used for loading and executing the loading method of the file transparent encryption and decryption system based on the domestic operating system by the processor.
According to a sixth aspect of the present invention, there is provided a file transparent encryption and decryption system of a domestic operating system based on a domestic operating system, comprising:
A processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
The instructions are used for being stored by the memory and loaded and executed by the processor, so that the file transparent encryption and decryption method based on the domestic operating system is realized.
according to a seventh aspect of the present invention, there is provided a computer readable storage medium having a plurality of instructions stored therein; the instructions are used for loading and executing the file transparent encryption and decryption method based on the domestic operating system by the processor.
According to the scheme of the invention, a layer of stacked encrypted file system is inserted between the VFS layer and the real file system, so that the operations of opening, editing, storing and the like of the encrypted file by a trusted process are realized, the ciphertext can be directly sent out or mutually transmitted with other people, and the operation can be carried out only by equipping the encryption and decryption system under the condition that a user has the use authority on the file, so that the ciphertext is prevented from being leaked under the unauthorized condition, and the operation safety can be ensured.
the foregoing description is only an overview of the technical solutions of the present invention, and in order to make the technical solutions of the present invention more clearly understood and to implement them in accordance with the contents of the description, the following detailed description is given with reference to the preferred embodiments of the present invention and the accompanying drawings.
Drawings
the accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and, together with the description, serve to explain the principles of the invention. In the drawings:
FIG. 1 is a flowchart illustrating a method for executing a directory protection product based on a LUKS disk encryption scheme in the prior art;
FIG. 2 is a diagram illustrating the overall architecture of a domestic OS-based file transparent encryption/decryption system according to an embodiment of the present invention;
FIG. 3 is a block diagram of the components of the ciphertext according to one embodiment of the invention;
FIG. 4 is a flowchart of a loading method of the file transparent encryption and decryption system based on the domestic operating system according to the present invention;
FIG. 5 is a flowchart of a file encryption and decryption method of the file transparent encryption and decryption system based on the domestic operating system according to the present invention;
fig. 6 is a flowchart of a file transparent encryption and decryption method based on a domestic operating system according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the technical solutions of the present invention will be clearly and completely described below with reference to the specific embodiments of the present invention and the accompanying drawings. It is to be understood that the described embodiments are merely exemplary of the invention, and not restrictive of the full scope of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
defining:
VFS: virtual File Systm, is an abstraction layer that provides a uniform File access interface upwards and a variety of different File systems downwards. Including not only file systems in the conventional sense of Ext2, Ext4, XFS, and Btrfs, but also pseudo file systems and devices, etc.
the home-made operating system: most operating systems are secondarily developed based on Linux. Such as the winning bid kylin, deep Linux, zhongxing new pivot operating system, hunan kylin, etc.
stackable File System a Stackable File System (stacked File System) is a layer inserted between the VFS and the specific File System to simplify migration of the File System and also to add other functions to the File System, such as encryption, compression, etc.
Hook technology: the hook function captures the message before the system does not call the function, and the hook function obtains the control right first, so that the hook function can process (change) the execution behavior of the function and also can forcibly end the message transfer. In short, the system program is pulled out to become a code segment which can be executed by itself.
first, the general architecture of the present invention for implementing a domestic os-based file transparent encryption/decryption system is described with reference to fig. 2, and fig. 2 is a diagram illustrating the general architecture of a domestic os-based file transparent encryption/decryption system according to an embodiment of the present invention. As shown in fig. 2:
the file transparent encryption and decryption system based on the domestic operating system comprises a file system calling interface, a file redirection module, a VFS system, a stacked encrypted file system, a real file system, a disk system, a ciphertext check module, a trusted process check module, a file authority control module and a data encryption and decryption module, wherein the file system calling interface, the file redirection module, the VFS system, the stacked encrypted file system, the real file system and the disk system are communicated with each other from top to bottom.
the file system calling interface is used for completing an access request of an application program to a file, and the access request submitted by the application program is converted into a system calling interface related to the file to complete the access request to the file through a VFS (virtual file system) after entering a kernel of a domestic operating system;
The file redirection module is deployed in a kernel layer of a domestic operating system and is automatically loaded after the domestic operating system is started, so that the access request of the file is intercepted; the ciphertext access request passing through the ciphertext checking module and the trusted process checking module is redirected to the corresponding mounting directory;
And the file redirection module performs hook operation on interface functions of the file system calling interface, such as open, access, rename, stat and the like, so as to intercept the access request of the file, and the intercepted access request is checked by the ciphertext check module and the trusted process check module, and is redirected to the corresponding mount directory for the ciphertext access request meeting the condition and passing the check.
the composition structure of the ciphertext according to the present invention is described below with reference to fig. 3, and fig. 3 shows a composition structure diagram of the ciphertext according to the present invention. As shown in fig. 3:
the ciphertext consists of a ciphertext header and encrypted file data. The ciphertext header comprises a ciphertext identifier, an authority control identifier field, an encryption related field and a file information field. The ciphertext identifier is a character string with a fixed format and represents that the file is an encrypted file. And the authority control field is used for setting the access authority of the file, such as read-only, storage and the like. The encryption related field is used for storing related information of the encryption algorithm, such as the type of the encryption algorithm and the like. And the file information field is used for storing data related to the file length. The encrypted file data is the result of encrypting the original file by using an encryption algorithm. For example, a symmetric encryption algorithm is used to encrypt the original file.
the VFS system, namely a virtual file system, is an abstract layer and is used for converting the format command of the file system calling interface into the calling of a corresponding operation interface of a real file system;
the stack type encryption file system is characterized in that a layer of file system drive is inserted between the VFS system and the real file system and is used for calling a real file system interface to realize the access request of the file. The stacked encryption file system is a file system driver developed based on the stackable file system technology supported by a domestic operating system;
and after the domestic operating system is started, the stack type encryption file system appoints the stack type encryption file system as a parameter for the partition directory existing in the operating system, and then the partition directory is mounted to the appointed temporary directory again. When the file redirection module redirects the ciphertext access request meeting the condition and passing the check to the corresponding mounting directory, the access request to the file passes through the stacked encrypted file system, the stacked encrypted file system calls the file authority control module to control the file access authority and calls the data encryption and decryption module to encrypt the written data and decrypt the read data.
the disk system is used for receiving an access request to a file, and reading data from a disk or writing data into the disk.
And setting two buffers for generating a plaintext and a ciphertext in the buffer of the domestic operating system, wherein the plaintext buffer is accessed by the trusted process, and the ciphertext buffer is accessed by the untrusted process.
The loading method of the transparent file encryption and decryption system based on the domestic operating system according to the present invention is described below with reference to fig. 4, and fig. 4 shows a flowchart of the loading method of the transparent file encryption and decryption system based on the domestic operating system according to the present invention. As shown in fig. 4:
s101: after the computer is powered on, the domestic operating system completes self-checking and guides the domestic operating system to start;
S102: after the domestic operating system is started, the file redirection module is loaded, and the file redirection module carries out hook operation on system call of a file to intercept a file access command;
s103: reading a trusted process configuration file, and configuring a trusted process module so as to check whether the process has the authority of accessing the encrypted file;
s104: and designating the stack type encryption file system as a parameter, and re-mounting the partition directory existing in the domestic operating system to the designated directory.
the following describes a file encryption and decryption method of the domestic operating system-based file transparent encryption and decryption system according to the present invention with reference to fig. 5, and fig. 5 shows a flowchart of the file encryption and decryption method of the domestic operating system-based file transparent encryption and decryption system according to the present invention. As shown in fig. 5:
s201: a user executes file opening operation on a disk on a domestic operating system;
s202: intercepting the opening operation of the file by a file redirection module;
S203: checking whether the file to be opened is a ciphertext or not, if so, entering S204; otherwise, go to S208;
s204: checking whether the process corresponding to the opening operation is a trusted process, if so, entering S205; otherwise, go to S208;
S205: the file redirection module modifies the file path of the file to be opened and points to the corresponding path of the mounted file for encryption and decryption;
s206: the stack type encryption file system executes authority management and encryption/decryption operation on a file to be opened;
s207: calling a real file system to perform file read/write operation, and entering S209;
s208: directly accessing files on a real file system;
S209: searching whether to quit the domestic operating system, if so, quitting the domestic operating system, and ending the method; otherwise, the process proceeds to S201.
the following embodiments describe an application scenario and an operation manner of the file transparent encryption and decryption method based on the domestic operating system with reference to fig. 6.
the file transparent encryption and decryption system V3 based on the domestic operating system is adopted, and a domestic operating system client, such as a winning bid kylin desktop operating system, is used.
s301: after entering a bid winning kylin desktop operating system, logging in a V3 account system, and entering S302 after passing verification;
s302: synchronizing the secret level and the ciphertext use authority strategy;
S303: manually encrypting a file of a specified type;
S304: double-clicking to open the file;
s305: checking whether the process is a trusted process access ciphertext, if so, entering S306; otherwise, go to S307;
s306: displaying the decrypted plaintext data, and entering S308 after the decrypted plaintext data is operated;
s307: displaying the encrypted data, and entering S308 after the operation on the encrypted data is finished;
s308: checking whether the operating system is quitted or not, if so, quitting the operating system, and ending the method; otherwise, the process proceeds to S302.
the other embodiment of the invention executes the bank data anti-leakage test project by using the system of the file transparent encryption and decryption method based on the domestic operating system.
the embodiment of the invention further provides a file transparent encryption and decryption system based on a domestic operating system, which comprises the following components:
A processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
The instructions are used for being stored by the memory and loaded and executed by the processor by the loading method of the domestic operating system-based file transparent encryption and decryption system.
The embodiment of the invention further provides a computer readable storage medium, wherein a plurality of instructions are stored in the storage medium; the instructions are used for loading and executing the loading method of the file transparent encryption and decryption system based on the domestic operating system by the processor.
The embodiment of the invention further provides a file transparent encryption and decryption system based on a domestic operating system, which comprises the following components:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
The instructions are used for being stored by the memory and loaded and executed by the processor, so that the file encryption and decryption method based on the domestic operating system is realized.
The embodiment of the invention further provides a computer readable storage medium, wherein a plurality of instructions are stored in the storage medium; the instructions are used for loading and executing the file encryption and decryption method based on the domestic operating system by the processor.
it should be noted that the embodiments and features of the embodiments may be combined with each other without conflict.
In the embodiments provided in the present invention, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions in actual implementation, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
in addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
The integrated unit implemented in the form of a software functional unit may be stored in a computer readable storage medium. The software functional unit is stored in a storage medium and includes several instructions to enable a computer device (which may be a personal computer, a physical machine Server, or a network cloud Server, etc., and needs to install a Windows or Windows Server operating system) to perform some steps of the method according to various embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
the above description is only a preferred embodiment of the present invention, and is not intended to limit the present invention in any way, and any simple modification, equivalent change and modification made to the above embodiment according to the technical spirit of the present invention are still within the scope of the technical solution of the present invention.
Claims (10)
1. A transparent file encryption and decryption system based on a domestic operating system is characterized by comprising a top-down file system calling interface, a file redirection module, a VFS (virtual file system), a stacked encrypted file system, a real file system, a disk system, a ciphertext check module, a trusted process check module, a file authority control module and a data encryption and decryption module, wherein the file system calling interface, the file redirection module, the VFS system, the stacked encrypted file system, the real file system and the disk system are communicated with each other;
the file system calling interface is used for completing an access request of an application program to a file, and the access request submitted by the application program is converted into a system calling interface related to the file to complete the access request to the file through a VFS (virtual file system) after entering a kernel of a domestic operating system;
The file redirection module is deployed in a kernel layer of a domestic operating system and is automatically loaded after the domestic operating system is started, so that the access request of the file is intercepted; the ciphertext access request passing through the ciphertext checking module and the trusted process checking module is redirected to the corresponding mounting directory;
the VFS system is used for converting the format command of the file system calling interface into the calling of the corresponding operation interface of the real file system;
the stack type encryption file system inserts a layer of file system drive between the VFS system and the real file system, and is used for calling a real file system interface to realize the access request of the file; the stackable encrypted file system calls a file authority control module to control the access authority of the file;
The disk system is used for receiving an access request to a file, and reading data from a disk or writing data into the disk.
2. The file transparent encryption and decryption system based on the domestic operating system as claimed in claim 1, wherein the ciphertext consists of a ciphertext header and encrypted file data; the ciphertext header comprises a ciphertext identifier, an authority control identifier field, an encryption related field and a file information field.
3. a domestic operating system based file transparent encryption and decryption system according to claim 1, wherein said file redirection module performs hook operation on an interface function of said file system call interface to intercept an access request for said file.
4. The native operating system-based file transparent encryption and decryption system of claim 1, wherein the stacked encrypted file system re-mounts the partition directory to the designated temporary directory by designating the stacked encrypted file system as a parameter to the partition directory existing in the operating system after the native operating system is booted.
5. a loading method of a file transparent encryption and decryption system based on a domestic operating system, the file transparent encryption and decryption system of the domestic operating system having the file transparent encryption and decryption system according to any one of claims 1 to 4, characterized in that: loading the file transparent encryption and decryption system based on the domestic operating system, and executing the following steps:
S101: after the computer is powered on, the domestic operating system completes self-checking and guides the domestic operating system to start;
S102: after the domestic operating system is started, the file redirection module is loaded, and the file redirection module carries out hook operation on system call of a file to intercept a file access command;
s103: reading a trusted process configuration file, and configuring a trusted process module so as to check whether the process has the authority of accessing the encrypted file;
s104: and designating the stack type encryption file system as a parameter, and re-mounting the partition directory existing in the domestic operating system to the designated directory.
6. a file transparent encryption and decryption method based on a domestic operating system, having the file transparent encryption and decryption system of any one of claims 1 to 4, wherein the method further comprises:
s201: a user executes file opening operation on a disk on a domestic operating system;
S202: intercepting the opening operation of the file by a file redirection module;
s203: checking whether the file to be opened is a ciphertext or not, if so, entering S204; otherwise, go to S208;
s204: checking whether the process corresponding to the opening operation is a trusted process, if so, entering S205; otherwise, go to S208;
S205: the file redirection module modifies the file path of the file to be opened and points to the corresponding path of the mounted file for encryption and decryption;
S206: the stack type encryption file system executes authority management and encryption/decryption operation on a file to be opened;
s207: calling a real file system to perform file read/write operation, and entering S209;
s208: directly accessing files on a real file system;
S209: searching whether to quit the domestic operating system, if so, quitting the domestic operating system, and ending the method; otherwise, the process proceeds to S201.
7. a file transparent encryption and decryption system of a domestic operating system based on the domestic operating system is characterized by comprising:
a processor for executing a plurality of instructions;
a memory to store a plurality of instructions;
wherein the instructions are used for being stored by the memory and loaded and executed by the processor according to the loading method of the domestic operating system-based file transparent encryption and decryption system of claim 5.
8. a computer-readable storage medium having stored therein a plurality of instructions; the instructions are used for loading and executing the loading method of the domestic operating system-based file transparent encryption and decryption system according to claim 5.
9. a file transparent encryption and decryption system of a domestic operating system based on the domestic operating system is characterized by comprising:
a processor for executing a plurality of instructions;
A memory to store a plurality of instructions;
wherein the instructions are used for being stored by the memory and loaded and executed by the processor according to the file transparent encryption and decryption method based on the domestic operating system of claim 6.
10. a computer-readable storage medium having stored therein a plurality of instructions; the instructions are used for loading and executing the file transparent encryption and decryption method based on the domestic operating system according to claim 6 by a processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910798532.7A CN110569651A (en) | 2019-08-27 | 2019-08-27 | file transparent encryption and decryption method and system based on domestic operating system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910798532.7A CN110569651A (en) | 2019-08-27 | 2019-08-27 | file transparent encryption and decryption method and system based on domestic operating system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110569651A true CN110569651A (en) | 2019-12-13 |
Family
ID=68776402
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910798532.7A Pending CN110569651A (en) | 2019-08-27 | 2019-08-27 | file transparent encryption and decryption method and system based on domestic operating system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110569651A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395627A (en) * | 2020-11-20 | 2021-02-23 | 深圳麦风科技有限公司 | Encryption and decryption method, device and storage medium |
| CN113688411A (en) * | 2021-08-24 | 2021-11-23 | 北京鼎普科技股份有限公司 | Netlink technology-based domestic operating system file transparent encryption and decryption system |
| CN115098877A (en) * | 2022-08-25 | 2022-09-23 | 北京前沿信安科技股份有限公司 | File encryption and decryption method and device, electronic equipment and medium |
| CN115114646A (en) * | 2022-08-25 | 2022-09-27 | 北京前沿信安科技股份有限公司 | File authority processing method and device and storage medium |
| WO2024021496A1 (en) * | 2022-07-29 | 2024-02-01 | 天翼云科技有限公司 | Transparent encryption method and apparatus, electronic device, and storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN103618722A (en) * | 2013-11-29 | 2014-03-05 | 东软集团股份有限公司 | Network data transmission method and system based on VFS scanning |
| CN105224882A (en) * | 2015-09-23 | 2016-01-06 | 武汉理工大学 | A kind of file encryption system based on bridge file system |
| CN106127078A (en) * | 2016-07-11 | 2016-11-16 | 北京鼎源科技有限公司 | Cryptographic key protection method under a kind of Android environment and system |
| US20160342804A1 (en) * | 2015-05-21 | 2016-11-24 | Qualcomm Innovation Center, Inc. | Stackable file system with user space policy management |
| CN106682061A (en) * | 2016-10-17 | 2017-05-17 | 暨南大学 | Distributed system for collection and storage of origin data |
| US20180293394A1 (en) * | 2017-04-11 | 2018-10-11 | Nicira, Inc. | Identifying container file events for providing container security |
-
2019
- 2019-08-27 CN CN201910798532.7A patent/CN110569651A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101901313A (en) * | 2010-06-10 | 2010-12-01 | 中科方德软件有限公司 | Linux file protection system and method |
| CN103618722A (en) * | 2013-11-29 | 2014-03-05 | 东软集团股份有限公司 | Network data transmission method and system based on VFS scanning |
| US20160342804A1 (en) * | 2015-05-21 | 2016-11-24 | Qualcomm Innovation Center, Inc. | Stackable file system with user space policy management |
| CN105224882A (en) * | 2015-09-23 | 2016-01-06 | 武汉理工大学 | A kind of file encryption system based on bridge file system |
| CN106127078A (en) * | 2016-07-11 | 2016-11-16 | 北京鼎源科技有限公司 | Cryptographic key protection method under a kind of Android environment and system |
| CN106682061A (en) * | 2016-10-17 | 2017-05-17 | 暨南大学 | Distributed system for collection and storage of origin data |
| US20180293394A1 (en) * | 2017-04-11 | 2018-10-11 | Nicira, Inc. | Identifying container file events for providing container security |
Non-Patent Citations (1)
| Title |
|---|
| 钟润丰: "堆栈式加密文件系统的设计与实现", 《中国优秀博硕士学位论文全文数据库 (硕士) 信息科技辑》 * |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112395627A (en) * | 2020-11-20 | 2021-02-23 | 深圳麦风科技有限公司 | Encryption and decryption method, device and storage medium |
| CN113688411A (en) * | 2021-08-24 | 2021-11-23 | 北京鼎普科技股份有限公司 | Netlink technology-based domestic operating system file transparent encryption and decryption system |
| WO2024021496A1 (en) * | 2022-07-29 | 2024-02-01 | 天翼云科技有限公司 | Transparent encryption method and apparatus, electronic device, and storage medium |
| CN115098877A (en) * | 2022-08-25 | 2022-09-23 | 北京前沿信安科技股份有限公司 | File encryption and decryption method and device, electronic equipment and medium |
| CN115114646A (en) * | 2022-08-25 | 2022-09-27 | 北京前沿信安科技股份有限公司 | File authority processing method and device and storage medium |
| CN115114646B (en) * | 2022-08-25 | 2023-01-03 | 北京前沿信安科技股份有限公司 | File authority processing method and device and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110569651A (en) | file transparent encryption and decryption method and system based on domestic operating system | |
| CN103353931B (en) | Security-enhanced computer system and method | |
| CN106063218B (en) | The methods, devices and systems of encryption and decryption in virtualization system | |
| US9916456B2 (en) | Systems and methods for securing and restoring virtual machines | |
| US20220006617A1 (en) | Method and apparatus for data storage and verification | |
| US7840750B2 (en) | Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof | |
| WO2021164166A1 (en) | Service data protection method, apparatus and device, and readable storage medium | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| CN101853363A (en) | File protection method and system | |
| CN113383330A (en) | Creation and execution of secure containers | |
| CN108055133A (en) | A kind of key secure signing method based on block chain technology | |
| CN107038369A (en) | The method and terminal of a kind of resources accessing control | |
| CN108509802A (en) | A kind of application data divulgence prevention method and device | |
| CN106815528A (en) | A kind of file management method and device, storage device | |
| CN107358114A (en) | A kind of method and terminal for preventing user data loss | |
| CN110569650B (en) | Mobile storage device authority management method and system based on domestic operating system | |
| CN115146318B (en) | Virtual disk safe storage method | |
| CN107256362A (en) | A kind of application layer file system partition method and device | |
| CN113987557A (en) | File encryption processing method and system, electronic equipment and storage medium | |
| CN110414217A (en) | Method for safe operation, device, electronic equipment and the storage medium of application program | |
| CN110543775B (en) | Data security protection method and system based on super-fusion concept | |
| CN106203141A (en) | The data processing method of a kind of application and device | |
| CN107609412A (en) | A kind of method for realizing that mobile terminal safety stores under mobile Internet based on TrustZone technologies | |
| CN108399341B (en) | Windows dual file management and control system based on mobile terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20191213 |
|
| RJ01 | Rejection of invention patent application after publication |