CN117313134A - File encryption method and device, electronic equipment and storage medium - Google Patents

File encryption method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN117313134A
CN117313134A CN202311611398.8A CN202311611398A CN117313134A CN 117313134 A CN117313134 A CN 117313134A CN 202311611398 A CN202311611398 A CN 202311611398A CN 117313134 A CN117313134 A CN 117313134A
Authority
CN
China
Prior art keywords
file
file data
data
target
encrypted
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311611398.8A
Other languages
Chinese (zh)
Inventor
曹土光
林兵
程伟
刘纯纯
吴伟斌
赖博林
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Unicom Guangdong Industrial Internet Co Ltd
Original Assignee
China Unicom Guangdong Industrial Internet Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Unicom Guangdong Industrial Internet Co Ltd filed Critical China Unicom Guangdong Industrial Internet Co Ltd
Priority to CN202311611398.8A priority Critical patent/CN117313134A/en
Publication of CN117313134A publication Critical patent/CN117313134A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses a file encryption method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: monitoring and acquiring file data generated by a target application program in running; judging whether the file data needs to be encrypted or not according to the storage address of the target file corresponding to the file data in the hard disk; if the file data is determined to be encrypted, judging whether the file data is abnormal or not; if the file data is determined to be abnormal, encrypting the file data to obtain encrypted data, and writing the encrypted data into a storage address of a hard disk so as to store the encrypted data into a target file. By implementing the embodiment of the application, the exposure risk of the file data can be reduced, and the safety of the file data is improved.

Description

File encryption method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of information security technologies, and in particular, to a file encryption method, a device, an electronic device, and a storage medium.
Background
In the current highly networked society, the problems of data security and privacy protection are more and more paid attention, and the problems of influencing the data security due to network attack, hacking and the like are happening. Important data leakage may have serious consequences, and in order to ensure data security, a secure encryption technology is an essential part of network communication. Data encryption is an important means for ensuring data security, but the traditional encryption method has some limitations, and meanwhile, human intervention is required to encrypt the data. The traditional encryption method cannot effectively ensure the safety of the data, so that serious potential safety hazards are brought to the data.
Disclosure of Invention
The embodiment of the application discloses a file encryption method, a file encryption device, electronic equipment and a storage medium, which can reduce the exposure risk of file data and improve the security of the file data.
The embodiment of the application discloses a file encryption method, which comprises the following steps:
monitoring and acquiring file data generated by a target application program in running;
judging whether the file data needs to be encrypted or not according to the storage address of the target file corresponding to the file data in the hard disk;
if the file data is determined to be encrypted, judging whether the file data is abnormal or not;
and if the file data is determined to be abnormal, encrypting the file data to obtain encrypted data, and writing the encrypted data into the storage address of the hard disk so as to store the encrypted data into the target file.
As an alternative embodiment, before the monitoring and acquiring the file data generated by the target application program at the time of running, the method further includes:
receiving a monitoring list sent by a server; the monitoring list comprises application information of at least one target application program needing to be monitored;
Determining a process identifier corresponding to each target application program according to the application information of each target application program;
the monitoring and acquiring file data generated by the target application program during running comprises the following steps:
and monitoring the process corresponding to each target application program according to the process identifier corresponding to each target application program, and acquiring the generated file data when any target application program is detected to generate the file data.
As an optional implementation manner, the monitoring the process corresponding to each target application according to the process identifier corresponding to each target application, when detecting that any target application generates file data, acquiring the generated file data includes:
when a first process is detected to perform read-write operation, intercepting the read-write operation, and judging whether a process identifier of the first process is matched with a process identifier corresponding to any target application program;
and if the process identifier of the first process is matched with the process identifier corresponding to any target application program, acquiring file data generated by the read-write operation.
As an optional implementation manner, the determining whether the file data needs to be encrypted according to the storage address of the target file corresponding to the file data in the hard disk includes:
judging whether a storage address of a target file corresponding to the file data in a hard disk belongs to a sandbox space or not;
and if the storage address belongs to the sandbox space, determining that the file data needs to be encrypted.
As an alternative embodiment, before the monitoring and acquiring the file data generated by the target application program at the time of running, the method further includes:
receiving a content strategy sent by a server; the content policy includes at least one piece of anomaly information;
the judging whether the file data has abnormality or not comprises the following steps:
judging whether the file data contains any abnormal information according to the content strategy;
and if the file data does not contain the abnormal information, determining that the file data is not abnormal.
As an optional implementation manner, the encrypting the file data to obtain encrypted data includes:
and encrypting the file data according to an elliptic curve algorithm to obtain encrypted data.
As an alternative embodiment, after said writing said encrypted data to said storage address of said hard disk to save said encrypted data to said target file, said method further comprises:
adding tail identifiers corresponding to the target files in the target files;
when a storage file in the hard disk is read, judging whether the storage file contains a tail identifier or not;
if the storage file contains the tail mark, decrypting the storage file to obtain decrypted file data, and displaying the decrypted file data;
and if the storage file does not contain the tail mark, directly displaying file data corresponding to the storage file.
The embodiment of the application discloses a file encryption device, the device includes:
the monitoring module is used for monitoring and acquiring file data generated by the target application program in running;
the first judging module is used for judging whether the file data needs to be encrypted or not according to the storage address of the target file corresponding to the file data in the hard disk;
the second judging module is used for judging whether the file data is abnormal or not if the file data is determined to be encrypted;
And the encryption module is used for encrypting the file data to obtain encrypted data if the file data is determined to be abnormal, and writing the encrypted data into the storage address of the hard disk so as to store the encrypted data into the target file.
The embodiment of the application discloses electronic equipment, which comprises a memory and a processor, wherein a computer program is stored in the memory, and when the computer program is executed by the processor, the processor realizes any one of the file encryption methods disclosed by the embodiment of the application.
The embodiment of the application discloses a computer readable storage medium storing a computer program, wherein the computer program realizes any one of the file encryption methods disclosed in the embodiment of the application when being executed by a processor.
Compared with the related art, the embodiment of the application has the following beneficial effects:
the embodiment of the application provides a file encryption method, a device, electronic equipment and a storage medium, wherein file data generated by a target application program in running are monitored and acquired; judging whether the file data needs to be encrypted or not according to the storage address of the target file corresponding to the file data in the hard disk; if the file data is determined to be encrypted, judging whether the file data is abnormal or not; if the file data is determined to be abnormal, encrypting the file data to obtain encrypted data, and writing the encrypted data into a storage address of a hard disk so as to store the encrypted data into a target file. By implementing the embodiment of the application, the file data generated by the target application program is monitored in real time, the file data to be encrypted is automatically encrypted, manual intervention encryption operation is not needed, the safety of the file data is primarily guaranteed, moreover, for the file to be encrypted, whether the file data is abnormal or not is further judged, if the file data is determined to be abnormal, the file data is encrypted, the file data with the abnormality is prevented from being written into a hard disk, the safety of other files in the hard disk is influenced, the risk of exposing the file data is reduced, and the safety of the file data is further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a file encryption method disclosed in an embodiment of the present application;
FIG. 2 is a flow chart of another method for encrypting a file according to an embodiment of the present application;
FIG. 3 is a schematic diagram of the operational principles of a target filter driver in one embodiment;
FIG. 4 is a schematic diagram of encrypting file data in one embodiment;
FIG. 5 is a schematic flow chart of determining that file data is not abnormal according to an embodiment of the present application;
FIG. 6 is a schematic flow chart of reading a storage file according to an embodiment of the present disclosure;
FIG. 7 is a schematic diagram of a file encrypting apparatus according to an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art without undue burden from the present disclosure, are within the scope of the present disclosure.
It should be noted that the terms "comprising" and "having" and any variations thereof in the embodiments and figures herein are intended to cover a non-exclusive inclusion. For example, a process, method, system, article, or apparatus that comprises a list of steps or elements is not limited to only those listed steps or elements but may include other steps or elements not listed or inherent to such process, method, article, or apparatus.
It will be understood that the terms "first," "second," and the like, as used herein, may be used to describe various elements, but these elements are not limited by these terms. These terms are only used to distinguish one element from another element. For example, a first determination module may be referred to as a second determination module, and similarly, a second determination module may be referred to as a first determination module, without departing from the scope of the present application. The first judgment module and the second judgment module are both judgment modules, but they are not the same judgment modules.
The embodiment of the application discloses a file encryption method, a file encryption device, electronic equipment and a storage medium, which can reduce the exposure risk of file data and improve the security of the file data. The following will describe in detail.
Fig. 1 is a schematic flow chart of a file encryption method disclosed in an embodiment of the present application. The file encryption method described in fig. 1 is applicable to an electronic device, which may include, but is not limited to, a mobile phone, a tablet computer, a wearable device, a notebook computer, a PC (personal computer), and the like, and embodiments of the present application are not limited thereto. In one embodiment, as shown in fig. 1, the file encryption method may include the steps of:
step S102, file data generated by the target application program in running is monitored and acquired.
The application program is monitored to observe the activities of the deployed application program in real time, and meanwhile, the running environment of the electronic equipment can not be affected, and the deployed application program is usually an application program obtained after being installed according to an installation package corresponding to the application program. The electronic device may monitor whether the target application program generates file data at runtime and acquire file data generated by the target application program when it is detected that the target application program generates file data at runtime. The electronic device monitors whether the target application program generates file data during running, and may detect whether the target application program is running or not, or detect whether the target application program fails during running.
The electronic device may be pre-configured with one or more target applications, which in some embodiments are applications that require monitoring of whether file data is generated, which may include, but are not limited to, file editing programs, etc., such as document editing programs, chart editing programs, etc.
The file data generated by the target application program during running may refer to file data generated by user editing in the target application program, the file data edited by the user may include, but is not limited to, newly added file data, modified file data, and the like, and the file corresponding to the file data may be updated according to the file data generated by the target application program during running, where the target application program includes one or more files, and these files may be stored in a hard disk of the electronic device. The file data generated by the target application program during running can be file data needing to be encrypted or file data not needing to be encrypted. Since the file data generated by the target application program during running may be file data to be encrypted, the target application program needs to be monitored, and the file data generated by the target application program during running is intercepted, so that the file data to be encrypted is encrypted. For example, the setting target application program is a document editor, the document A edited according to the document editor may be a target file contained in the document editor, when the document editor edits the document A, a user inputs a piece of text into the document A, corresponding file data can be generated according to the piece of text, and the file data is written into the corresponding target file, so as to save the piece of text into the document A. The electronic device may deploy a plurality of application programs, which may be preset before the electronic device leaves the factory, or may be determined by receiving signals sent by other devices.
As an embodiment, after the target application enters the running state, i.e. the target application is running, the target application may be monitored, and the running state of the target application may indicate that the processor in the electronic device is executing the target application. After the target application program is started, the target application program can enter an operating state, wherein a user can start the target application program by clicking an icon corresponding to the target application program or setting the icon within a preset time period, so that the target application program enters the operating state. The monitoring target application program can observe the activity of the target application program in real time, and meanwhile, the file data generated when the target application program runs can be intercepted, so that the file data generated when the target application program runs can be obtained. Further, the electronic device can monitor the target application program through a preset target filter driver and acquire file data generated when the target application program runs. The target filter driver is arranged in the kernel layer, and can monitor and acquire file data generated by a target application program transmitted to the kernel layer.
Step S104, judging whether the file data needs to be encrypted according to the storage address of the target file corresponding to the file data in the hard disk, if so, executing step S106, and if not, executing step S110.
In some embodiments, the file corresponding to the file data generated by the target application program is a target file, the target file is stored in the hard disk of the electronic device, and the file data is written into the target file corresponding to the file data, so that the writing of the file data into the hard disk is completed, therefore, the security level corresponding to the target file can be higher than the security level corresponding to other files, therefore, for the target file, the target file can be stored in a specific space, and the specific space can isolate other files in the hard disk, so that the security of the target file is prevented from being affected by the other files. As one implementation, the electronic device may determine whether a storage address of a target file corresponding to file data in a hard disk belongs to a sandbox space; if the storage address belongs to the sandbox space, the file data is determined to need to be encrypted. The sandbox space is an independent storage space, namely, the operations of modifying, deleting and the like are carried out in the sandbox space, files, application programs, systems and the like stored outside the sandbox space are not affected, and a specific file is stored in the sandbox space, so that an isolated environment can be provided for the specific file. When the file data generated during the operation of the target application program is acquired, the electronic equipment can acquire the storage address of the target file corresponding to the file data in the hard disk, and can judge whether the file data needs to be stored in the sandbox space according to the acquired storage address and the storage address corresponding to the sandbox space, if the storage address corresponding to the sandbox space appears in the storage address of the target file corresponding to the file data, the target file corresponding to the file data is indicated to be stored in the sandbox space. Because the file data corresponding to the target file stored in the sandbox space are all data needing to be encrypted, if the storage address of the target file corresponding to the file data generated when the target application program runs in the hard disk is the sandbox space, the file data is determined to need to be encrypted. The object file is stored in the sandbox space, so that the object file passes through an isolated environment, the security of the object file is improved, and meanwhile, the security of file data corresponding to the object file is ensured.
Step S106, if it is determined that the file data needs to be encrypted, it is determined whether the file data has an abnormality, if so, step S112 is executed, and if not, step S108 is executed.
In some embodiments, the file data presence anomaly may be that the file data contains information that affects the security of the electronic device, e.g., the file data presence anomaly may be that the file data contains a virus that may break a security system of the electronic device, or steal information in the electronic device, etc. The file data needing to be encrypted needs to be stored in a corresponding target file, the storage address of the target file in a hard disk is a sandbox space, a plurality of files are stored in the sandbox space, whether the file data is abnormal or not is judged, the file data without the abnormality is stored in the corresponding target file, the file data without the abnormality is not stored in the corresponding target file, the file data with the abnormality is deleted, or corresponding warning information is generated according to the file data with the abnormality, and the current generated file data of a user is reminded of the abnormality by displaying the warning information. And storing the file data without the abnormality into the corresponding target file, so that the files stored in the sandbox space can be ensured not to contain the file data without the abnormality. Whether the file data is abnormal or not is judged, and abnormality detection can be carried out on the file data, namely whether factors affecting the safety of the electronic equipment exist in the file data or not is detected, and if the file data is not detected. Before encrypting the file data, whether the file data is abnormal or not is judged, so that the file data stored in the target file is ensured to be abnormal, and the safety of the target file is ensured.
Step S108, if it is determined that the file data is not abnormal, encrypting the file data to obtain encrypted data, writing the encrypted data into a storage address of the hard disk, and storing the encrypted data into the target file.
When the target application program runs and generates file data, whether the file data is written into the storage address of the hard disk can be manually controlled by a user, and whether the file data is written into the storage address of the hard disk can also be automatically controlled by electronic equipment. For example, the target application program is a document editor, and the document editor edits characters in a document opened by the document editor to generate file data, and at this time, the file data can be written into a storage address of a hard disk by clicking for storage, so as to ensure that the file data can be found after the electronic device is restarted. Therefore, if the file data to be encrypted is written into the hard disk and then encrypted, there is a time difference between the generation of the file data and the writing of the file data into the storage address of the hard disk, and the security before the file data is written into the storage address of the hard disk cannot be ensured, so that the file data can be encrypted and then written into the storage address of the hard disk.
In one embodiment, if it is determined that the file data is not abnormal, the file data is encrypted to obtain encrypted data, so that information of the encrypted data is protected. Further, the file data may be encrypted according to an elliptic curve algorithm to obtain encrypted data. The elliptic curve algorithm comprises a public key and a private key, wherein the public key is public data, the private key is private data in the electronic equipment, the private key is non-public data, the file data is encrypted according to the public key, ciphertext corresponding to the file data is generated, and the ciphertext corresponding to the file data is encrypted data. Further, the file data may be encrypted according to an elliptic curve algorithm based on the file filtering driver to obtain encrypted data. The elliptic curve algorithm is an algorithm for establishing public key encryption based on an elliptic curve mathematical principle, and encrypts file data according to the elliptic curve algorithm to obtain encrypted data, so that the security of the encrypted data can be further improved.
After the encrypted data is obtained, the encrypted data is written into a storage address of the hard disk so as to store the encrypted data in the target file, thereby completing the encryption and storage of the file data needing to be encrypted.
Step S110, if it is determined that the file data does not need to be encrypted, the file data is directly stored in the target file.
In some embodiments, if the storage address of the target file corresponding to the file data is not the file data in the sandbox space, the file data may be directly written into the storage address in the hard disk without encrypting the file data, so that the file data is saved in the target file.
Step S112, if it is determined that the file data is abnormal, deleting the file data.
In one embodiment, if it is determined that the file data is abnormal, it indicates that a factor affecting the security of the electronic device exists in the current file data, so that the file data cannot be written into the storage address of the hard disk, and warning information corresponding to the file data can be generated and displayed according to the current file data, so that a user of the electronic device can know that the current file data is abnormal, and then delete the file data.
In the embodiment of the application, corresponding encryption management is performed on the file data through the storage address of the target file corresponding to the file data generated during the running of the target application program. If the file data is determined to be encrypted, judging whether the file data is abnormal, and not writing the abnormal file data into the hard disk, so that the problem that the abnormal file data affects the safety of the hard disk is avoided, if the file data is not abnormal, encrypting the file data before the file data is written into the hard disk, and writing the encrypted data into a storage address of the hard disk after the encrypted data is obtained, so that the file data is encrypted before being written into the hard disk, the exposure risk of the I-then data can be reduced, and the safety of the file data is improved.
Fig. 2 is a flow chart of another file encryption method disclosed in an embodiment of the present application. In one embodiment, as shown in FIG. 2, the method includes the steps of:
step S202, receiving a monitoring list sent by a server; the monitoring list contains application information of at least one target application program to be monitored.
As an embodiment, the monitoring list includes at least one application information of a target application program to be monitored, which may be used to monitor the target application program according to the application information of the target application program included in the monitoring list, where the application information of the target application program may be an application name, an application version number, etc. of the target application program, for example, if the target application program is information communication software and a browser, the monitoring list may be represented as [ wechat. Exe; chrome. Exe ]. In the server, the monitoring list can be generated according to the website configured with the monitoring list, and then the server sends the monitoring list to the electronic equipment so that the electronic equipment can receive the monitoring list sent by the server. The server can also update the application name of the monitoring list according to the application input by the administrator, generate an update instruction, update the monitoring list according to the update instruction to obtain an updated monitoring list, and send the updated monitoring list to the electronic equipment so that the electronic equipment can receive the updated monitoring list in real time, thereby realizing the update of the monitoring list under different requirements.
Step S204, determining the process identification corresponding to each target application program according to the application information of each target application program.
As an implementation manner, the application information of the target application program may be an application name of the target application program, and the process identifier corresponding to each target application program may be searched according to the application information of each target application program, or the process identifier of each target application program may be determined according to the process name of the target application program. The process identifier corresponding to the target application program may include a process identifier code corresponding to the target application program, and the like. After the application program is installed, the electronic device allocates a corresponding process identification code to each application program, the application program and the process identification code corresponding to the application program are in one-to-one correspondence, and the application program can be uniquely identified according to the process identification code corresponding to the application program. Thus, the corresponding process identification code of the target application may also be used to uniquely identify the target application. Meanwhile, the process identification codes corresponding to the target application programs are also in one-to-one correspondence, so that the process identification codes corresponding to the target application programs can be determined according to the process names of the target application programs.
Step S206, according to the process identification corresponding to each target application program, the process corresponding to each target application program is monitored, and when any target application program is detected to generate file data, the generated file data is acquired.
In some embodiments, the target application program may be determined according to the process identifier of the target application program, so that the process corresponding to each target application program may be monitored according to the process identifier corresponding to each target application program, where the process corresponding to the target application program is a unit for allocating resources in the electronic device, the target application program may implement the function corresponding to the target application program according to the process corresponding to the target application program, and one target application program may start one or more corresponding processes at the same time. When any target application program is detected to generate file data, namely, when the target application program performs a corresponding process, the current process performs input/output interface call, so that file data corresponding to the current process is generated, and the electronic equipment can acquire the generated file data.
Further, a file filtering driver is installed in the electronic device, the file filtering driver is a filtering driver contained in the electronic device, each filtering driver in the electronic device can manage files and data in a kernel layer, the target filtering driver can monitor and acquire file data generated by a target application program transmitted to the kernel layer according to a process identifier of the target application program, and meanwhile, the file filtering driver can encrypt the file data to be encrypted to obtain encrypted data and write the encrypted data into a target file corresponding to the encrypted data. The kernel layer is a bridge for connecting the electronic device with the user layer and the hardware layer, and is responsible for managing processes, memories, device drivers, files, network systems and the like of the electronic device. According to each filtering driver in the electronic device, the file data corresponding to various application programs can be monitored and intercepted, more importantly, the file filtering driver can monitor, acquire and encrypt the file data generated by the target application program, and the operations are executed before the various file data are written into the corresponding files of the file data. The file filter driver may also modify the target file corresponding to the file data according to the various file data, and thus the encrypted data may be written to the storage address of the hard disk according to the file filter driver.
When the first process is detected to perform read-write operation, the read-write operation is intercepted, and whether the process identifier of the first process is matched with the process identifier corresponding to any target application program is judged; and if the process identifier of the first process is matched with the process identifier corresponding to any target application program, acquiring file data generated by read-write operation. The first process is any process, the process identification of the first process is judged by intercepting the read-write operation, and if the process identification of the first process is the process identification corresponding to any target application program, the file data generated by the current read-write operation is generated when the target application program is operated, so that the file data generated when the target application program is operated can be obtained.
Fig. 3 is a schematic diagram of the working principle of the file filtering driver in one embodiment, as shown in fig. 3, in the electronic device, the file filtering driver may be divided into a user layer, a kernel layer and a hardware layer, where the user layer is directly oriented to the user and the application program, and the kernel layer may be connected to the user layer and the hardware layer, and is responsible for managing related processes, files, network systems and the like of a system of the electronic device. The user starts a target application program, the target application program enters an operation state, the user edits file data in the application program operated by a user layer, when editing the file data, the target application program generates the file data, the target application program can call an input/output interface to transmit the generated file data to an input/output interface manager in a kernel layer, the input/output interface manager forwards the file data to a filter manager, the filter manager comprises a plurality of file filter drivers, namely a file filter driver 1, a file filter driver 2 and a file filter driver 3, for example, a preset file filter driver can be a minifilter driver 1, a minifilter filter driver 2 or a minifilter filter driver 3, the file filter driver acquires the generated file data and then transmits the generated file data to a file system driver processor, and a storage driver stack of a target volume is a hardware preparation request so as to enable the file data to be written into a storage address of a hard disk in hardware.
The electronic device may monitor a process corresponding to each target application program based on a preset file filtering driver according to a process identifier corresponding to each target application program, and when any target application program is detected to generate file data, the target filtering driver may monitor and intercept the generated file data, so as to obtain the generated file data. The method comprises the steps that a target application program is monitored according to a preset file filtering driver, the target application program can be monitored according to a process identification code corresponding to the target application program, when the file filtering driver detects that the target application program generates file data, the file data can be obtained, the file data to be encrypted are encrypted to obtain encrypted data, and the encrypted data are written into a storage address of a hard disk.
Further, a file filtering driver preset in the electronic device may be used to monitor file data generated when the target application program runs. After the electronic equipment receives the monitoring list sent by the server, application information of the target application program contained in the monitoring list is determined through the application information of the target application program, and a process identifier corresponding to the application information of the target application program is determined. Generating a strategy identifier according to a process identifier corresponding to the target application program, monitoring the target application program by the file filtering driver according to the strategy identifier, namely when the process identifier of the target application program corresponding to the file data intercepted by the file filtering driver is the process identifier of the middle shift of the strategy identifier, judging whether the file data needs to be encrypted according to the storage address of the target file corresponding to the file data, judging whether the file data is abnormal if the file data needs to be encrypted, encrypting the file data to obtain encrypted data if the file data is not abnormal, and writing the encrypted data into a corresponding template file.
FIG. 4 is a schematic diagram of encrypting file data in one embodiment, where as shown in FIG. 4, a client program may control application software, where the application software may be an application program implementing a common function (i.e., other than a control function), for example, an electronic device may include an application software document editor, a WeChat, and a google browser, and the client program may be a computer manager, where the computer manager controls the document editor, the WeChat, and the google browser in the electronic device. When the application software runs, the client program acquires a process identification code corresponding to the application software, and connects port1 through a filterconnection communication port (a program for creating a port) in the electronic device, so as to create a communication port1 of a user layer and a kernel layer, and the process identification code corresponding to the application software is transmitted to a target filter driver in the kernel layer according to the communication port1, and meanwhile, data of the kernel layer can be transmitted to the user layer according to the communication port 1. Meanwhile, the file filtering driver can directly acquire the process identification code corresponding to the application software (such as a file editor and the like). The file filtering driver program generates a process identification code strategy according to the process identification code corresponding to the target application program, wherein the strategy process identification code strategy is used for recording the process identification corresponding to the application program which needs to be monitored according to the file filtering driver program, screening the acquired data generated by the application software and/or the data generated by the application software according to the process identification code strategy, and if the data generated by the application software and/or the process identification code corresponding to the data generated by the application software are matched with the process identification corresponding to the application program contained in the strategy process identification code, encrypting and decrypting the data generated by the application software and/or the data generated by the application software according to an elliptic curve algorithm to obtain encrypted data, and calling a read-write input/output interface according to the file filtering driver program to write the encrypted data into a hard disk of a hardware layer. If the data are not matched, the read-write input/output interface is directly called according to the file filtering driver, and the obtained data are written into the hard disk.
The target application program is monitored through the preset file filtering driver, when the file filtering driver detects file data generated by the target application program, the file data are obtained, the file data to be encrypted are encrypted, and then the encrypted file data are written into the hard disk, the file data generated by the target application program can be processed in a targeted manner, and therefore the safety of the file data generated by the target application program is ensured.
Step S208, judging whether the file data needs to be encrypted according to the storage address of the target file corresponding to the file data in the hard disk, if so, executing step S210, and if not, executing step S214.
Step S210, if it is determined that the file data needs to be encrypted, it is determined whether the file data has an abnormality, if so, step S216 is executed, and if not, step S212 is executed.
Step S212, if it is determined that the file data is not abnormal, encrypting the file data to obtain encrypted data, writing the encrypted data into a storage address of the hard disk, and storing the encrypted data into the target file.
In step S214, if it is determined that the file data does not need to be encrypted, the file data is directly saved to the target file.
In step S216, if it is determined that the file data is abnormal, the file data is deleted.
The descriptions of steps S208 to S216 may refer to the descriptions related to steps S104 to S112 in the above embodiments, and are not repeated here.
In the embodiment of the application, a monitoring list sent by a server is received; the monitoring list comprises application information of at least one target application program to be monitored, process identifiers corresponding to the target application programs are determined according to the application information of the target application programs, processes corresponding to the target application programs are monitored according to the process identifiers corresponding to the target application programs, when any target application program is detected to generate file data, the generated file data are obtained, the processes corresponding to the target application programs are monitored through the application information corresponding to the target application programs contained in the monitoring list, the accuracy of monitoring the target application programs is ensured, the target application programs are monitored, the generated file data are obtained, and therefore the file data generated when the target application programs run can be accurately obtained.
Referring to fig. 5, fig. 5 is a schematic flow chart of determining that file data is not abnormal according to an embodiment of the present application. In one embodiment, the file encryption method further includes the following steps:
Step S502, receiving a content strategy sent by a server; the content policy includes at least one piece of anomaly information.
In some embodiments, the content policy may be configured according to a website preset in the server, so as to obtain a configured content policy, and then the content policy is sent to the electronic device, so that the electronic device receives the content policy sent by the server, where the content policy includes at least one piece of anomaly information, and according to the anomaly information included in the content policy, it may be determined whether the file data has an anomaly, where the anomaly information may be a virus or a related program, a file, or the like that is harmful to the electronic device.
Step S504, judging whether any abnormal information is contained in the file data according to the content strategy, if yes, executing step S508, and if not, executing step S506.
As an implementation manner, the content policy includes at least one piece of abnormality information, the file data is matched with the content policy, so as to determine whether the file data includes any abnormality information, if the file data includes the abnormality information in the content policy, the file data is indicated to have abnormality, and the file data can be deleted and corresponding warning information can be generated, so that a user knows that the file data generated at present has abnormality, or the file data can not be written into the hard disk, thereby avoiding the influence of the file data having abnormality on the security of the file in the hard disk. If the file data does not contain the abnormal information in the content policy, it can be determined that the file data is abnormal, and the file data can be encrypted and written into the hard disk.
In step S506, if the file data does not include the anomaly information, it is determined that the file data is not abnormal.
In one embodiment, if the file data does not include the abnormality information, the file data does not include data that affects the security of the stored file in the hard disk, such as viruses and harmful programs, and it is determined that the file data does not have an abnormality, the file data that does not have an abnormality may be encrypted according to an elliptic curve algorithm to obtain encrypted data, and the encrypted data is stored in a target file corresponding to the encrypted data.
In the embodiment of the application, a content strategy sent by a server is received; the content policy comprises at least one piece of abnormal information, whether any piece of abnormal information is contained in the file data is judged according to the content policy, if the file data does not contain the abnormal information, the file data is determined to have no abnormality, the file data to be written into the hard disk can be ensured not to influence the safety of the hard disk, and the safety of the file stored in the hard disk is further ensured.
In step S508, if the file data contains abnormal information, the file data is deleted.
In some embodiments, if the file data includes the anomaly information, the file data including the anomaly information may be written into the storage address of the hard disk, and the anomaly information may also be written into the hard disk, which affects the security of the hard disk, so that the file data including the anomaly information may be deleted.
Referring to fig. 6, fig. 6 is a schematic flow chart of reading a storage file according to an embodiment of the disclosure. In one embodiment, as shown in fig. 6, the file encryption method further includes the following steps:
step S602, adding tail identification corresponding to the target file in the target file.
In some embodiments, after the encrypted data is written into the corresponding target file, a corresponding tail identifier needs to be added to the target file, where the tail identifier is used to identify whether the file stored in the hard disk contains the encrypted data, and the tail identifier corresponding to the target file is added to the target file, so that the target file with the encrypted data can be accurately identified. Meanwhile, the tail identifier may be present in the target file in the form of "", cipert. The target file with the corresponding tail mark contains encrypted data, so that whether the file in the hard disk is the target file can be distinguished according to whether the file in the hard disk contains the tail mark, if the file in the hard disk contains the tail mark, the file is the target file, and if the file in the hard disk does not contain the tail mark, the file is not the target file.
Step S604, when the storage file in the hard disk is read, judging whether the storage file contains the tail identification, if yes, executing step S606, and if not, executing step S608.
As an embodiment, the storage file in the hard disk may be read, or the storage file in the hard disk may be displayed, or the storage file of the application program call and the building may be read. When the electronic equipment reads the storage file, whether the storage file contains encrypted data is identified according to whether the storage file contains the tail identification, if the storage file contains the tail identification, the storage file contains the encrypted data, and if the storage file does not contain the tail identification, the storage file contains the unencrypted data.
In step S606, if the storage file includes the tail identifier, the storage file is decrypted to obtain decrypted file data, and the decrypted file data is displayed.
In one embodiment, if the storage file includes the trailer identifier, it indicates that the storage file includes encrypted data, and the decrypted file data is obtained by decrypting the encrypted data included in the storage file, so that the decrypted file data can be displayed. Further, the encrypted data in the stored file can be encrypted and decrypted according to an elliptic curve algorithm to obtain decrypted file data.
In step S608, if the storage file does not include the tail identifier, the file data corresponding to the storage file is directly displayed.
In one embodiment, if the storage file does not include the trailer identifier, it indicates that the storage file includes unencrypted data, so that file data corresponding to the storage file can be directly displayed without decrypting the storage file.
In the embodiment of the application, the tail identifier corresponding to the target file is added to the target file, when the storage file in the hard disk is read, whether the storage file contains the tail identifier is judged, if the storage file contains the tail identifier, the storage file is decrypted to obtain decrypted file data, then the decrypted file data is displayed, if the storage file does not contain the tail identifier, the file data corresponding to the storage file is directly displayed, whether the storage file contains the encrypted data can be judged according to whether the storage file contains the tail identifier, and convenience in displaying the storage file containing the encrypted data is improved, so that the efficiency of reading the encrypted data is improved.
Referring to fig. 7, fig. 7 is a schematic structural diagram of a file encrypting apparatus according to an embodiment of the present disclosure. The device can be applied to the electronic equipment, and is not particularly limited. As shown in fig. 7, the file encrypting apparatus 700 may include: the device comprises a monitoring module 701, a first judging module 702, a second judging module 703 and an encrypting module 704.
The monitoring module 701 is configured to monitor and acquire file data generated by a target application program during running;
a first judging module 702, configured to judge whether the file data needs to be encrypted according to a storage address of a target file corresponding to the file data in the hard disk;
a second judging module 703, configured to judge whether the file data is abnormal if it is determined that the file data needs to be encrypted;
and the encryption module 704 is configured to encrypt the file data to obtain encrypted data if it is determined that the file data is not abnormal, and write the encrypted data into a storage address of the hard disk to store the encrypted data in the target file.
As an optional implementation manner, the file encrypting apparatus 700 further includes a receiving list module and a determining and identifying module:
the receiving list module is used for receiving the monitoring list sent by the server; the monitoring list comprises application information of at least one target application program needing to be monitored;
the determining and identifying module is used for determining the process identifier corresponding to each target application program according to the application information of each target application program;
the monitoring module 701 is further configured to monitor a process corresponding to each target application according to a process identifier corresponding to each target application, and when detecting that any target application generates file data, acquire the generated file data.
As an optional implementation manner, the monitoring module 701 is further configured to intercept the read-write operation when the read-write operation is detected by the first process, and determine whether the process identifier of the first process is matched with the process identifier corresponding to any target application program; and if the process identifier of the first process is matched with the process identifier corresponding to any target application program, acquiring file data generated by read-write operation.
As an optional implementation manner, the first determining module 702 is further configured to determine whether a storage address of a target file corresponding to the file data in the hard disk belongs to a sandbox space; if the storage address belongs to the sandbox space, the file data is determined to need to be encrypted.
As an alternative embodiment, the file encrypting apparatus 700 further includes a receiving policy module:
the receiving strategy module is used for receiving the content strategy sent by the server; the content policy includes at least one piece of abnormality information;
the second judging module 703 is further configured to judge whether the file data contains any abnormal information according to the content policy; if the file data does not contain the abnormality information, determining that the file data has no abnormality.
As an optional implementation manner, the encryption module 704 is further configured to encrypt the file data according to an elliptic curve algorithm to obtain encrypted data.
As an optional implementation manner, the file encryption apparatus 700 further includes an adding identification module, a third judging module, a decryption module and a display module:
the adding identification module is used for adding tail identifications corresponding to the target file in the target file;
the third judging module is used for judging whether the storage file contains a tail mark or not when the storage file in the hard disk is read;
the display module is used for decrypting the stored file if the stored file contains the tail identifier, obtaining decrypted file data and displaying the decrypted file data; and the file data corresponding to the storage file is directly displayed if the storage file does not contain the tail mark.
In the embodiment of the application, through the storage address of the file data generated during the running of the target application program, corresponding encryption management is performed on the file data so as to adapt to file encryption under more application scenes, if the file data is determined to be encrypted, whether the file data is abnormal or not is judged, the abnormal file data is not written into the hard disk, the situation that the abnormal file data influence the safety of the hard disk is avoided, if the file data is not abnormal, the file data is encrypted before being written into the hard disk, the encrypted data is obtained, and then the encrypted data is written into the storage address of the hard disk, so that the file data is encrypted before being written into the hard disk, the risk of data exposure can be reduced, and the safety of the file data is improved.
Referring to fig. 8, fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 8, the electronic device 800 may include:
a memory 801 storing executable program code;
a processor 802 coupled to the memory 801;
the processor 802 invokes executable program codes stored in the memory 801 to execute any of the file encryption methods disclosed in the embodiments of the present application.
The embodiment of the application discloses a computer readable storage medium storing a computer program, wherein the computer program, when executed by the processor, causes the processor to implement any one of the file encryption methods disclosed in the embodiment of the application.
It should be appreciated that reference throughout this specification to "one embodiment" or "an embodiment" means that a particular feature, structure or characteristic described in connection with the embodiment is included in at least one embodiment of the present application. Thus, the appearances of the phrases "in one embodiment" or "in an embodiment" in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. Those skilled in the art will also appreciate that the embodiments described in the specification are all alternative embodiments and that the acts and modules referred to are not necessarily required in the present application.
In various embodiments of the present application, it should be understood that the size of the sequence numbers of the above processes does not mean that the execution sequence of the processes is necessarily sequential, and the execution sequence of the processes should be determined by the functions and internal logic thereof, and should not constitute any limitation on the implementation process of the embodiments of the present application.
The units described above as separate components may or may not be physically separate, and components shown as units may or may not be physical units, may be located in one place, or may be distributed over a plurality of network units. Some or all of the units may be selected according to actual needs to achieve the purpose of the embodiment.
In addition, each functional unit in the embodiments of the present application may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units may be implemented in hardware or in software functional units.
The integrated units described above, if implemented in the form of software functional units and sold or used as stand-alone products, may be stored in a computer-accessible memory. Based on such understanding, the technical solution of the present application, or a part contributing to the prior art or all or part of the technical solution, may be embodied in the form of a software product stored in a memory, including several requests for a computer device (which may be a personal computer, a server or a network device, etc., in particular may be a processor in the computer device) to perform part or all of the steps of the above-mentioned method of the various embodiments of the present application.
Those of ordinary skill in the art will appreciate that all or part of the steps of the various methods of the above embodiments may be implemented by a program that instructs associated hardware, the program may be stored in a computer readable storage medium including Read-Only Memory (ROM), random access Memory (Random Access Memory, RAM), programmable Read-Only Memory (Programmable Read-Only Memory, PROM), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM), one-time programmable Read-Only Memory (OTPROM), electrically erasable programmable Read-Only Memory (EEPROM), compact disc Read-Only Memory (Compact Disc Read-Only Memory, CD-ROM) or other optical disk Memory, magnetic disk Memory, tape Memory, or any other medium that can be used for carrying or storing data that is readable by a computer.
The foregoing describes in detail a file encryption method, apparatus, electronic device and storage medium disclosed in the embodiments of the present application, and specific examples are applied herein to illustrate the principles and embodiments of the present application, where the foregoing description of the embodiments is only for aiding in understanding the method and core concept of the present application. Meanwhile, as those skilled in the art will have modifications in the specific embodiments and application scope in accordance with the ideas of the present application, the present description should not be construed as limiting the present application in view of the above.

Claims (9)

1. A method of encrypting a file, the method comprising:
monitoring and acquiring file data generated by a target application program in running;
judging whether the file data needs to be encrypted or not according to the storage address of the target file corresponding to the file data in the hard disk;
if the file data is determined to be encrypted, judging whether the file data is abnormal or not;
if the file data is determined to be abnormal, encrypting the file data to obtain encrypted data, and writing the encrypted data into the storage address of the hard disk so as to store the encrypted data into the target file;
the step of judging whether the file data needs to be encrypted according to the storage address of the target file corresponding to the file data in the hard disk comprises the following steps: judging whether a storage address of a target file corresponding to the file data in a hard disk belongs to a sandbox space or not; and if the storage address belongs to the sandbox space, determining that the file data needs to be encrypted.
2. The method of claim 1, wherein prior to said monitoring and retrieving file data generated by the target application at runtime, the method further comprises:
Receiving a monitoring list sent by a server; the monitoring list comprises application information of at least one target application program needing to be monitored;
determining a process identifier corresponding to each target application program according to the application information of each target application program;
the monitoring and acquiring file data generated by the target application program during running comprises the following steps:
and monitoring the process corresponding to each target application program according to the process identifier corresponding to each target application program, and acquiring the generated file data when any target application program is detected to generate the file data.
3. The method according to claim 2, wherein the monitoring the process corresponding to each target application according to the process identifier corresponding to each target application, when any target application is detected to generate file data, acquiring the generated file data includes:
when a first process is detected to perform read-write operation, intercepting the read-write operation, and judging whether a process identifier of the first process is matched with a process identifier corresponding to any target application program;
And if the process identifier of the first process is matched with the process identifier corresponding to any target application program, acquiring file data generated by the read-write operation.
4. The method of claim 1, wherein prior to said monitoring and retrieving file data generated by the target application at runtime, the method further comprises:
receiving a content strategy sent by a server; the content policy includes at least one piece of anomaly information;
the judging whether the file data has abnormality or not comprises the following steps:
judging whether the file data contains any abnormal information according to the content strategy;
and if the file data does not contain the abnormal information, determining that the file data is not abnormal.
5. The method according to any one of claims 1 to 4, wherein encrypting the file data to obtain encrypted data includes:
and encrypting the file data according to an elliptic curve algorithm to obtain encrypted data.
6. The method of claim 1, wherein after the writing of the encrypted data to the storage address of the hard disk to save the encrypted data to the target file, the method further comprises:
Adding tail identifiers corresponding to the target files in the target files;
when a storage file in the hard disk is read, judging whether the storage file contains a tail identifier or not;
if the storage file contains the tail mark, decrypting the storage file to obtain decrypted file data, and displaying the decrypted file data;
and if the storage file does not contain the tail mark, directly displaying file data corresponding to the storage file.
7. A document encryption apparatus, the apparatus comprising:
the monitoring module is used for monitoring and acquiring file data generated by the target application program in running;
the first judging module is used for judging whether the file data needs to be encrypted or not according to the storage address of the target file corresponding to the file data in the hard disk;
the second judging module is used for judging whether the file data is abnormal or not if the file data is determined to be encrypted;
the encryption module is used for encrypting the file data to obtain encrypted data if the file data is determined to be abnormal, and writing the encrypted data into the storage address of the hard disk so as to store the encrypted data into the target file;
The first judging module is further configured to judge whether a storage address of a target file corresponding to the file data in the hard disk belongs to a sandbox space; and if the storage address belongs to the sandbox space, determining that the file data needs to be encrypted.
8. An electronic device comprising a memory and a processor, the memory having stored therein a computer program which, when executed by the processor, causes the processor to implement the method of any of claims 1 to 6.
9. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method according to any of claims 1 to 6.
CN202311611398.8A 2023-11-29 2023-11-29 File encryption method and device, electronic equipment and storage medium Pending CN117313134A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311611398.8A CN117313134A (en) 2023-11-29 2023-11-29 File encryption method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311611398.8A CN117313134A (en) 2023-11-29 2023-11-29 File encryption method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN117313134A true CN117313134A (en) 2023-12-29

Family

ID=89281513

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311611398.8A Pending CN117313134A (en) 2023-11-29 2023-11-29 File encryption method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN117313134A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107133524A (en) * 2017-04-27 2017-09-05 北京洋浦伟业科技发展有限公司 A kind of date storage method and device
CN110363002A (en) * 2019-07-16 2019-10-22 杭州安恒信息技术股份有限公司 A kind of intrusion detection method, device, equipment and readable storage medium storing program for executing
CN110414258A (en) * 2018-04-28 2019-11-05 阿里巴巴集团控股有限公司 Document handling method and system, data processing method
CN112100634A (en) * 2020-09-17 2020-12-18 广州皓品科技有限公司 Data information security protection method
CN114817981A (en) * 2022-02-14 2022-07-29 统信软件技术有限公司 File access method, computing device and readable storage medium
KR102542213B1 (en) * 2022-11-11 2023-06-14 펜타시큐리티시스템 주식회사 Real-time encryption/decryption security system and method for data in network based storage

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107133524A (en) * 2017-04-27 2017-09-05 北京洋浦伟业科技发展有限公司 A kind of date storage method and device
CN110414258A (en) * 2018-04-28 2019-11-05 阿里巴巴集团控股有限公司 Document handling method and system, data processing method
CN110363002A (en) * 2019-07-16 2019-10-22 杭州安恒信息技术股份有限公司 A kind of intrusion detection method, device, equipment and readable storage medium storing program for executing
CN112100634A (en) * 2020-09-17 2020-12-18 广州皓品科技有限公司 Data information security protection method
CN114817981A (en) * 2022-02-14 2022-07-29 统信软件技术有限公司 File access method, computing device and readable storage medium
KR102542213B1 (en) * 2022-11-11 2023-06-14 펜타시큐리티시스템 주식회사 Real-time encryption/decryption security system and method for data in network based storage

Similar Documents

Publication Publication Date Title
US11687653B2 (en) Methods and apparatus for identifying and removing malicious applications
US9424430B2 (en) Method and system for defending security application in a user's computer
US7840750B2 (en) Electrical transmission system in secret environment between virtual disks and electrical transmission method thereof
US20110060915A1 (en) Managing Encryption of Data
Tandon et al. A comprehensive survey on ransomware attack: A growing havoc cyberthreat
CN110647744B (en) Method, device, medium and system for evidence collection analysis in file system
CN111274583A (en) Big data computer network safety protection device and control method thereof
CN109873803A (en) The authority control method and device of application program, storage medium, computer equipment
US10142343B2 (en) Unauthorized access detecting system and unauthorized access detecting method
US20190332765A1 (en) File processing method and system, and data processing method
US10122739B2 (en) Rootkit detection system and method
CN112417484A (en) Resource file protection method and device, computer equipment and storage medium
CN107330328A (en) Defend method, device and the server of virus attack
US20160335433A1 (en) Intrusion detection system in a device comprising a first operating system and a second operating system
EP3563548B1 (en) Historic data breach detection
TW201804354A (en) Storage device, data protection method therefor, and data protection system
WO2019037521A1 (en) Security detection method, device, system, and server
CN113946873B (en) Off-disk file tracing method and device, terminal and storage medium
CN109657490B (en) Transparent encryption and decryption method and system for office files
CN113467895B (en) Docker operation method, docker operation device, server and storage medium
CN109446847B (en) Configuration method of dual-system peripheral resources, terminal equipment and storage medium
KR101429131B1 (en) Device and method for securing system
KR102542213B1 (en) Real-time encryption/decryption security system and method for data in network based storage
CN111711656A (en) Network edge storage device with safety function
CN117313134A (en) File encryption method and device, electronic equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination