CN1126038C - Dynamic file protecting method - Google Patents
Dynamic file protecting method Download PDFInfo
- Publication number
- CN1126038C CN1126038C CN 00102687 CN00102687A CN1126038C CN 1126038 C CN1126038 C CN 1126038C CN 00102687 CN00102687 CN 00102687 CN 00102687 A CN00102687 A CN 00102687A CN 1126038 C CN1126038 C CN 1126038C
- Authority
- CN
- China
- Prior art keywords
- data file
- file
- application program
- data
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The present invention relates to a file dynamic protection method, particularly to a data file protection method which has dynamic and instant protection functions. The present invention intercepts the operation of an application program to a data file in the current work platform by a clasp function and puts the data file in a data protection layer after interception to protect the primary data dynamically and instantly. The present invention is used for preventing the data file stored in a computer from being read or modified by unwarranted users.
Description
Technical field
The present invention relates to the dynamic protection method of file, particularly have the data file guard method of dynamic, instant safeguard function, read and revise by unwarranted user in order to the data file that prevents to be stored in the computing machine.
Background technology
At present, handle if the data file of some tool privacy in the computer system is done protection, read and revise to prevent unwarranted user, its way commonly used is that this one data file is encrypted.See also Fig. 1, with a source document 10 in manually operated mode through an encryption program 11, become a protected data file 12 and be stored in the recording medium of computer system (as: hard disk, magnetic sheet etc.); After, in the time will reading or revise, by corresponding decrypted program 13, protected data file 12 be reduced into source document 10 again.For instance, in copy editor application program-Word commonly used, just provide and specify the password setting function of opening data file, allow the user input to open the password (Password) of data file, open file to prevent unwarranted user; And the password of specified modification file,, after opening data file, store the data file is done any one change in order to the user that allows other.Yet aforesaid data file protection processing procedure is a kind of protection process of static state, and all is to carry out in manually operated mode to data file encryption, deciphering the time; That is to say that the user when obtaining a protected data file, needs its prior deciphering at every turn, could be to the operation such as make amendment of the source document in the protected data file, after operation is finished.Also need to reset password, store, can guarantee the encrypted protection of amended source document; It is very loaded down with trivial details that this mode of operation makes that the user uses, and can't allow the user dynamically the data file be operated, and can influence the associative operation of file.
On the other hand, the operation of the data file encipherment protection of this static state for the user in the LAN, also has bigger inconvenience.Because for a data file after encryption in local computer system, one cover encryption, the decoding tool identical with local computer system if wanting to use, other users in the LAN must be arranged, come this data file is handled and could be used, and no matter the user carries out any operation through network to the data file, all needs first deciphering; At this moment, handling encryption, the deciphering of file with traditional data file guard method, is inconvenience very in the use.
Traditional data file protection processing procedure is a kind of protection process of static state, the user is at every turn when obtaining a protected data file, all need its prior deciphering, could be to the operation such as make amendment of the source document in the protected data file, after operation is finished, also need to reset password, store, can guarantee the encrypted protection of amended source document; It is very loaded down with trivial details that this mode of operation makes that the user uses, and can't allow the user dynamically the data file be operated, and can influence the associative operation of file.
Summary of the invention
Fundamental purpose of the present invention provides a kind of method of protected data file; can be in different workbenches to a protected data file (for example: the password that data file is designated when opening) read and revise, and prevent that unwarranted user from carrying out above-mentioned action to the data file.It is by in the clasp joint intercepting api calls work at present platform to the operation of data file; and it is inserted a data protective seam; thereby raw data is carried out dynamically, protected immediately; then need not provide decryption method at another workbench of network, can use and revise this data file.
The present invention is when user's operating application program will read or revise the data file; earlier from the system kernel reading of data; again by the data protection layer when the reading system kernel; related content is tackled; and add the key (Key) that is used for the data file protection, after the processing through the data protection layer, continue to call installable file system; current with the response application program to the data file operation, obtain a protected and spendable data file at last.
Description of drawings
Relevant detailed content of the present invention and technology, conjunction with figs. is described as follows:
Fig. 1 is the known block diagram that the data file is carried out encryption/decryption process.
Fig. 2 is the decision flow chart of the present invention when carrying out the data file read operation.
Fig. 3 is the process flow diagram of data interception document handling system of the present invention.
Fig. 4 is the processing block schematic diagram of protected data file of the present invention.
Fig. 5 is the processing flow chart of the embodiment of the invention.
Fig. 6 is embodiments of the invention synoptic diagram when carrying out read operation.
Fig. 7 is embodiments of the invention synoptic diagram when carrying out write operation.
Embodiment
The present invention mainly is divided into " judgement revised file " and " interception file system " two parts, cooperates Fig. 2 and Fig. 3 division as follows: to judge revised file:
See also Fig. 2, when the user will handle the data file with an application program, at first system can judge whether user's application programs produces operation, if not, then the data protection layer still is in sleep state, and user's operating application program (step 201~204) is waited in continuation, otherwise, if the user begins operating application program, the data protection layer can be obtained the parameter of system kernel earlier so, whether the operation of judging user's application programs again is the operation (step 205 of read data files, 206), if for being, then ask the user to input password (Password) or key (Key), and judge whether the user has inputed the password or the key (step 207 of aforementioned requirement, 208); If the user is input not, then be back to step 207 and continue wait user's input, if the user has inputed password or key, then call password or key recognition function (step 209), the content that the user imported is compared, and correctly whether analysis and judgement password (or key) (step 210), if password or key are correct, then notify the Ring0 layer, allow storage data file (step 211); If password or key are incorrect, then notify Ring0 layer, refusal storage data file (step 212); In addition, if what user's application programs was carried out is not the operation of read data files, need then further to judge whether the operation of this moment is the operation (step 213) of revising data file, if not the operation of revising data file, then return step 203, wait for to receive user's next one operation, if this operation be revise data file change work, then each treatment step of execution in step 207 to 212.The interception file system:
See also Fig. 3, after the data protection layer confirms that the password of user's input or key are correct, then the Ring0 layer of reporting system kernel carries out the interception operation of file system, at first call installable file system clasp joint function (Installable File System Hook), receive the disposal right (step 301,303) of application program to present data file, the cognizance code of establishing in advance in the Ring3 layer of calling system kernel (step 304), wait for that then the data protection layer is waken up, if the data protection layer is not waken up, then continue to wait for; If be waken up, then from the Ring3 layer of system kernel, read the parameter relevant (step 305~307) with current application program; Then judge whether to allow to tackle the operation of application program, if allow, then the function in the calling system kernel Ring0 layer is handled (step 308,309), if do not allow the interception operation, then returns step 303, handles next operation to the data file.
Therefore; see also Fig. 4; the processing of protected data file of the present invention is when user's operating application program will read or revise the data file (step 401); earlier from system kernel reading of data (step 402); again by the data protection layer when the reading system kernel; related content is tackled; and add the key that is used for the data file protection; through (step 403 after the processing of data protection layer; 404); continue to call installable file system; current with the response application program to the data file operation, obtain one protected (step 405) and operable data file (step 406) at last.
Embodiment:
In order to specify technology implementation method of the present invention, will with the Word among the MS-0ffice environment of editing data file, cooperate Fig. 5,6 and 7, embodiment is described as follows:
See also Fig. 5, when the user when coming editing files with Word, because the file of many privacies need be protected, therefore when opening file, it is the operation that receives the user by the data protection layer earlier, judge whether to be the data file (i.e. the file of having been protected with technology of the present invention) that the present invention sets, if not, then allow the user that this document is carried out routine operation (step 501~503); If, then require the user to import key, compose power for the operation of relevant clasp joint function simultaneously, so whether computing machine can allow the user use (step 504,505) according to predefined identification code automatic analysis and judgment data file, if can, the processing of being correlated with according to the operation of user's application programs, and continue to receive next operation (step 506); Otherwise if judgement thinks that this data file is not used by the user by analysis, then refusal is accepted the operation to this application program, withdraws from (step 507,508).
In the processing procedure of Fig. 5, if the operation that the user reads the data file in the Word system, so after the judgement of step 505 is used data file by the permission user, in step 506, also comprise: from file, read the data (step 509) of not separating, data be decrypted it is reduced into source book (step 510), and the source book disposal right after will deciphering transfers to Word system (step 511), as shown in Figure 6.
See also Fig. 7, if the operation that the user makes amendment to the data file in Word, it then is the Ring0 layer (step 512) that in step 506, will allow raw data is stored in system kernel, the clasp joint function (Hook) relevant with the Word system called in reception, reception is to the retouching operation (step 513) of current data file, obtain the raw data (step 513) of this data file from the Ring3 of system kernel layer, then this data file is carried out encryption (step 514), and ciphered data deposits in the Wod data file (step 515) in.
Though the present invention describes as above with a most preferred embodiment; but be not in order to limit the present invention; any those skilled in the art can modify the present invention, so protection scope of the present invention is as the criterion with claims without departing from the spirit and scope of the present invention.
The disclosed technology according to the present invention can be done dynamic, instant protection to a data file, and can not have in the workbench of encryption, decoding tool at another in the work at present platform in LAN, this data file is used and revised.
Graphical sysmbol describes in detail:
10 original documents
11 handling procedures of encrypting
12 data files
13 decrypted programs
Claims (6)
1. the dynamic protection method of a file includes:
The operator scheme of the application program of using system kernel judgment processing data file;
Operator scheme according to this application program obtains password;
According to the content of this password, call an installable file system clasp joint function relevant with this application program;
Receive this data file by this installable file system clasp joint function;
In this system kernel, read the parameter relevant with this application program; And
Use this installable file system clasp joint function this data file to be handled according to the operator scheme of this application program.
2. file dynamic protection method as claimed in claim 1, wherein the operator scheme of this application program is the read operation of data file.
3. file dynamic protection method as claimed in claim 1, wherein the operator scheme of this application program is the retouching operation of data file.
4. file dynamic protection method as claimed in claim 1, wherein this password is a key (Key).
5. file dynamic protection method as claimed in claim 1, wherein according to the operator scheme of this application program this data file being handled is that this data file is done encryption.
6. file dynamic protection method as claimed in claim 1, wherein according to the operator scheme of this application program this data file being handled is that this data file is made decryption processing.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00102687 CN1126038C (en) | 2000-02-24 | 2000-02-24 | Dynamic file protecting method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 00102687 CN1126038C (en) | 2000-02-24 | 2000-02-24 | Dynamic file protecting method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1310399A CN1310399A (en) | 2001-08-29 |
| CN1126038C true CN1126038C (en) | 2003-10-29 |
Family
ID=4576502
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 00102687 Expired - Fee Related CN1126038C (en) | 2000-02-24 | 2000-02-24 | Dynamic file protecting method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1126038C (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407831A (en) * | 2015-07-31 | 2017-02-15 | 中兴通讯股份有限公司 | File protection method and device, and mobile terminal |
| CN105208041B (en) * | 2015-10-15 | 2018-09-21 | 厦门大学 | Cloud storage application encryption data packet crack method based on HOOK |
| CN105183918A (en) * | 2015-10-16 | 2015-12-23 | 江苏省电力公司淮安供电公司 | Method for realizing rapid directory monitoring on the basis of micro-drive M-IFS |
| CN113590446A (en) * | 2021-08-02 | 2021-11-02 | 上海米哈游璃月科技有限公司 | Method and device for detecting numerical value file, electronic equipment and storage medium |
| CN117555858A (en) * | 2023-12-14 | 2024-02-13 | 河北因朵科技有限公司 | Digital archive safe storage and retrieval system |
-
2000
- 2000-02-24 CN CN 00102687 patent/CN1126038C/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| CN1310399A (en) | 2001-08-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1197014C (en) | Internal memory type anti-falsification processor and security method | |
| EP3107024B1 (en) | System and method of restoring modified data | |
| US7398400B2 (en) | Computer system protection | |
| JP4851200B2 (en) | Method and computer-readable medium for generating usage rights for an item based on access rights | |
| CN109117664B (en) | Access control method and device for application program | |
| US7475260B2 (en) | Method and apparatus for protecting sensitive information in a log file | |
| US20020112158A1 (en) | Executable file protection | |
| US7966490B2 (en) | Using mobility tokens to observe malicious mobile code | |
| CN1783038A (en) | Information leakage prevention method and apparatus and program for the same | |
| US8452740B2 (en) | Method and system for security of file input and output of application programs | |
| Stallman | Can you trust your computer? | |
| KR20100031248A (en) | Method for protecting private information of personal computer and computer readable recording medium therefor | |
| CN105447397A (en) | File security level identification method based on kernel module | |
| JP6670318B2 (en) | Classification and IRM implementation in software applications | |
| JP4516598B2 (en) | How to control document copying | |
| CN106980797A (en) | A kind of method, device and computing device for realizing file protection | |
| CN1126038C (en) | Dynamic file protecting method | |
| CN101447013A (en) | Method, device and system for running software | |
| KR101284783B1 (en) | System and method for preventing electronic document leakage | |
| US20120005757A1 (en) | Computer enabled methods to inhibit file and volume name copying and to circumvent same | |
| JP6885095B2 (en) | Decoding classification method, decoding classification device and decoding classification program | |
| US20050033721A1 (en) | Location switch hard drive shim | |
| CN111753263A (en) | Non-inductive encryption and decryption method based on macOS system | |
| JP2009059158A (en) | External device management system | |
| JP2006215650A (en) | Information processor, method for controlling it, and information management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20031029 Termination date: 20110224 |