TWI260897B - Method of file encryption - Google Patents

Method of file encryption Download PDF

Info

Publication number
TWI260897B
TWI260897B TW94103026A TW94103026A TWI260897B TW I260897 B TWI260897 B TW I260897B TW 94103026 A TW94103026 A TW 94103026A TW 94103026 A TW94103026 A TW 94103026A TW I260897 B TWI260897 B TW I260897B
Authority
TW
Taiwan
Prior art keywords
file
string
name
preset
preset string
Prior art date
Application number
TW94103026A
Other languages
Chinese (zh)
Other versions
TW200629851A (en
Inventor
Hsing-Ping Kuo
Original Assignee
Mitac Int Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Mitac Int Corp filed Critical Mitac Int Corp
Priority to TW94103026A priority Critical patent/TWI260897B/en
Publication of TW200629851A publication Critical patent/TW200629851A/en
Application granted granted Critical
Publication of TWI260897B publication Critical patent/TWI260897B/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Stored Programmes (AREA)

Abstract

A method of file encryption is disclosed. The method builds a file system filter module between operation system and file system. When a user wants to use an application program to save an encryption file, the user have to add the first specific alphabetic string in the beginning of original filename. When saving a file by the application program, file system filter module will be checking the file name. The module detects the filename to confirm the format then the module removes the filename's first specific alphabetic string and generates a random filename. The module notifies the file system to save the file with the random filename and generates a checklist of filenames. When an application program needs to open an encryption file, the user has to input the second specific alphabetic string in the beginning of original filename before the module checks the checklist. Then the module will notify the file system to load the file. When a user wants to list a file through application program, the module will notify the file system of the checklist, but the file system does not list those files in the checklist.

Description

1260897 15398twf.doc/y 九、發明說明: 【發明所屬之技術領域】 本發明是有關於-種檔案保密方法,且特別是有關於 -種利用作職統與檔職統間加人檔案系統過 檔案保密方法。 ' 【先前技術】 數位版權管理的概念,已逐漸出現在各種類型的數位 檔案中,從音樂、數位影像到常見的電子文件,.包括文件、 PDF與電子郵件。 對於-般企業而言,數位版權最佳價值多半是記錄業 務:料、智慧財產權的文件網頁、設計圖,避免落入以 ί郝ίΐ播至防火牆之外,這敎件也通㈣乎企業的財 務報表或業界名譽。 —槽案健的技術原理是_加贿案本身,或對播案 管理絲,⑽敎件,t使用者取得解密密碼 文件或者進行儲存、购隸本魏。由於對 ^案本身作加密,任何人取得加密後的财,仍可輕易破 文杜^二種作法是要求制者每次_受聽護的機密 密密二f 服器—如~)後再下載解 控管口,=:t,企業㈣IS人員即可執行嚴密的内容 倘若有_ ^求,即可找任合—位㈣者的存取權限; 重要資ί。 可輕㈣綱限,避免跳槽員工偷渡 1260897 15398twf.doc/y 然而’在此情況下,使用者必須每次連回主伺服器才 可開啟文件,在使用上較不方便。 【發明内容】 本發明的目的就是在提供一種檔案保密方法,使用作 業系統與檔案系統之間加一層檔案系統過濾模組,利用此 層次來隱藏檔案,他人除非知道檔案名稱與預設字串,否 則無法存取。 本發明提出一種檔案保密方法,此方法係在作業系統 與槽案系統間,建立一個檔案系統過濾模組,用以過濾來 自作業系統給檔案系統的命令,與檔案系統回傳給作業系 統的資料。當使用者欲使用應用程式建立一隱藏檔案時, 需在存標之檔名加入指定的第一預設字串。當使用者欲使 用應用程式開啟一隱藏檔案時,需在開啟檔案之檔名加入 指定的第二預設字串。系統在根據第一預設字串及二預設 字串的有無,決定該保密檔案的處理方式。 本發明提出一種用於檔案保密的檔案儲存方法,當應 用程式向作業系統要求儲存檔案時,作業系統在告知檔案 系統前會先經過檔案系統過濾模組,檔案系統過濾模組先 檢查槽案名稱,若符合格式,表示應用程式希望此檔案隱 藏。检案系統過濾模組會先將檔名的第一預設字串刪除, 並隨機存成另一檔名,且在檔案對照表内留下原始檔名與 新檔名對照紀錄。 本發明提出一種用於檔案保密的列出檔案方法,若有 應用程式向作業系統要求列出檔案,在告知檔案系統前會 7 1260897 15398twf.doc/y 先經過樓案系統過餘組,樓衫統輯 表,並略過所有受賴_案,不㈣業M =查對照 本發明提出一種用於檔案保密的檔案開啟 # 用程式希望開啟受隱藏檔案時,需在檔案名稱加應 設字串’檔案系統過濾模組收到後會查表確認“予^ 系統開啟植案,否則回報無此檔案。 田〃、 本發明因採用隱藏檔案來做檔案保密方法,因此 不知道檔案名稱的人即無法開啟檔案,就算知道栌案名 =案若不知道預設字㈣人減法開啟儲,且無^列出 為讓本發明之上述和其他目的、特徵和 日 =下了文特舉較佳實施例,並配合所附圖式,“細說 【實施方式】 本發明所提出的槽案保密方法,包含 法、檔案讀取方法與檔案列出方法, == 作解說。 Τ一種万法 ,1為本^_案絲方法的儲儲存方法流程圖, 内是否有第1設字串。若Γ斷為= 1、-般難儲存財(步抑攸成猶;若酬為是, =先去除㈣名稱的第—預設字串(步驟1G4)H、個产 諸存檔案(步驟1〇6)’最後將原始檔案名稱細: 化機私案名_對照儲存至龍仙完成儲存操作(步驟 8 1260897 15398twf.doc/y 108)。 舉例來說,假設使用者在電腦内設定了第一預設字 串secret。當使用者欲將樓案memo.doc儲存為保密檔案 日守’必須將愈儲存檔名變為secretmem〇 (j〇c,此時於應用 程式儲存檔案,應用程式告知作業系統儲存槽 案’’secretmemo.doc”,作業系統將檔案交給檔案系統前,會 先被檔案系統過濾模組攔截,檔案系統過濾模組偵測到檔 案名稱内有’’secret”則先產生一個隨機檔名aksdf〇897,並 告知槽案系統將資料儲存於aksdf〇 897,並且產生對照 表’對照表内容為 rnemo.doc~>aksdfo.897。 、,圖2為本發明檔案保密方法的檔案開啟方法流程圖, 首先輸入欲開啟檔案檔名(步驟200),接下來判斷檔名内是 否有第二預設字串(步驟202)。若判斷為否,則按照一般檔 案開啟程序(步驟212);若判斷為是,則去除檔案名稱的第 一預设子串(步驟204),將消除第二預設字串後的檔案名稱 放^對照表内作比對(步驟206),若查表查詢到,則告知檔 案系統作開啟(步驟208)的動作;若查詢不到,則回應無此 檔案(步驟210)。 舉例來說,假設使用者在電腦内設定了第二預設字 串open ¥使用者欲開啟上例子保密的memo.doc時, 必須先於應用程式上執行開啟檔案,輸入檔案名稱 為,义penmemo.doc”,此時,應用程式告知作業系統開 啟^openmemo.doc”,而作業系統要將開啟檔案指令交給檔 案系統前,會先被檔案系統過濾模組攔截,檔案系統過濾 9 1260897 15398twf.doc/y 权組接到指令會先去除,,open”,然後於對照表中查 询 mem〇.d〇C” ’ 之後在對照表查出 memo.doc—aksdfo.897 此日才。知福案系統載入aksdf〇.g97,並交給應用程式。 、,圖3為本發明檔案保密方法的檔案列出方法流程圖, f先應用程式依照正常程序對作業线要求列出檀案(步 驟^〇〇) ’接下來作業系統將列出才當案指令交給播案系統過1260897 15398twf.doc/y IX. Description of the invention: [Technical field to which the invention pertains] The present invention relates to a method for keeping a file confidential, and in particular, relates to the use of a file system for the job and the job system. File confidentiality method. [Prior Art] The concept of digital rights management has gradually emerged in various types of digital files, from music and digital images to common electronic files, including documents, PDFs and emails. For the average enterprise, the best value of digital copyright is mostly recorded business: the material page of the intellectual property rights, the design of the map, and the design map, to avoid falling into the firewall with ί Haoίΐ, this article also passes (four) enterprise Financial statements or industry reputation. The technical principle of the slot case is _ the case of bribery itself, or the management of the case, (10) the piece, the user obtains the decryption password file or stores and purchases the wei. Because of the encryption of the ^ case itself, anyone who obtains the encrypted money can still easily break the text. The two methods are to require the system to be _ listened to the confidential secrets of the device, such as ~) Download the control port, =:t, the enterprise (4) IS personnel can execute the strict content. If there is _ ^, you can find the access rights of the person--(4); Can be light (four) outline, to avoid job smuggling staff 1260897 15398twf.doc / y However, in this case, the user must open the main server each time to open the file, it is more inconvenient to use. SUMMARY OF THE INVENTION The object of the present invention is to provide a file security method, using a file system filtering module between the operating system and the file system, and using this level to hide the file, unless others know the file name and the preset string, Otherwise it cannot be accessed. The invention provides a file confidentiality method. The method establishes a file system filtering module between the operating system and the slot system for filtering commands from the operating system to the file system and returning data to the operating system from the file system. . When the user wants to use the application to create a hidden file, the specified first preset string needs to be added to the file name of the tag. When the user wants to use the application to open a hidden file, the specified second preset string needs to be added to the file name of the open file. The system determines the processing mode of the secret file according to the presence or absence of the first preset string and the second preset string. The invention provides a file storage method for file confidentiality. When an application requests a file to be stored in an operating system, the operating system first passes the file system filtering module before notifying the file system, and the file system filtering module first checks the slot name. If the format is met, the application wants to hide this file. The inspection system filter module will first delete the first preset string of the file name and randomly store it as another file name, and leave the original file name and the new file name in the file comparison table. The invention provides a method for listing files for file confidentiality. If an application requests a file to be submitted to the operating system, it will pass through the overstaffing system of the building system before the file system is notified to the file system. Compile the table, and skip all the reliance _ cases, not (four) industry M = check against the present invention proposed a file for file security file open # program to open the hidden file, you need to add a string in the file name After the file system filter module is received, it will check the form to confirm that the system will open the planting case, otherwise the file will not be returned. Tian Hao, the invention uses the hidden file to do the file confidentiality method, so the person who does not know the file name is Can not open the file, even if you know the name of the case = if the case does not know the default word (4) the person subtraction to open the store, and no ^ listed in order to make the above and other purposes, features and days of the present invention = the best implementation of the article For example, in conjunction with the drawings, "detailed" [embodiment] The method for securing a slot case proposed by the present invention includes a method for reading a file, a method for reading a file, and a method for listing files, == for explanation. ΤA kind of method, 1 is the flow chart of the method of storage and storage of the ^_ method, whether there is a first string. If the break is = 1, it is difficult to store money (steps are suppressed); if the reward is yes, = first remove the (four) name of the first - the default string (step 1G4) H, the production of files (step 1 〇 6) 'Finally, the original file name is fine: The chemical file name _ comparison is stored to Longxian to complete the storage operation (step 8 1260897 15398twf.doc/y 108). For example, suppose the user sets the first in the computer. The default string is secret. When the user wants to save the project memo.doc as a confidential file, the keeper must change the file name to secretmem〇(j〇c, at this time the application saves the file, the application informs the homework The system storage slot file ''secretmemo.doc'), the operating system will be intercepted by the file system filter module before the file is handed over to the file system. The file system filter module detects that there is a ''secret' in the file name. A random file name aksdf〇897, and tell the slot system to store the data in aksdf〇897, and generate a comparison table 'the contents of the comparison table is rnemo.doc~>aksdfo.897.,, Figure 2 is the file security method of the present invention. File open method flow chart, first lose To open the file name (step 200), it is next determined whether there is a second preset string in the file name (step 202). If the determination is no, the program is opened according to the general file (step 212); if the determination is yes, Then, the first preset substring of the file name is removed (step 204), and the file name after the second preset string is deleted is compared and compared in the comparison table (step 206), and if the table is queried, the file is notified. The system performs the action of opening (step 208); if the query is not available, the response is no such file (step 210). For example, suppose the user sets the second preset string open in the computer. In the case of the secret memo.doc, you must first open the file on the application, enter the file name as "penmemo.doc", at this time, the application informs the operating system to open ^openmemo.doc", and the operating system will be turned on. Before the file command is handed over to the file system, it will be intercepted by the file system filter module. The file system filter 9 1260897 15398twf.doc/y right group will be removed first, open", and then query mem〇 in the comparison table. d〇C” ' In the comparison table, memo.doc-aksdfo.897 is detected. The knowledge system is loaded with aksdf〇.g97 and submitted to the application. Figure 3 is a flow chart of the file listing method for the file security method of the present invention. , f first application in accordance with the normal procedure to ask the line to list the Tan case (step ^ 〇〇) 'The next operating system will list the order to hand over to the broadcast system

^核組(步驟3G2),檔案系統過濾、模組告知檔案系統略過對 知、表内的;^案(步驟则),接下來列出齡(步驟)不包 含對照表内的檔案。 相Φ舉例來說’假設使用者使用應㈣式,如儲總管, 案列出時’槽案總管必須告知作業系統列出構 ㈣出赌指令交給播㈣統前,會先被 才田木^韻、触攔截,槽案系、統過濾、模組會查詢對昭 ί過Γ=8。97聽密财,並告糾㈣關_案時 _組收到指;(步;二方::::二當槽案系f過 :存列出。若指令為儲存,則依‘上 的動作;若指令為列出,則依課步驟作讀取 的動作。 、依旧上面列出的指令完成列出 中加 用者在_要保密的樓案的心:在;=: 1260897 15398twf.doc/y 八呆 W付疋子串;或者,使用者在讀取 也必須先在播案名稱中加人另—個特案的時候, 行保密播案的儲存或讀取。而本案所提=#如此方能進 就可以根據檔案名射是否存在前」案保密方法 保密檔案的處理方法。 、疋字串來决定此 雖然本發明已以較佳實施例揭露如 限定本發明,任何熟習此技藝者,在=其並#用以 和範圍内’當可作些許之更動與轉 ^發明之精神 範圍當視_之申請專職_界 =本發明之保護 【圖式簡單說明】 養為準。 圖 圖i綠示為本發明槽案保密方法的槽案儲存方法流程 圖2繪示為本發日_案保密方法的槽_啟方法流程 圖3、s福本發明财縣方法㈣㈣丨方法流程 圖 圖 圖4纷示林發簡案保密方法流程圖。 【主要元件符號說明】 100、200、404、420:標名輸入 102、202、406、422 :判斷槽名 104、L 424:去除槽名預設字串 106、410 :隨機槽名儲存槽案 108、412 ··儲存對照表 110、414 : 一般程序儲存 1260897 15398twf.doc/y 206、426 :查表 208、428 :開啟 210、430 :回應無此檔案 212、432 : —般程序開啟 300 :應用程式向作業系統要求列出檔案 302 :作業系統將指令交給檔案系統過濾模組 3〇4、416 :略過對照表内的檔案 306、418 :列出檔案 400 :輸入指令 402 :判斷指令^ Nuclear group (step 3G2), file system filtering, module tells the file system to skip the notification, the table; ^ case (step), then list the age (step) does not include the file in the comparison table. For example, if the user uses the (4) formula, such as the general manager, when the case is listed, the 'slot master must inform the operating system to list the structure. (4) Before the bet is handed over to the broadcast (four), the first will be the first talent. Rhyme, touch interception, slot case system, system filter, module will query Zhao Γ Γ = 8.97 listen to secret money, and confuse (four) off _ case _ group received finger; (step; two parties:: ::Two when the slot is f: stored, if the command is stored, then according to the action; if the command is listed, the action is read according to the course steps. List the hearts of the Chinese and Canadian users in the _ confidentiality of the building: in; =: 1260897 15398twf.doc / y eight to pay the scorpion string; or, the user must first add in the name of the broadcast When another person has a special case, the storage or reading of the confidential broadcast is carried out. In this case, if ## can enter, it can be processed according to the file name. The present invention has been described in terms of a preferred embodiment as defined by the present invention, and any skilled person in the art, Inside the 'when you can make some changes and turn ^ the spirit of the invention as the scope of the application _ the full-time application _ boundary = the protection of the invention [simple description of the picture] to take care of. Figure i green shows the method of the case confidentiality The flow chart of the slot storage method is shown in the flow chart of the present invention. The method of the method for securing the secret method is the flow chart of the method of securing the method of the method of the present invention. Fig. [Description of main component symbols] 100, 200, 404, 420: Nominal input 102, 202, 406, 422: Judging slot name 104, L 424: Removing slot name preset string 106, 410: Random slot name storage Slots 108, 412 ··Storage comparison table 110, 414: General program storage 1260897 15398twf.doc/y 206, 426: lookup table 208, 428: open 210, 430: response without this file 212, 432: general program open 300: The application requests the operating system to list the file 302: the operating system hands the instruction to the file system filtering module 3〇4, 416: skips the file 306, 418 in the comparison table: lists the file 400: input instruction 402: Judgment instruction

1212

Claims (1)

1260897 15398twf.doc/y 十、申請專利範圍: 1. 一種檔案保密方法,包括: 為欲儲存之一保密檔案的一原始檔案名稱加上一第一 預設字串; 在欲讀取該保密檔案時,在原始名稱上加上一第二預 設字串;以及 根據該第一預設字串及第二預設字串的有無,決定該 保密檔案的處理方式。 2. 如申請專利範圍第1項所述之檔案保密方法,其中 根據該第一預設字串及第二預設字串的有無,決定該保密 檔案的處理方式,當有第一預設字串時則: 去除檔案之第一預設字串; 隨機產生另一檔案名稱; 通知檔案系統以新的檔案名稱建立檔案;以及 並於對照表留下原始檔案與新檔名對照紀錄。 3. 如申請專利範圍第1項所述之檔案保密方法,其中 根據該第一預設字串及第二預設字串的有無,決定該保密 檔案的處理方式,當有第二預設字串時則: 若該字串存在,則: 去除第二預設字串; 查詢對照表内是否有該檔案名稱;以及 若查表確認後確實有該檔案,則通知檔案系統開啟此 檔案。 4. 如申請專利範圍第1項所述之檔案保密方法,其中 13 1260897 15398twf.doc/y 根據該第一預設字串及第二預設字串的有無,決定該保密 檔案的處理方式,其中都不包含第一預設字串及第二預設 字串時,則不提供任何加密檔案訊息。 5. —種用於檔案保密的檔案儲存方法,包括: 輸入一欲儲存檔案; 判斷檔案名稱是否有第一預設字串; 若該字串存在,則: ^ 去除檔案名稱之第一預設字串; 隨機產生一新檔案名稱; 通知檔案系統以該新檔案名稱建立檔案;以及 並於對照表留下該去除第一預設字串後之檔案名稱與 該新檔案名稱對照紀錄。 6. —種用於檔案保密的檔案開啟方法,包括: 提供一對照表,該對照表紀錄保密檔案的一原始名稱 與新檔案名稱對照紀錄; 輸入一欲開啟檔案之檔案名稱; • 判斷開啟之檔案名稱内是否有第二預設字串; 若該字串存在,則: 去除該檔案名稱之第二預設字串; 查詢對照表内是否有該去除第二預設字串後之檔案名 稱;以及 若查表確認後確實有該檔案,則通知檔案系統開啟此 檔案。 7. —種用於檔案保密的檔案列出檔案方法,包括: 14 1260897 15398twf.doc/y 提供一對照表,該對照表紀錄保密檔案的一原始名稱 與新檔案名稱對照紀錄; 一應用程式向作業系統要求列出檔案;以及 略過對照表内的檔案並列出檔案。1260897 15398twf.doc/y X. Patent application scope: 1. A file security method, comprising: adding a first preset string to an original file name of a security file to be stored; Adding a second preset string to the original name; and determining the processing manner of the secret file according to the presence of the first preset string and the second preset string. 2. The file confidentiality method according to claim 1, wherein the processing method of the security file is determined according to whether the first preset string and the second preset string are present, and the first preset word is When the string is: remove the first preset string of the file; randomly generate another file name; notify the file system to create a file with the new file name; and leave the original file and the new file name in the comparison table. 3. The file security method according to claim 1, wherein the processing method of the security file is determined according to whether the first preset string and the second preset string are present, and when there is a second preset word When the string is present: If the string exists, then: the second preset string is removed; if the file name is found in the query table; and if the file is confirmed after the checklist is confirmed, the file system is notified to open the file. 4. If the file confidentiality method described in claim 1 is applied, 13 1260897 15398 twf.doc/y determines the processing method of the confidential file according to the presence or absence of the first preset string and the second preset string. When none of the first preset string and the second preset string are included, no encrypted file information is provided. 5. A file storage method for file confidentiality, comprising: inputting a file to be stored; determining whether the file name has a first preset string; if the string exists: ^ removing the first preset of the file name a string file; randomly generating a new file name; notifying the file system to create a file with the new file name; and leaving the file name after the first preset string is removed from the comparison table and the new file name against the record. 6. A file opening method for file confidentiality, comprising: providing a comparison table, recording a original name of a confidential file and a new file name comparison record; inputting a file name to open the file; Whether there is a second preset string in the file name; if the string exists, the second preset string of the file name is removed; and the file name after the second preset string is removed is checked in the query table. And if the file is confirmed after the checklist is confirmed, the file system is notified to open the file. 7. A file listing method for file confidentiality, comprising: 14 1260897 15398twf.doc/y providing a comparison table for recording a original name of a confidential file against a new file name; an application to The operating system requires listing the files; and skipping the files in the comparison table and listing the files. 1515
TW94103026A 2005-02-01 2005-02-01 Method of file encryption TWI260897B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW94103026A TWI260897B (en) 2005-02-01 2005-02-01 Method of file encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW94103026A TWI260897B (en) 2005-02-01 2005-02-01 Method of file encryption

Publications (2)

Publication Number Publication Date
TW200629851A TW200629851A (en) 2006-08-16
TWI260897B true TWI260897B (en) 2006-08-21

Family

ID=37874888

Family Applications (1)

Application Number Title Priority Date Filing Date
TW94103026A TWI260897B (en) 2005-02-01 2005-02-01 Method of file encryption

Country Status (1)

Country Link
TW (1) TWI260897B (en)

Also Published As

Publication number Publication date
TW200629851A (en) 2006-08-16

Similar Documents

Publication Publication Date Title
Nadkarni et al. Preventing accidental data disclosure in modern operating systems
US20200394327A1 (en) Data security compliance for mobile device applications
US20190188400A1 (en) System for managing multiple levels of privacy in documents
US8234496B1 (en) Image leak prevention using digital watermark
US7483895B2 (en) Metadata management
AU2011223614B2 (en) Information protection using zones
CN1756147B (en) Enforcing rights management through edge email servers
US8893223B1 (en) Scanning protected files for violations of a data loss prevention policy
JP5851029B2 (en) Method and apparatus for determining and utilizing the value of digital assets
CN112262388A (en) Protecting Personal Identity Information (PII) using tagging and persistence of PII
US9699193B2 (en) Enterprise-specific functionality watermarking and management
US20100043070A1 (en) File-access control apparatus and program
CN102959558A (en) System and method for document policy enforcement
US8776258B2 (en) Providing access rights to portions of a software application
TW201140369A (en) Information management system, information management method and apparatus, and encryption method and program
JP4516598B2 (en) How to control document copying
US9665723B2 (en) Watermarking detection and management
JP4850159B2 (en) External device management system
US8499359B1 (en) Data loss prevention using an ephemeral key
CN107967430B (en) A kind of document protection method, equipment and system
JP2008160485A (en) Document management system, document managing method, document management server, work terminal, and program
US20170061140A1 (en) Secure document repository
TWI260897B (en) Method of file encryption
US9552463B2 (en) Functionality watermarking and management
US9436840B2 (en) System and method for securely storing information

Legal Events

Date Code Title Description
MM4A Annulment or lapse of patent due to non-payment of fees