CN1725196A - Enciphered protection and read write control method for computer data - Google Patents
Enciphered protection and read write control method for computer data Download PDFInfo
- Publication number
- CN1725196A CN1725196A CN 200510040393 CN200510040393A CN1725196A CN 1725196 A CN1725196 A CN 1725196A CN 200510040393 CN200510040393 CN 200510040393 CN 200510040393 A CN200510040393 A CN 200510040393A CN 1725196 A CN1725196 A CN 1725196A
- Authority
- CN
- China
- Prior art keywords
- read
- write
- data
- disk
- sector
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
This invention relates to a computer data cipher protection and a read/write control method, which applies a generate method combining a serial bus ciphering dog or software identity certification with the sector stage read/write interception to realize cipher to hard disk data, which utilizes the sector stage read/write interception method to intercept all read/write operations, carries out cipher/decipher conversion in the cipher core under the condition of existing related identity certification to realize the cipher to disk data and read/write control.
Description
Technical field
The present invention relates to a kind of encipherment protection and relevant read/writing control method of computer data, especially control the method that combines by USB (universal serial bus) softdog (being called for short USB-KEY), sector-level read-write interception and encryption core (encryption core is responsible for data ciphering and deciphering) and to read-write operation.
Background technology:
The data encryption product HDLOCK of Authenex company, the method that it adopts USB-KEY and software cryptography core to combine realizes the encryption to the pick of fixed disk file number.Its realization technology is based on the file filter technology of operating system, promptly tackle all read-write operations to file, in encryption core, carry out the encrypting and decrypting conversion, this conversion is only when corresponding USB-KEY exists, just can carry out, as not existing, the file data crossed of reading encrypted correctly then, thus promptly realized encryption to data.Its shortcoming: 1. its cryptographic object is the file content data, rather than all data on the hard disk.(annotate: file is a kind of main existence form of data in magnetic disk, but is not only existence form.Such as file allocation table, private data of some software or the like is not the data that exist with document form for another example.So) though HDLOCK with the data encryption in the file, the user still can see filename not inserting under the situation of KEY, the instrument of also available direct read sector sees the data that do not exist with document form.2. the file of Jia Miing still can be in sight, still can be deleted when no corresponding USB-KEY, cause loss of data.3. since the file filter technology can only to tackle with the file be the read-write operation of object, so for directly can't tackle at the read-write of sector such as format is this at all, the assailant only needs the using form function, just significant data can be destroyed fully.Generally speaking, HDLOCK encrypts not thoroughly.
Hidden Dragon order is the similar products of a domestic company, and it also is the function that realizes enciphered data by USB-KEY and the acting in conjunction of software cryptography core.It need be pre-created a certain size a file, then this file is invented a logical partition.The file that the user will need to encrypt is put so far in the virtual partition, and the read-write operation in this virtual partition is all with encrypted, as does not have corresponding USB-KEY, can't visit.Shortcoming: 1. can not protect available data,, must be copied in the virtual partition earlier as protecting.2. the same with HDLOCK, can only protect the data that exist with document form 3. can only in predetermined space size, operate.4. because the virtual partition of Hidden Dragon order itself also is a file, the assailant still can cause loss of data with it deletion or with its place partition format when no KEY.5. no longer need to have encrypted as some encrypt file, it must be copied to common subregion.
Hard disk encryption card: a kind of card that is inserted on the computing machine, it with hard disk between have data line to link to each other, exchanges data all between CPU and the hard disk all can be passed through this card, are sent to the take over party after this card is done encrypting and decrypting work with data.As do not have card, the data on the hard disk can not be decrypted, so, when not having card, the data of read-write caller on can't the correct understanding hard disk, thus realized data encryption feature.Advantage: all hard disc datas all can be encrypted.Shortcoming: 1. Ka cost is higher.2. for number pick safety, when leaving computing machine, should pull out card, and because this card is when being inserted on the computer motherboard, so must open computer cabinet could plug, operation is inconvenience very, especially for many notebook computers, and at all just can not be in the cabinet for the place of plug-in card.3. just will encrypt and all to encrypt by DISK to Image, can't only select one or a component zone encryption, and the residue subregion is not encrypted.
Chinese patent 02823349.2 provides a kind of method and apparatus of carrying out data encryption/decryption on large-capacity storage media.The multiple different encryption/decryption algorithm of using association key can be applied to the different memory areas of medium,, improve safety of data thus greatly as the piece/sector on the hard disk drive.Provide a kind of described key has been combined with random number, with the method and apparatus of further raising data security.In embodiment, piece/sector number is used to select to use the algorithm and the random number of association key.The electronic data that also can be used for encrypt/decrypt Email, Network etc. and other type.But it emphasizes that from the hard disk boot computing machine, described device provides authen session, even can be used for selecting and a certain cipher key carrier associated operating system and/or environment by the Main Boot Record of change disk system.
The super following LOCKUP in Taiwan adopts dynamo-electric physics mode, directly controls the hard disk motor, when no KEY, pins motor, thereby reaches the encryption purpose.
Products such as " the secret special envoy " of Taiwan moral inscription and river people's Hard-disk Lock take to revise the method for partition information table, make the operating system can't the recognition subregion, thereby the data in can't write partitions reach the purpose that realizes data encryption.Such encryption is very dangerous, is easy to be cracked, and method has two: 1, analyze hard disk, attempt the initial sector of each subregion, recover partition table then according to the data organization feature, so just can visit the data in the subregion, this method needs certain professional knowledge; 2, utilize data first aid software, can under the situation of not recovering partition information, draw the most files on the hard disk, FinalData is exactly a good data first aid software, and this method is simple, need not professional knowledge.
Do not have as yet in the prior art to run into the encryption method that combines with sector-level read-write interception by USB-KEY, and the method that combines with read-write operation control.
Summary of the invention
The object of the invention provides a kind of encipherment protection and relevant read/writing control method, and especially the encryption method that is combined with sector-level read-write interception by USB-KEY can be carried out encryption and decryption to the data of setting regions and be handled, and also can combine with read-write operation control.Can control the read-write of all sector, with certain blocks of data be set at read-only, only write, not read-write, normally read and write four kinds of states.
The object of the invention also is: the operation to file and data even computing machine all can be encrypted, and encrypts more thoroughly.And can carry out piece/sector encryption.To the various significant datas that are present on the computing machine, carry out safekeeping as the pick of Corporate Finance number, corporate client's data, important technology drawing or the like data.Simultaneously, also can control the read-write of all sector, with certain blocks of data be set at read-only, only write, not read-write, normally read and write four kinds of states.
The present invention seeks to realize like this: a kind of computer data enciphering protection and read/writing control method; adopt the method for USB (universal serial bus) softdog (also can use software authentication) and sector-level read-write interception to combine; realize encryption to hard disc data; its process is to tackle all read-write operations with the method for sector-level read-write interception; in encryption core, carry out the encrypting and decrypting conversion; and under the condition that corresponding authentication (as USB-KEY hardware identification or software identify identification) exists, carry out, realize encryption and read-write control to hard disc data.
USB (universal serial bus) softdog (USB-KEY) combines with ASE advanced encryption standard method, typical A ES advanced encryption standard algorithm such as Rijndael algorithm, and the authentication among the USB-KEY is promptly as the key of cryptographic algorithm.
By the present invention, the user can carry out encipherment protection and read-write control to the hard disc data zone of appointment, all must carry out under the situation that corresponding USB-KEY (or software identify identification) exists in all data write on the encrypted partition zone.Hardware USB-KEY is safer in the use, and the user only needs USB-KEY extracted and takes away when leaving computing machine, other people enciphered data on just can't access computer.
Improvement of the present invention is: by setting encrypted partition this subregion is carried out real-time blocking, whether the read-write to disk is effectively tackled and is handled by switch command control, by establishment sector-level read-write hook procedure, all disk operating are tackled, all will intercept following information to each disk read-write: read or write, read-write beginning sector, the sector number of read-write, the content of read-write, again according to the encrypted partition start-stop information of preserving, judge whether to read and write encrypted partition, if, after then the read-write content being done the encryption and decryption conversion according to the encryption and decryption information among the USB-KEY (or software identify identification), the original disk read-write program of call operation system makes it normal operation again; If not, then do not deal with, directly the original disk read-write program of calling system.Whether effectively tackle thereby finish.
By setting encrypted partition this subregion is carried out real-time blocking, whether the read-write to disk effectively tackles by switch command control, take over int13H by working out a bit of memory-resident program, make all detections of this resident program of process earlier of all disk operating, intercept and capture four parameters that int13H calls: read or write, read-write beginning sector, the sector number of read-write, the content of read-write, according to the encrypted partition start-stop information of preserving, judge whether to read and write encrypted partition, if, after then read-write content and signal being done the encryption and decryption conversion, call former int13H again and make it normal operation, if not, then do not deal with, directly call former int13h, whether effectively tackle thereby finish; Or adopt among the WINDOWS DDK and tackle IRP_MJ_READ, the IRP_MJ_WRITE signal, read-write to disk is effectively tackled, make all detections of process hook procedure earlier of all disk operating, will intercept IRP order bag, following four parameters have been comprised in the IRP bag: read or write, read-write beginning sector, the sector number of read-write, the content of read-write, again according to the encrypted partition start-stop information of preserving, judge whether to read and write encrypted partition, if, to reading and writing data and after signal does encryption and decryption conversion, call original disk read-write driver again, make it normal operation, if not, then do not deal with, directly call original disk read-write driver.
Different is with the order of HDLOCK, Hidden Dragon, and the present invention has adopted the method for sector-level read-write interception, and the method can all be tackled the data in magnetic disk read-write operation of all kinds, rather than only tackles the file content data write.
Characteristics of the present invention are:
A must could decipher under the KEY that generates this enciphered data cooperates data encrypted.
B tackles owing to the present invention adopts the read-write of sector-level, so, can encrypt various forms of data, and just at the file content data.
Whether C can be unit (can not be unit with the subregion also) with the subregion, select to encrypt, and legacy data can correspondingly be done the encrypting and decrypting conversion, need not additionally to duplicate.
D is under the supervision of encryption core, and enciphered data can be not deleted or format, prevents by data corruption.
The most computing machines of E are supported USB, and by the read-write of USB-KEY control enciphered data, plug is convenient, need not shutdown, need not to open cabinet.
That F can be set at specified partition (or appointed area) is read-only, only write, not read-write, normally read and write four kinds of states.When computing machine is connected to the Internet, leak for preventing capsule information, this subregion is made as can not read-write state; For preventing, this subregion can be made as a read states not by virus infections.
G can be by read-write properties or the plug USB-KEY that sets subregion, the data access on the situation control hard disk that need not to shut down computer
In short: protected data has two main points, will prevent that not only encrypted data from leaking, and will prevent that also encrypted data is destroyed, and the present invention has realized this 2 point, and thus, encryption of the present invention is than encipherment scheme more completely; Another distinguishing feature of the present invention is exactly easy to use, as long as USB-KEY is hidden, but just data are carefree.Simultaneously, another key character of the present invention can be read and write control to the data in the appointed area exactly, thereby makes the user carry out diversified protection scheme to different data according to the needs of oneself.The present invention also has the feature of dynamic read-write control, need not to restart computing machine, and is convenient and swift.
Description of drawings
Fig. 1 is a complete schematic of the present invention, reads to encrypt the process flow diagram in zone when promptly KEY being arranged
Fig. 2 reads to encrypt the process flow diagram in zone when not having KEY for the present invention,
Fig. 3 writes the process flow diagram of encrypting the zone when for the present invention KEY being arranged
Fig. 4 writes the process flow diagram of encrypting the zone when not having KEY for the present invention
Fig. 5 during new encryption zone, changes into clear data the process flow diagram of enciphered data for the present invention sets
When Fig. 6 encrypted the zone for the present invention cancels, enciphered data changed into standing grain enciphered data flow process figure
Fig. 7 reads the process flow diagram of read-only zones when for the present invention KEY being arranged
Fig. 8 writes the process flow diagram of read-only zones for the present invention
Embodiment
Fig. 1 is as follows for the invention complete schematic:
Annotate: " read-write caller " need read and write the software or the hardware of data in magnetic disk for all.
KEY among the figure is USB-KEY mentioned above
R is that hard disk reads instruction among the figure, it has indicated one group of sector SEC that need read, " read-write caller " sends the R that reads instruction to hard disk, encrypted midway core CORE interception, CORE is under the situation that the KEY association is arranged, directly will instruct R to reach hard disk, the hard disk number pick that SEC is pointed is read, these data are enciphered data, these data are tackled by CORE when sending to " read-write caller ", CORE is if any the KEY association, key and the decoding of algorithm (being identity code) logarithm driving row in will root pick KEY, and decoded data are sent to " read-write caller ".
Fig. 2 reads to encrypt regional process flow diagram during for no KEY, " read-write caller " sends the R that reads instruction among Fig. 2, tackled by CORE in being passed to the way of hard disk, and CORE finds no KEY association, then do not continue transmission and read instruction, but directly notice " read-write caller " read operation failure.
Fig. 3 writes the process flow diagram of encrypting the zone when KEY is arranged, " read-write caller " sends write command W, the data DATA of not encrypted is write in requirement to one group of sector of SEC representative, in being sent to the process of hard disk, tackled by CORE, CORE finds to have the KEY association, then use key and algorithm (being identity code) among the KEY, will count and issue hard disk again after pick DATA encrypts, like this, what write on the hard disk is exactly that counting after encrypting dug DATA_ENCRYPT, method of encrypting and result are relevant with KEY, afterwards, unless the cooperation of KEY and CORE is arranged, encrypted area data DATA_ENCRYPT on the hard disk just can be correctly decoded, thereby has realized the anti-function that leaks of enciphered data.
Fig. 4 writes during for no KEY and encrypts in the regional process flow diagram, " read-write caller " sends write command W, in being passed to the way of hard disk, tackled by CORE, CORE finds no KEY association, then do not continue to transmit write command W, but directly notice " read-write caller " write operation failure, like this, ciphered data can be not destroyed with regard to 0.
When Fig. 5 newly encrypts the zone for setting, clear data is changed into the process flow diagram of enciphered data, set for when encrypting the zone will not encrypting the zone, CORE reads the clear data DATE on the hard disk, encrypt the back according to key among the USB-KEY and algorithm (being identity code) and generate enciphered data DATE_ENCTRYPT, and then write hard disk.
When Fig. 6 encrypts the zone for cancellation, enciphered data changes into the process flow diagram of clear data, set for when not encrypting the zone will encrypting the zone, CORE reads the enciphered data DATE_ENCTRYPT on the hard disk, according to key and the algorithm (being identity code) among the corresponding USB-KEY, the deciphering back generates clear data DATE, and then writes hard disk.
Fig. 7 is a process flow diagram of reading read-only zones when KEY is arranged, R is that hard disk reads instruction among the figure, it has indicated one group of sector SEC that need read, " read-write caller " sends the R that reads instruction to hard disk, encrypted midway core CORE interception, CORE directly will instruct R to reach hard disk under the situation that the KEY association is arranged, the hard disk data that SEC is pointed are read, and these data are tackled by CORE when sending to " read-write caller "; If these data are enciphered data, CORE will decode to it according to key among the USB-KEY and algorithm, is sent to " read-write caller " then, and so data are clear data, CORE will not do any processing to it, directly send it to " read-write caller ".
Fig. 8 is a process flow diagram of writing read-only zones, " read-write caller " sends write command W among the figure, in being passed to the way of hard disk, tackled by CORE, it is the operation of writing read-only zones that CORE finds, then do not continue to transmit write command W, but directly notice " read-write caller " write operation failure, like this, all will be failed to the write operation of read-only zones.
The recognition technology of USB-KEY
USB-KEY is except being used for the present invention, also apply to the software anti-pirate field widely, read-write to USB-KEY all needs password, product is before distribution, software vendor all can be in USB-KEY burned identifying information, when using software, must have the USB-KEY of correct identifying information to exist to require the user.The present invention with this identifying information from general software anti-theft field function, escape is the identification to hard disc data, and just the another kind of usage of the recognition technology of USB-KEY does not belong to new technology, because this technology is widely used, so no longer do explanation herein.
As adopt AES advanced encryption standard algorithm such as Rijndael algorithm.
Sector-level read-write interception technology: this technology is not a new technology in different operating system, simply mentions at this.
Under DOS, the method by interception INT13H can realize the interception to sector read-write.
Under Windows, can write driver, the method for in driver the sector read-write being tackled has been described among the WindowsDDK.
Under Linux, because the publicity of its code, so written-out program is tackled the sector read-write easily.
Encryption method
Encryption method belongs to flexible part in the present invention, the invention is not restricted to concrete encryption method, as the irreversible cryptographic algorithm that can adopt LZW compression and AES to combine, some important parameters in the cryptographic algorithm are related with USB-KEY, through the data after this algorithm conversion, can not be deciphered easily.
Embodiment
1. sector-level read-write interception
A) analyze the start-stop sector number that needs the protection subregion earlier.
We must analyze suction parameter and the fdisk watch chain of int13h.
The suction parameter of int13h has:
Ah function number
Al want read/write sector number ch cylinder number cl sector number dh head number dl drive letter (wherein 0 is a:, 1 is b:, 80h is first hard disk)
Judge whether from ah from dl, can judge floppy disk or hard disk last problem is exactly how to judge that logic c district still is d district, e district for write operation determines whether tackle it ... whether they should write-protected subregions.
We import a bit of assembly routine with debug
Mov dl, 80h; Drive letter
Mov dh, 0; Head number 0
Mov ch, 0; Cylinder number 0
Mov cl, 1; Sector 1
Mov al, 1; Sector number
mov?bx,2000
Mov ah, 2; Read disk
int13h
int3
Read the content of 00 post 1 sector of c dish
Skew 1bf~1cl is that initial magnetic head (be called for short h), initial sector (being called for short s), start cylinder (the being called for short c) skew 1c3~1c5 in c district is termination h, termination s, the termination c in c district
We can be the dh of assembly routine above the substitution of the data of 1cf~1dl difference, cl, and ch can read the partition information in d district equally.
Wherein, skew 1bf~1cl is the initial h in d district, initial s, initial c; Skew 1c3~1c5 is termination h, termination s, the termination c in d district.Same reason, we can read e district, f district ... partition information.This is the fdisk watch chain.
Our judgement order can be such: if the c of int13 equals the termination c that preserves just, then should further judge h; If the h value of int13 then shows in the write-protect dish less than the termination h that preserves; If the h of int13 then shows the scope that has exceeded the write-protect dish greater than the termination h that preserves, if equal then should further determine s; If the s value of int13 then is to have exceeded the write-protect dish greater than the termination s value of preservation, otherwise, less than, to equal then be in the write-protect dish.We can by the subregion watch chain obtain want the write-protect subregion initial, stop h, s, c.
B. set encrypted partition
According to the partition information that from the fdisk watch chain, analyzes, information that will encrypted partition write on select files or the sector in.Such as, we will encrypt the d subregion, will preserve start-stop c, the h, the s that analyze the d subregion that comes out among the step a.
C. real-time blocking
(c.1 when computer starting and the embodiment under the DOS environment)
As everyone knows, when computer starting and under the DOS environment, nearly all call relevant with disk operating all will forward the INT13H among the bios at last to.Therefore we only need a bit of memory-resident program of establishment to take over int13H, make all detections of this resident program of process earlier of all disk operating, according to the encrypted partition start-stop information of preserving among the step b, judge whether to read and write encrypted partition, if, then to reading and writing data and after signal does encryption and decryption conversion, call former int13H again and make it normal operation, if not, then do not deal with, directly call former int13h.
(the c.2 embodiment under the WINDOWS environment)
Under WINDOWS operating system, hard disk read-write operations not all-pass is crossed the INT13H realization, under WIN9X, rely on disk driver or INT13H to finish, and under WINNT series (comprising that WINNT, WIN2000, WINXP reach version later on), then be to rely on disk driver to realize fully.
The WINDOWS DDK of Microsoft provides the method for a cover interception disk read-write, we are by interception IRP_MJ_READ, the IRP_MJ_WRITE signal, can effectively tackle the read-write of disk, make all detections of process hook procedure earlier of all disk operating, will intercept IRP order bag, following four parameters have been comprised in the IRP bag: read or write, read-write beginning sector, the sector number of read-write, the content of read-write, according to the encrypted partition start-stop information of preserving among the step b, judge whether to read and write encrypted partition, if after then read-write content and signal being done the encryption and decryption conversion, call original disk read-write driver again, make it normal operation, if not, then do not deal with, directly call original disk read-write driver.
According to above principle, program composition can be come out.
D reads and writes control
Read-write to hard disc data is controlled, method is: by setting zone attribute this subregion is carried out real-time blocking, whether the read-write to disk is effectively tackled and is handled by switch command control, by establishment sector-level read-write hook procedure, all disk operating are tackled, all will intercept following information: read or write, read and write beginning sector, the sector number of read-write, the content of read-write each disk read-write; Read operation in this way, again according to the subregion start-stop information of preserving and the read-write properties of subregion, judge whether this subregion allows to read, if, the then direct original disk read-write program of calling system, if this subregion does not allow to read, the disk read-write program that the system of then never calling is original, but directly return the reading failure signal; Write operation in this way, also according to the subregion start-stop information of preserving and the read-write properties of subregion, judge whether this subregion allows to write, if, the then direct original disk read-write program of calling system, if this subregion does not allow to write, the disk read-write program that the system of then never calling is original is write failure signal but directly return.
Being example under the WINDOWS.According to the related description of WINDOWS DDK, write a program that exchanges with driver, be used for assigning and the reception of command execution results of order.Specifically realize above requirement by the DeviceIOControl function.When needs change the subregion read-write properties (read-only, only write, not read-write, normally read and write four kinds of attributes) time, attribute information is passed to driver of the present invention by DeviceIOControl.
After e read-write control is set successfully, driver of the present invention will instruct to disk read-write according to new read-write properties and handle.Such as, for read-only subregion, driver will be tackled all write data orders, and return failure.
2.USB-KEY double factor authentication
Use the present invention to visit and encrypt the number pick, need carry out double authentication.Be cipher authentication and USB-KEY authentication, have only password and do not have USB-KEY or have only USB-KEY and do not have password and all can't visit enciphered data.Even the assailant has broken through password, as do not have corresponding USB-KEY, still can't visit enciphered data, because the cryptographic algorithm of data and USB-KEY are associated, identical data are encrypted by different USB-KEY, and the result is different.
Claims (7)
1, a kind of computer data enciphering protection and read/writing control method; it is characterized in that adopting the method for USB (universal serial bus) softdog or software identify identification and sector-level read-write interception to combine; realize encryption to hard disc data; its process is to tackle all read-write operations with the method for sector-level read-write interception; in encryption core, carry out the encrypting and decrypting conversion; and under the condition that corresponding authentication exists, carry out, realize encryption and read-write control to hard disc data.
2, by described computer data enciphering protection of claim 1 and read/writing control method, it is characterized in that adopting simultaneously the method for sector-level read-write interception to be: to the hard disk R that reads instruction, it has indicated the one group of sector (SEC) that need read, " read-write caller " sends instruction R to hard disk, encrypted midway core CORE interception, CORE is under the situation that the KEY association is arranged, directly will instruct R to reach hard disk, hard disk will SEC data pointed be read, these data are enciphered data, and these data are tackled by CORE when sending to " read-write caller ", and CORE is if any the KEY association, will decode to data, decoded data are sent to " read-write caller "; When CORE finds no KEY association, then do not continue to transmit to read instruction, but directly notice " read-write caller " read operation failure.
3, by described computer data enciphering protection of claim 1 and read/writing control method, it is characterized in that adopting simultaneously the method for sector-level read-write interception: when " read-write caller " sends write command W, the data DATE of not encrypted is write in requirement to one group of sector of SEC representative, in being sent to the process of hard disk, tackled by CORE, CORE finds to have the KEY association, to issue hard disk again after the data DATA encryption, like this, what write on the hard disk is exactly data encrypted, and method of encrypting is relevant with KEY; When CORE finds no KEY association, then do not continue to transmit write command W, but directly notice " read-write caller " write operation failure.
4, by described computer data enciphering protection of claim 1 and read/writing control method, it is characterized in that the method that clear data is changed into enciphered data is, will be when encrypted partition is not set encrypted partition for, CORE reads the clear data DATA on the hard disk, according to generation enciphered data DATE_ENCTRYPT behind the identification code encryption among the USB-KEY, and then write hard disk; When encrypted partition being set not for encrypted partition, CORE reads the enciphered data DATE_ENCTRYPT on the hard disk, and according to the identification code among the corresponding USB-KEY, the deciphering back generates clear data DATE, and then writes hard disk.
5, by described computer data enciphering protection of claim 1 and read/writing control method; it is characterized in that all detections of this resident program of process or driver earlier of disk operating; according to the encrypted partition start-stop information of preserving; judge whether to read and write encrypted partition; if, then to reading and writing data and signal calls the normal process program after doing encryption and decryption conversion again.
6, by described computer data enciphering protection of claim 1 and read/writing control method, it is characterized in that the method for hard disc data being carried out the encrypting and decrypting processing is: this subregion is carried out real-time blocking by setting encrypted partition, whether the read-write to disk is effectively tackled and is handled by switch command control, by establishment sector-level read-write hook procedure, all disk operating are tackled, all will intercept following information to each disk read-write: read or write, read-write beginning sector, the sector number of read-write, the content of read-write, again according to the encrypted partition start-stop information of preserving, judge whether to read and write encrypted partition, if, after then the read-write content being done the encryption and decryption conversion according to the encryption and decryption information in USB-KEY or the software identify identification, the original disk read-write program of call operation system makes it normal operation again; If not, then do not deal with, directly the original disk read-write program of calling system.Whether effectively tackle thereby finish.
7, by described computer data enciphering protection of claim 1 and read/writing control method, it is characterized in that the method that the read-write of hard disc data is controlled being: this subregion is carried out real-time blocking by setting zone attribute, whether the read-write to disk is effectively tackled and is handled by switch command control, by establishment sector-level read-write hook procedure, all disk operating are tackled, all will intercept following information: read or write, read and write beginning sector, the sector number of read-write, the content of read-write each disk read-write; Read operation in this way, again according to the subregion start-stop information of preserving and the read-write properties of subregion, judge whether this subregion allows to read, if, the then direct original disk read-write program of calling system, if this subregion does not allow to read, the disk read-write program that the system of then never calling is original, but directly return the reading failure signal; Write operation in this way, also according to the subregion start-stop information of preserving and the read-write properties of subregion, judge whether this subregion allows to write, if, the then direct original disk read-write program of calling system, if this subregion does not allow to write, the disk read-write program that the system of then never calling is original is write failure signal but directly return.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510040393XA CN100378689C (en) | 2005-06-06 | 2005-06-06 | Enciphered protection and read write control method for computer data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB200510040393XA CN100378689C (en) | 2005-06-06 | 2005-06-06 | Enciphered protection and read write control method for computer data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1725196A true CN1725196A (en) | 2006-01-25 |
| CN100378689C CN100378689C (en) | 2008-04-02 |
Family
ID=35924677
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB200510040393XA Expired - Fee Related CN100378689C (en) | 2005-06-06 | 2005-06-06 | Enciphered protection and read write control method for computer data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100378689C (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100429668C (en) * | 2006-06-23 | 2008-10-29 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN100440235C (en) * | 2006-04-24 | 2008-12-03 | 南京树声科技有限公司 | Method and tool for searching unlawful computer game |
| CN101373457B (en) * | 2007-07-31 | 2010-04-14 | 北京理工大学 | Hard disk write-protection lock based on USB equipment under Windows environment |
| CN101008971B (en) * | 2006-01-27 | 2010-10-06 | 北京飞天诚信科技有限公司 | Load balancing system in software protection process and control method therefor |
| CN101388764B (en) * | 2007-09-12 | 2011-08-03 | 杨谊 | Data information protecting method, system and ciphering apparatus |
| CN102508791A (en) * | 2011-09-28 | 2012-06-20 | 梁守龙 | Method and device for encrypting hard disk partition |
| CN103761067A (en) * | 2013-12-13 | 2014-04-30 | 昆山五昌新精密电子工业有限公司 | Processing system and processing method for encryption/decryption of data files |
| CN104615929A (en) * | 2013-11-04 | 2015-05-13 | 安全地带株式会社 | Security key device for secure cloud services, and system and method of providing security cloud services |
| CN105809043A (en) * | 2016-03-03 | 2016-07-27 | 丽水市职业高级中学 | Data security protection method of computer |
| CN107423627A (en) * | 2017-08-07 | 2017-12-01 | 合肥联宝信息技术有限公司 | The time slot scrambling and electronic equipment of a kind of electronic equipment |
| CN112199740A (en) * | 2020-12-03 | 2021-01-08 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
| CN112364395A (en) * | 2020-11-11 | 2021-02-12 | 中国信息安全测评中心 | Safety protection method and device for solid state disk |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1157648C (en) * | 2001-02-26 | 2004-07-14 | 张巨洪 | Encryption device for computer data |
| CN1464404A (en) * | 2002-06-20 | 2003-12-31 | 原形研发股份有限公司 | Hand disk encryption method and apparatus |
| CN100389409C (en) * | 2004-10-14 | 2008-05-21 | 苏州超锐微电子有限公司 | Method of carrying out hard disk protection by utilizing encryption of main zoning |
-
2005
- 2005-06-06 CN CNB200510040393XA patent/CN100378689C/en not_active Expired - Fee Related
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008971B (en) * | 2006-01-27 | 2010-10-06 | 北京飞天诚信科技有限公司 | Load balancing system in software protection process and control method therefor |
| CN100440235C (en) * | 2006-04-24 | 2008-12-03 | 南京树声科技有限公司 | Method and tool for searching unlawful computer game |
| CN100429668C (en) * | 2006-06-23 | 2008-10-29 | 北京飞天诚信科技有限公司 | Electronic file automatic protection method and system |
| CN101373457B (en) * | 2007-07-31 | 2010-04-14 | 北京理工大学 | Hard disk write-protection lock based on USB equipment under Windows environment |
| CN101388764B (en) * | 2007-09-12 | 2011-08-03 | 杨谊 | Data information protecting method, system and ciphering apparatus |
| CN102508791B (en) * | 2011-09-28 | 2015-05-13 | 辽源环宇佳讯通讯技术有限公司 | Method and device for encrypting hard disk partition |
| CN102508791A (en) * | 2011-09-28 | 2012-06-20 | 梁守龙 | Method and device for encrypting hard disk partition |
| CN104615929A (en) * | 2013-11-04 | 2015-05-13 | 安全地带株式会社 | Security key device for secure cloud services, and system and method of providing security cloud services |
| CN103761067A (en) * | 2013-12-13 | 2014-04-30 | 昆山五昌新精密电子工业有限公司 | Processing system and processing method for encryption/decryption of data files |
| CN105809043A (en) * | 2016-03-03 | 2016-07-27 | 丽水市职业高级中学 | Data security protection method of computer |
| CN107423627A (en) * | 2017-08-07 | 2017-12-01 | 合肥联宝信息技术有限公司 | The time slot scrambling and electronic equipment of a kind of electronic equipment |
| CN112364395A (en) * | 2020-11-11 | 2021-02-12 | 中国信息安全测评中心 | Safety protection method and device for solid state disk |
| CN112199740A (en) * | 2020-12-03 | 2021-01-08 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
| CN112199740B (en) * | 2020-12-03 | 2021-03-16 | 飞天诚信科技股份有限公司 | Encryption lock implementation method and encryption lock |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100378689C (en) | 2008-04-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1725196A (en) | Enciphered protection and read write control method for computer data | |
| AU2012204448B2 (en) | System and method for in-place encryption | |
| CN101853363B (en) | File protection method and system | |
| CN1592877A (en) | Method and device for encryption/decryption of data on mass storage device | |
| US8539250B2 (en) | Secure, two-stage storage system | |
| AU2012204448A1 (en) | System and method for in-place encryption | |
| CN1928881A (en) | Computer data security protective method | |
| CN104573441A (en) | Computer with data privacy function and data encryption and hiding method thereof | |
| CN1776563A (en) | File encrypting device based on USB interface | |
| TW200947202A (en) | System and method for providing secure access to system memory | |
| US20100095132A1 (en) | Protecting secrets in an untrusted recipient | |
| CN104063672A (en) | Data security storage method | |
| CN108491724A (en) | A kind of hardware based computer interface encryption device and method | |
| CN111177773B (en) | Full disk encryption and decryption method and system based on network card ROM | |
| CN1293483C (en) | Multistorage type physical buffer computer data safety protection method and device | |
| TWI503692B (en) | Secure storage method, terminal and system based on virtualization | |
| CN103207976A (en) | Mobile storage file leakage-preventing method and confidential U-disk based on same | |
| RU2467389C1 (en) | Method of protecting software and dataware from unauthorised use | |
| CN111159726A (en) | Full disk encryption and decryption method and system based on UEFI (unified extensible firmware interface) environment variable | |
| CN1889431A (en) | Multifunction intelligent key equipment and safety controlling method thereof | |
| TW201433132A (en) | Encrypted storage device for personal information | |
| CN107688729B (en) | Application program protection system and method based on trusted host | |
| CN101079090A (en) | Apparatus for reproducing personal application environment | |
| KR100561218B1 (en) | Method and system for preventing to get of information by outside storage | |
| CN2854676Y (en) | File binder encipher device based on universal serial bus interface |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| ASS | Succession or assignment of patent right |
Owner name: LU FENG Free format text: FORMER OWNER: FU AIXIANG Effective date: 20080307 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20080307 Address after: Jiangsu Province, Nanjing Road No. 20 general Cuiping international city Indus court building 10 No. 8 Patentee after: Lu Feng Address before: Room 16, building 49, 14 block street, Nanjing, Jiangsu Patentee before: Fu Aixiang |
|
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20060125 Assignee: Jiangsu Hangtai Electronic Technology Co.,Ltd. Assignor: Lu Feng Contract record no.: 2010320000051 Denomination of invention: Enciphered protection and read write control method for computer data Granted publication date: 20080402 License type: Exclusive License Record date: 20100220 |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20080402 Termination date: 20130606 |