CN105117635A - Local data security protection system and method - Google Patents
Local data security protection system and method Download PDFInfo
- Publication number
- CN105117635A CN105117635A CN201510125538.XA CN201510125538A CN105117635A CN 105117635 A CN105117635 A CN 105117635A CN 201510125538 A CN201510125538 A CN 201510125538A CN 105117635 A CN105117635 A CN 105117635A
- Authority
- CN
- China
- Prior art keywords
- file
- fragment
- data
- hash value
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention discloses a local data security protection system and method. The method comprises writing file attribute information and filling information of a to-be-protected file into a virtual file of a computer private disk; using a mobile private disk to randomly generate a data encryption key and a crushing secret key, and encrypting the data encryption key and the crushing secret key by using an encryption public key stored in a USBKey, thus to obtain a data encryption key ciphertext and a crushing secret key ciphertext; calling a password of the mobile private disk to encrypt the to-be-protected data file, crushing and blocking ciphertext data according to a crushing fraction n, thus to obtain n fragmented files, and calculating HASH values for each fragmented file; reading storage proportions of the computer private disk and the mobile private disk in a configuration file, and grouping according to the storage proportions; storing related information of the protected data file into data items of a file key information sheet and a fragment index information sheet of an indexical database; and storing the grouped fragmented files into the pre-set computer private disk and mobile private disk.
Description
Technical field
The present invention relates to field of information security technology, specifically, relate to a kind of safety system and method for local data.
Background technology
Along with daily life, electronic data such as private data and vital document major part are stored on computer hard disc with data mode, and these data are very easily stolen by implanting Trojan software to computer by hacker.Recent domestic is no lack of a large amount of personal information leakage of a state or party secret and occurs, and personal information information security has become current hot issue.
In the transparent encrypting and deciphering system of existing electronic document; conventional method carries out transparent encryption and decryption based on file redirection; although carried out a series of safeguard measure to file; but the encrypt file of preservation file data to complete deletion, is kept at all the time on present terminal computing machine from document creation.As long as obtain these data files, although the data that we obtain are full contents of ciphertext mess code, include file data, always there is technological means file data ciphertext mess code can be reverted to expressly in theory.
For the problem in correlation technique, at present effective solution is not yet proposed.
Summary of the invention
The object of this invention is to provide a kind of safety system and method for local data; do not rely on networked environment; broken apart for data file being stored into is calculated in secret dish and mobile close dish; ensure that the private data of user " is perfectly safe ", effectively overcome currently available technology above shortcomings.
The object of the invention is to be achieved through the following technical solutions:
According to an aspect of the present invention, provide a kind of method for secure storing of local data, the method for secure storing of this local data comprises the following steps:
By data file to be protected according to the file attribute information pre-set and filling information, write pre-set calculating secret dish false file in;
Call the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Described data encryption key is utilized to be encrypted data file to be protected, generating ciphertext data, according to the breaking method pre-set and broken double secret key, encrypt data carries out broken piecemeal again, obtains n part fragment file, and calculates every part of fragment file HASH value;
Calling pre-configured fragment file calculating the stored ratio of secret dish with mobile close dish, according to stored ratio, n part fragment file being divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
The relevant information of pre-configured data file to be protected is stored in the file key information table of the index data base pre-set and each data item of fragment index information table;
The fragment file corresponding with mobile close dish is stored in mobile close dish, and by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory.
Further, also comprise:
Before the mobile close dish of use and USBKey, by the log-on message verified users identity pre-set, when user identity is by verification, the public and private key of the encryption prestored in USBKey and mobile close dish are used.
Further, described file key information table comprises: data/false file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
Further, also comprise:
For when first time uses mobile close dish, the fragment store ratio that close for the movement pre-set dish ID, mobile close dish path, pre-binding device id, crush fraction n and calculating secret are coiled is write the configuration file pre-set, namely realizes the binding of equipment;
The id information of bound device in configuration file is deleted, namely realizes the unbind of equipment.
According to a further aspect in the invention, provide a kind of safe storage device of local data, the safe storage device of this local data comprises:
False file writing module, for by data file to be protected according to the file attribute information pre-set and filling information, write in the false file of the calculating secret dish pre-set;
Secret generating protection module, for calling the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Encrypt broken module, utilize described data encryption key to be encrypted data file to be protected, generating ciphertext data, then encrypt data carry out broken piecemeal according to the breaking method pre-set and broken double secret key, obtain n part fragment file, and calculate every part of fragment file HASH value;
Fragment file grouping module, the stored ratio of secret dish with mobile close dish is being calculated for calling pre-configured fragment file, according to stored ratio, n part fragment file is divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
Index data base generation module, for being stored in the file key information table of the index data base pre-set and each data item of fragment index information table by the relevant information of pre-configured data file to be protected;
Fragment file storage module, for being stored in mobile close dish by the fragment file corresponding with mobile close dish; And by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory.
Further, also comprise:
Authentication module, for before the mobile close dish of use and USBKey, by the log-on message verified users identity pre-set, when user identity is by verification, uses the public and private key of the encryption prestored in USBKey and mobile close dish.
Further, described file key information table comprises: data/false file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
According to a further aspect in the invention, provide a kind of safe read method of local data, the safe read method of this local data comprises the following steps:
Step 1: the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Step 2: according to the HASH value of all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Step 3: HASH value is calculated one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored; When the HASH value fragment file that false file is corresponding is consistent with the HASH value of n part fragment file, then perform step 4;
Step 4: the fragment file searched in calculating secret dish is read in mobile close dish;
Step 5: call the encryption key stored in key storage district that mobile close dish pre-sets, the data encryption key ciphertext that in deciphering index data base, fragment file ID is corresponding respectively and broken key ciphertext, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Step 6: the HASH value of data file described in calculation procedure 5, compares with the HASH value of protected data file in false file, when comparison result is consistent, content data file is showed user; Otherwise, perform the instruction returning wrong end operation prestored.
According to a further aspect in the invention, provide a kind of security readers of local data, the security readers of this local data comprises:
False file read module, for the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Fragment file matching module, for calculating HASH value one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored;
Fragment file mobile module, consistent with the HASH value of n part fragment file for the HASH value fragment file corresponding at false file; The fragment file searched in calculating secret dish is read in mobile close dish;
Restructuring deciphering module, for calling the encryption key stored in key storage district that mobile close dish pre-sets, decipher the data encryption key ciphertext that in index data base, fragment file ID is corresponding and broken key ciphertext respectively, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Document authentication module, for calculating the HASH value of the described data file that restructuring deciphering module obtains, comparing with the HASH value of protected data file in false file, when comparison result is consistent, content data file being showed user; Otherwise, perform the instruction returning wrong end operation prestored.
According to a further aspect in the invention; provide a kind of safety system of local data; the safety system of this local data comprises the safe storage device of local data and the security readers of local data, and wherein, the safe storage device of described local data comprises:
False file writing module, for by data file to be protected according to the file attribute information pre-set and filling information, write in the false file of the calculating secret dish pre-set;
Secret generating protection module, for calling the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Encrypt broken module, utilize described data encryption key to be encrypted data file to be protected, generating ciphertext data, then encrypt data carry out broken piecemeal according to the breaking method pre-set and broken double secret key, obtain n part fragment file, and calculate every part of fragment file HASH value;
Fragment file grouping module, the stored ratio of secret dish with mobile close dish is being calculated for calling pre-configured fragment file, according to stored ratio, n part fragment file is divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
Index data base generation module, for being stored in the file key information table of the index data base pre-set and each data item of fragment index information table by the relevant information of pre-configured data file to be protected;
Fragment file storage module, for being stored in mobile close dish by the fragment file corresponding with mobile close dish; And by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory;
The security readers of described local data comprises:
False file read module, for the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Fragment file matching module, for calculating HASH value one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored;
Fragment file mobile module, consistent with the HASH value of n part fragment file for the HASH value fragment file corresponding at false file; The fragment file searched in calculating secret dish is read in mobile close dish;
Restructuring deciphering module, for calling the encryption key stored in key storage district that mobile close dish pre-sets, decipher the data encryption key ciphertext that in index data base, fragment file ID is corresponding and broken key ciphertext respectively, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Document authentication module, for calculating the HASH value of the described data file that restructuring deciphering module obtains, comparing with the HASH value of protected data file in false file, when comparison result is consistent, content data file being showed user; Otherwise, perform the instruction returning wrong end operation prestored.
Beneficial effect of the present invention is:.
(1) the present invention uses encryption crushing technology, by broken for data file encryption and Separate Storage, divides and deposits in calculating secret dish and mobile close dish.Computing machine (notebook) and mobile close dish either party lose or divulge a secret, because they only have the partial piece of data, assailant can not to be regained one's integrity data by partial piece;
(2) even if computing machine and mobile close dish are stolen simultaneously, the data in mobile close dish have the duplicate protection of user's PIN code of encryption and limited number of times, effectively reduce assailant reads fragment file possibility from mobile close dish;
(3) when reading protected data file, by verifying the HASH value of the data file of fragment HASH value and restructuring, consistent with data file during last stored to guarantee the protected data file that user reads, effectively ensure that integrality and the availability of protected data file;
(4) use inner nuclear layer file driving filtering technique to carry out transparent encryption and decryption to file, do not affect the use habit of user, there is good Consumer's Experience;
In sum, the present invention is that user provides that security is high, the local data method for security protection of better user experience.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment below, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of the method for secure storing of a kind of local data according to the embodiment of the present invention;
Fig. 2 is the structural representation of the safe storage device of a kind of local data according to the embodiment of the present invention;
Fig. 3 is the schematic flow sheet of the safe read method of a kind of local data according to the embodiment of the present invention;
Fig. 4 is the schematic flow sheet of the security readers of a kind of local data according to the embodiment of the present invention;
Fig. 5 is the hardware configuration schematic diagram of the security system of a kind of local data according to the embodiment of the present invention;
Fig. 6 is the safe storage form schematic diagram of the data file to be protected of the safety method of a kind of local data according to the embodiment of the present invention.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, be clearly and completely described the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain, all belongs to the scope of protection of the invention.
As shown in Figure 1, according to the embodiment of the present invention according to an aspect of the present invention, provide a kind of method for secure storing of local data, the method for secure storing of this local data comprises the following steps:
By data file to be protected according to the file attribute information pre-set and filling information, write pre-set calculating secret dish false file in;
Call the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Described data encryption key is utilized to be encrypted data file to be protected, generating ciphertext data, according to the breaking method pre-set and broken double secret key, encrypt data carries out broken piecemeal again, obtains n part fragment file, and calculates every part of fragment file HASH value;
Calling pre-configured fragment file calculating the stored ratio of secret dish with mobile close dish, according to stored ratio, n part fragment file being divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
The relevant information of pre-configured data file to be protected is stored in the file key information table of the index data base pre-set and each data item of fragment index information table;
The fragment file corresponding with mobile close dish is stored in mobile close dish, and by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory.
Further, also comprise:
Before the mobile close dish of use and USBKey, by the log-on message verified users identity pre-set, when user identity is by verification, the public and private key of the encryption prestored in USBKey and mobile close dish are used.
Further, described file key information table comprises: data/false file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
Further, also comprise:
For when first time uses mobile close dish, the fragment store ratio that close for the movement pre-set dish ID, mobile close dish path, pre-binding device id, crush fraction n and calculating secret are coiled is write the configuration file pre-set, namely realizes the binding of equipment;
The id information of bound device in configuration file is deleted, namely realizes the unbind of equipment.
As shown in Figure 2, according to a further aspect in the invention, provide a kind of safe storage device of local data, the safe storage device of this local data comprises:
False file writing module, for by data file to be protected according to the file attribute information pre-set and filling information, write in the false file of the calculating secret dish pre-set;
Secret generating protection module, for calling the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Encrypt broken module, utilize described data encryption key to be encrypted data file to be protected, generating ciphertext data, then encrypt data carry out broken piecemeal according to the breaking method pre-set and broken double secret key, obtain n part fragment file, and calculate every part of fragment file HASH value;
Fragment file grouping module, the stored ratio of secret dish with mobile close dish is being calculated for calling pre-configured fragment file, according to stored ratio, n part fragment file is divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
Index data base generation module, for being stored in the file key information table of the index data base pre-set and each data item of fragment index information table by the relevant information of pre-configured data file to be protected;
Fragment file storage module, for being stored in mobile close dish by the fragment file corresponding with mobile close dish; And by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory.
Further, also comprise:
Authentication module, for before the mobile close dish of use and USBKey, by the log-on message verified users identity pre-set, when user identity is by verification, uses the public and private key of the encryption prestored in USBKey and mobile close dish.
Further, described file key information table comprises: data/false file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
As shown in Figure 3, according to a further aspect in the invention, provide a kind of safe read method of local data, the safe read method of this local data comprises the following steps:
Step 1: the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Step 2: according to the HASH value of all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Step 3: HASH value is calculated one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored; When the HASH value fragment file that false file is corresponding is consistent with the HASH value of n part fragment file, then perform step 4;
Step 4: the fragment file searched in calculating secret dish is read in mobile close dish;
Step 5: call the encryption key stored in key storage district that mobile close dish pre-sets, the data encryption key ciphertext that in deciphering index data base, fragment file ID is corresponding respectively and broken key ciphertext, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Step 6: the HASH value of data file described in calculation procedure 5, compares with the HASH value of protected data file in false file, when comparison result is consistent, content data file is showed user; Otherwise, perform the instruction returning wrong end operation prestored.
According to a further aspect in the invention, provide a kind of security readers of local data, the security readers of this local data comprises:
As shown in Figure 4, false file read module, for the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Fragment file matching module, for calculating HASH value one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored;
Fragment file mobile module, consistent with the HASH value of n part fragment file for the HASH value fragment file corresponding at false file; The fragment file searched in calculating secret dish is read in mobile close dish;
Restructuring deciphering module, for calling the encryption key stored in key storage district that mobile close dish pre-sets, decipher the data encryption key ciphertext that in index data base, fragment file ID is corresponding and broken key ciphertext respectively, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Document authentication module, for calculating the HASH value of the described data file that restructuring deciphering module obtains, comparing with the HASH value of protected data file in false file, when comparison result is consistent, content data file being showed user; Otherwise, perform the instruction returning wrong end operation prestored.
According to a further aspect in the invention; provide a kind of safety system of local data; the safety system of this local data comprises the safe storage device of local data and the security readers of local data, and wherein, the safe storage device of described local data comprises:
False file writing module, for by data file to be protected according to the file attribute information pre-set and filling information, write in the false file of the calculating secret dish pre-set;
Secret generating protection module, for calling the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Encrypt broken module, utilize described data encryption key to be encrypted data file to be protected, generating ciphertext data, then encrypt data carry out broken piecemeal according to the breaking method pre-set and broken double secret key, obtain n part fragment file, and calculate every part of fragment file HASH value;
Fragment file grouping module, the stored ratio of secret dish with mobile close dish is being calculated for calling pre-configured fragment file, according to stored ratio, n part fragment file is divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
Index data base generation module, for being stored in the file key information table of the index data base pre-set and each data item of fragment index information table by the relevant information of pre-configured data file to be protected;
Fragment file storage module, for being stored in mobile close dish by the fragment file corresponding with mobile close dish; And by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory;
The security readers of described local data comprises:
False file read module, for the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Fragment file matching module, for calculating HASH value one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored;
Fragment file mobile module, consistent with the HASH value of n part fragment file for the HASH value fragment file corresponding at false file; The fragment file searched in calculating secret dish is read in mobile close dish;
Restructuring deciphering module, for calling the encryption key stored in key storage district that mobile close dish pre-sets, decipher the data encryption key ciphertext that in index data base, fragment file ID is corresponding and broken key ciphertext respectively, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Document authentication module, for calculating the HASH value of the described data file that restructuring deciphering module obtains, comparing with the HASH value of protected data file in false file, when comparison result is consistent, content data file being showed user; Otherwise, perform the instruction returning wrong end operation prestored.
During embody rule, as shown in Figure 5, native system comprises computer system, data protection software and mobile close dish; Wherein:
Described computer system is connected by USB interface with the close dish of described movement; Can be desktop computer, notebook, intelligent terminal;
Described data protection software is installed on said computer system, and a certain particular file folder arranged on said computer system for user is protected, by this file folder definition for calculating secret dish; Utilize application layer control program and inner nuclear layer file system filter driver, data file write being calculated to the arbitrary format of secret dish is protected;
The close dish of described movement is one, and self is with hardware cryptographic system mobile storage disc; The data of the mobile close dish of turnover are all expressly, and the data be stored in mobile close dish are ciphertexts, by crypto chip encrypt/decrypt; Intelligent code key (hereinafter referred to as USBKey) is by the mobile close dish of USB interface access, join together to use with mobile close dish, by the PIN code verified users identity of the key-press input USBKey on mobile close dish, to obtain in USBKey the rights of using of encrypting public private key pair and mobile close dish.
In conjunction with as shown in Figure 2, utilize application layer control program and inner nuclear layer file system filter driver to be write data file to be protected as a false file, be stored in and calculate on secret dish, visible to user; By data file to be protected encryption be broken into n part (n be greater than 1 integer, configurable) fragment file, described n part fragment file is divided into two groups according to stored ratio (configurable), is stored in respectively in the hidden folder calculating secret dish and in mobile close dish; Set up an index data base to be stored in mobile close dish, guarantee data security while realizing fragment file quick storage and inquiry reliable; Wherein:
Form and the file name of described false file and data file to be protected are consistent, and its content stored comprises file attribute information and filling information two parts of fixed size; Described file attribute information: comprise file ID, file level of confidentiality, file control information, founder, the source owner, current owner, file verification and, the HASH value of the HASH value of the size of protected data file, protected data file, filemodetime, current file complete trails, aforementioned information, calculate fragment file corresponding in secret dish and mobile close dish for the true content of data file being directed to; Described filling information: if real data file size is less than or equal to file attribute information size, then false file is not filled; Otherwise the length of filling information is the length that the length of authentic document deducts file attribute information, and filling information can be stochastic generation, also can be fixed value;
Described fragment file refers to and first encrypts data file to be protected by cryptographic algorithm, then with broken algorithm to the broken file obtained of ciphertext; Described fragment file is named with the HASH value of fragment content, for verifying the integrality of fragment file;
Described index data base comprises file key information table and fragment index information table, for stores key information and patch information; File key information table comprises: file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
In addition, native system can also comprise binding module, authentication module, the broken module of encryption, restructuring deciphering module, fragment store enquiry module; Wherein:
Described binding module comprises binding and unbind; At data protection software in the process of installation or when close dish is moved in first time use, the fragment store ratio that close dish ID, close dish path, bound device ID, broken number n, calculating secret are coiled is write configuration file, realizes apparatus bound; Bound device id information in allocation of computer file is deleted, realizes unbind;
Described authentication module is after mobile close dish accesses computer system at every turn, before carrying out PIN code verification, coils whether correspondence carries out certification to mobile close dish and calculating secret; Authentication method is: the ID extracting mobile close dish compares with the bound device ID calculating secret dish information, if unanimously, then carries out the PIN code verification of moving close dish; Otherwise denied access calculates secret dish;
The broken module of described encryption is carried out secret generating, cryptographic key protection, encryption, fragmentation, fragment grouping, is calculated HASH Value Operations; Described secret generating, calls mobile close dish stochastic generation data encryption key and broken key; Described cryptographic key protection, is encrypted by the encrypted public key of USBKey to data encryption key and broken key and obtains data encryption key ciphertext and broken key ciphertext; Described encryption, calls mobile close dish and is encrypted content data file encryption to be protected and obtains data ciphertext; Described fragmentation, adopts broken algorithm and broken key, and fragment number n, data ciphertext is broken into n part fragment file; Described fragment grouping, according to the fragment store ratio lambda of the close dish of configuration file Computer, calculate fragment and will be divided into x(x ≈ λ * n, x is integer) part and n-x part two groups, the broken file of Stochastic choice x part from n part fragment file, determining this x part will stored in calculating secret dish, and n-x part fragment file is about to stored in mobile close dish in addition; Described calculating HASH value, refers to the HASH value by calculating input file;
Described restructuring deciphering module is decrypted key, fragment restructuring and decryption oprerations; Described decruption key, calls the private key stored in USBKey and is decrypted respectively data encryption key ciphertext and broken key ciphertext; Described fragment restructuring, adopts the reassembly algorithm corresponding with broken algorithm and broken key, by n part fragment file group generated data ciphertext; Described deciphering, calls mobile close dish and broken for data ciphertext data encryption key data decrypt ciphertext is become data clear text;
Described fragment store enquiry module achieves a kind of method of fragment file quick storage and deletion: when storage fragmentation file: inquire about on identical fragment store position whether there is the fragment HASH value identical with this fragment file HASH value in the fragment index information table at index data base; If exist, by fragment number of references+1; Otherwise, fragment file is stored into corresponding fragment store position (calculating secret dish or mobile cryptographic key); When deleting agent-protected file: for n part fragment file corresponding with it, in the fragment index information table of index data base, inquire about fragment HASH value identical with the fragment file HASH value being about to delete on identical fragment store position one by one; If fragment number of references is 1, then delete this fragment file and related database records; If fragment number of references is greater than 1, by fragment number of references-1; Until delete all n part fragment files corresponding with it.
Further, described broken algorithm, a randomizer is controlled as seed by broken key, generate a random series isometric with the binary bit stream of data ciphertext to be broken, each element value of this sequence drops on set { 0,1, .n-1} in, choose the binary bit split of correspondence position respectively together according to value identical in this sequence, be just so n part ciphertext fragment by Data Segmentation, every part of fragment is numbered according to sequential value.
Further, described reassembly algorithm, a randomizer is controlled as seed by broken key, generate a random series isometric with the binary bit stream of data ciphertext to be broken, each element value of this sequence drops on set { 0,1, .n-1} in, select the fragment binary digit of identical numbering successively according to stochastic ordering train value, and from left to right split together, obtains data ciphertext.
Further, described randomizer, selects the Linear Congruential Generator with good random character
x k=
aX k-1+
b(mod
c), wherein A=7141, B=54773, C=259200.Stochastic choice starting condition X
0as broken key.Use Y
k=X
k(modn) generting element value set 0,1 ... .n-1} isometric with data ciphertext binary bit stream in scope random series.
In addition, present invention also offers a kind of method for secure storing of local data, it uses above-mentioned local data safety system, comprises the following steps:
A1: by the file attribute information of data file to be protected and filling information, write calculates the virtual file of secret dish;
A2: call mobile close dish stochastic generation data encryption key and broken key, then with the encrypted public key stored in USBKey enciphered data encryption key and broken key respectively, obtains data encryption key ciphertext and broken key ciphertext; The data file calling mobile close dish codon pair to be protected is encrypted, then carries out, to the broken piecemeal of encrypt data, obtaining n part fragment file, calculating HASH value to every part of fragment file according to broken number n;
A3: read the close dish of configuration file Computer and the stored ratio moving close dish, calculate fragment rule of classification Stochastic choice x(x ≈ λ * stored ratio from n part, x is integer) part;
A4: by the relevant information of protected data file, is stored in the file key information table of index data base and each data item of fragment index information table;
A5: the broken file of x part A3 step determined is stored in the hidden folder calculating secret dish, is stored into broken for residue n-x part file in mobile close dish, removes internal memory.
Further, present invention also offers a kind of safe read method of local data, it uses above-mentioned local data safety system, comprises the following steps:
B1: data protection software reads the file ID in the false file calculating secret dish, reads the HASH value of all fragment files of correspondence of index data library storage in mobile close dish according to file ID;
B2: according to above-mentioned HASH value, inquires about the All Files name fragment file consistent with above-mentioned HASH value, altogether n part respectively from mobile close dish coils with calculating secret;
B3: calculate HASH value one by one to all n part fragment files, carries out consistency desired result with corresponding HASH value fragment filename.If have one inconsistent, illustrate that fragment file is tampered, correct data file cannot be recovered, return wrong end operation; If all verification is consistent, then enter B4 step;
B4: read in mobile close dish by calculating the x part fragment file searched in secret dish;
B5: call the encryption key that mobile Mi Pan key storage district stores, deciphers data encryption key ciphertext corresponding to index data base file ID and broken key ciphertext respectively, obtains data encryption key and broken key; Carry out restructuring with broken double secret key n part fragment file and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
B6: the HASH value calculating data file described in B5 step, compares with the HASH value of protected data file in false file; If consistent, then content data file is showed user; Otherwise, illustrate that data file is destroyed, return " mistake ".
In sum, by means of technique scheme of the present invention, the present invention uses encryption crushing technology, by broken for data file encryption and Separate Storage, divides and deposits in calculating secret dish and mobile close dish.Computing machine (notebook) and mobile close dish either party lose or divulge a secret, because they only have the partial piece of data, assailant can not to be regained one's integrity data by partial piece;
Even if computing machine and mobile close dish are stolen simultaneously, the data in mobile close dish have the duplicate protection of user's PIN code of encryption and limited number of times, effectively reduce assailant reads fragment file possibility from mobile close dish;
When reading protected data file, by verifying the HASH value of the data file of fragment HASH value and restructuring, consistent with data file during last stored to guarantee the protected data file that user reads, effectively ensure that integrality and the availability of protected data file;
Use inner nuclear layer file driving filtering technique to carry out transparent encryption and decryption to file, do not affect the use habit of user, there is good Consumer's Experience;
In sum, the present invention is that user provides that security is high, the local data method for security protection of better user experience.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. a method for secure storing for local data, is characterized in that, comprises the following steps:
By data file to be protected according to the file attribute information pre-set and filling information, write pre-set calculating secret dish false file in;
Call the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Described data encryption key is utilized to be encrypted data file to be protected, generating ciphertext data, according to the breaking method pre-set and broken double secret key, encrypt data carries out broken piecemeal again, obtains n part fragment file, and calculates every part of fragment file HASH value;
Calling pre-configured fragment file calculating the stored ratio of secret dish with mobile close dish, according to stored ratio, n part fragment file being divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
The relevant information of pre-configured data file to be protected is stored in the file key information table of the index data base pre-set and each data item of fragment index information table;
The fragment file corresponding with mobile close dish is stored in mobile close dish, and by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory.
2. the method for secure storing of local data according to claim 1, is characterized in that, also comprises:
Before the mobile close dish of use and USBKey, by the log-on message verified users identity pre-set, when user identity is by verification, the public and private key of the encryption prestored in USBKey and mobile close dish are used.
3. the method for secure storing of local data according to claim 1, it is characterized in that, described file key information table comprises: data/false file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
4. the method for secure storing of local data according to claim 1, is characterized in that, also comprises:
For when first time uses mobile close dish, the fragment store ratio that close for the movement pre-set dish ID, mobile close dish path, pre-binding device id, crush fraction n and calculating secret are coiled is write the configuration file pre-set, namely realizes the binding of equipment;
The id information of bound device in configuration file is deleted, namely realizes the unbind of equipment.
5. a safe storage device for local data, is characterized in that, comprising:
False file writing module, for by data file to be protected according to the file attribute information pre-set and filling information, write in the false file of the calculating secret dish pre-set;
Secret generating protection module, for calling the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Encrypt broken module, utilize described data encryption key to be encrypted data file to be protected, generating ciphertext data, then encrypt data carry out broken piecemeal according to the breaking method pre-set and broken double secret key, obtain n part fragment file, and calculate every part of fragment file HASH value;
Fragment file grouping module, the stored ratio of secret dish with mobile close dish is being calculated for calling pre-configured fragment file, according to stored ratio, n part fragment file is divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
Index data base generation module, for being stored in the file key information table of the index data base pre-set and each data item of fragment index information table by the relevant information of pre-configured data file to be protected;
Fragment file storage module, for being stored in mobile close dish by the fragment file corresponding with mobile close dish; And by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory.
6. the safe storage device of local data according to claim 4, is characterized in that, also comprises:
Authentication module, for before the mobile close dish of use and USBKey, by the log-on message verified users identity pre-set, when user identity is by verification, uses the public and private key of the encryption prestored in USBKey and mobile close dish.
7. the safe storage device of local data according to claim 4, it is characterized in that, described file key information table comprises: data/false file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field; Fragment index information table comprises: fragment HASH value, fragment store position, fragment number of references field.
8. a safe read method for local data, is characterized in that, comprise the following steps:
Step 1: the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Step 2: according to the HASH value of all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Step 3: HASH value is calculated one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored; When the HASH value fragment file that false file is corresponding is consistent with the HASH value of n part fragment file, then perform step 4;
Step 4: the fragment file searched in calculating secret dish is read in mobile close dish;
Step 5: call the encryption key stored in key storage district that mobile close dish pre-sets, the data encryption key ciphertext that in deciphering index data base, fragment file ID is corresponding respectively and broken key ciphertext, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Step 6: the HASH value of data file described in calculation procedure 5, compares with the HASH value of protected data file in false file, when comparison result is consistent, content data file is showed user; Otherwise, perform the instruction returning wrong end operation prestored.
9. a security readers for local data, is characterized in that, comprising:
False file read module, for the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Fragment file matching module, for calculating HASH value one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored;
Fragment file mobile module, consistent with the HASH value of n part fragment file for the HASH value fragment file corresponding at false file; The fragment file searched in calculating secret dish is read in mobile close dish;
Restructuring deciphering module, for calling the encryption key stored in key storage district that mobile close dish pre-sets, decipher the data encryption key ciphertext that in index data base, fragment file ID is corresponding and broken key ciphertext respectively, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Document authentication module, for calculating the HASH value of the described data file that restructuring deciphering module obtains, comparing with the HASH value of protected data file in false file, when comparison result is consistent, content data file being showed user; Otherwise, perform the instruction returning wrong end operation prestored.
10. a safety system for local data, is characterized in that, comprises the safe storage device of local data and the security readers of local data
;wherein, the safe storage device of described local data comprises:
False file writing module, for by data file to be protected according to the file attribute information pre-set and filling information, write in the false file of the calculating secret dish pre-set;
Secret generating protection module, for calling the movement pre-set close dish stochastic generation data encryption key and broken key, then respectively data encryption key and broken key are encrypted by the encrypted public key stored in the USBKey pre-set, obtain data encryption key ciphertext and broken key ciphertext;
Encrypt broken module, utilize described data encryption key to be encrypted data file to be protected, generating ciphertext data, then encrypt data carry out broken piecemeal according to the breaking method pre-set and broken double secret key, obtain n part fragment file, and calculate every part of fragment file HASH value;
Fragment file grouping module, the stored ratio of secret dish with mobile close dish is being calculated for calling pre-configured fragment file, according to stored ratio, n part fragment file is divided into two groups of fragment files, and send corresponding fragment file respectively to described calculating secret dish and mobile close hair updo;
Index data base generation module, for being stored in the file key information table of the index data base pre-set and each data item of fragment index information table by the relevant information of pre-configured data file to be protected;
Fragment file storage module, for being stored in mobile close dish by the fragment file corresponding with mobile close dish; And by with calculate secret and coil corresponding fragment file and be stored into and calculate in secret hidden folder of coiling, removing internal memory;
The security readers of described local data comprises:
False file read module, for the file ID of reading pre-stored in the false file calculating secret dish, reads the HASH value of all fragment files corresponding with false file be pre-configured in index data base according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, inquires about the fragment file consistent with the HASH value of all fragment files, until find the n part fragment file pre-set at the close dish of described movement with calculating in secret dish respectively;
Fragment file matching module, for calculating HASH value one by one to all n part fragment files, the HASH value fragment file corresponding with false file carries out consistency desired result; Deposit in the case of inconsistencies in the HASH value of HASH value fragment file corresponding to false file and n part fragment file, system automatically performs the instruction returning wrong end operation prestored;
Fragment file mobile module, consistent with the HASH value of n part fragment file for the HASH value fragment file corresponding at false file; The fragment file searched in calculating secret dish is read in mobile close dish;
Restructuring deciphering module, for calling the encryption key stored in key storage district that mobile close dish pre-sets, decipher the data encryption key ciphertext that in index data base, fragment file ID is corresponding and broken key ciphertext respectively, obtain data encryption key and broken key; Utilize and put suitable reassembly algorithm and broken double secret key n part fragment file and carry out restructuring with broken calculation and obtain data file ciphertext, then use data encryption key data decryption file cipher text, obtain data file;
Document authentication module, for calculating the HASH value of the described data file that restructuring deciphering module obtains, comparing with the HASH value of protected data file in false file, when comparison result is consistent, content data file being showed user; Otherwise, perform the instruction returning wrong end operation prestored.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510125538.XA CN105117635B (en) | 2015-03-20 | 2015-03-20 | A kind of safety system and method for local data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510125538.XA CN105117635B (en) | 2015-03-20 | 2015-03-20 | A kind of safety system and method for local data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105117635A true CN105117635A (en) | 2015-12-02 |
| CN105117635B CN105117635B (en) | 2019-08-06 |
Family
ID=54665621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510125538.XA Active CN105117635B (en) | 2015-03-20 | 2015-03-20 | A kind of safety system and method for local data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105117635B (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105721560A (en) * | 2016-01-27 | 2016-06-29 | 四川长虹电器股份有限公司 | Security storage system and method for unified member center user login password |
| CN105897540A (en) * | 2015-12-31 | 2016-08-24 | 乐视移动智能信息技术(北京)有限公司 | VPN information obtaining and storing method and device |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107025675A (en) * | 2016-02-01 | 2017-08-08 | 广州市动景计算机科技有限公司 | Method, equipment, browser and the electronic equipment of processing interception picture |
| CN107256360A (en) * | 2017-06-07 | 2017-10-17 | 努比亚技术有限公司 | File encrypting method, mobile terminal and computer-readable recording medium |
| CN107330340A (en) * | 2017-06-19 | 2017-11-07 | 国家计算机网络与信息安全管理中心 | File encrypting method, equipment, file decryption method, equipment and storage medium |
| CN109255245A (en) * | 2018-08-13 | 2019-01-22 | 海南新软软件有限公司 | A kind of local cryptographic key protection method, apparatus and system |
| CN109308417A (en) * | 2017-07-27 | 2019-02-05 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trust computing |
| CN110392035A (en) * | 2018-04-20 | 2019-10-29 | 罗德施瓦兹两合股份有限公司 | System and method for secure data processing |
| CN111241606A (en) * | 2020-01-21 | 2020-06-05 | 北京连山科技股份有限公司 | One drags three mobile storage device |
| CN113076313A (en) * | 2021-03-29 | 2021-07-06 | 福建新大陆通信科技股份有限公司 | Emergency broadcast data warehousing method |
| CN113196702A (en) * | 2018-11-16 | 2021-07-30 | 先进信息技术公司 | System and method for distributed data storage and transfer using blockchains |
| CN115098447A (en) * | 2022-07-18 | 2022-09-23 | 重庆紫光华山智安科技有限公司 | File recovery method and device, electronic equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103198264A (en) * | 2013-03-14 | 2013-07-10 | 厦门市美亚柏科信息股份有限公司 | Method and device for recovering encrypted file system data |
| CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
| CN104333455A (en) * | 2014-11-26 | 2015-02-04 | 肖龙旭 | Secrete communication system and method for smart phone |
-
2015
- 2015-03-20 CN CN201510125538.XA patent/CN105117635B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103198264A (en) * | 2013-03-14 | 2013-07-10 | 厦门市美亚柏科信息股份有限公司 | Method and device for recovering encrypted file system data |
| CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
| CN104333455A (en) * | 2014-11-26 | 2015-02-04 | 肖龙旭 | Secrete communication system and method for smart phone |
Non-Patent Citations (1)
| Title |
|---|
| 徐小龙等: "一种基于数据分割与分级的云存储数据隐私保护机制", 《计算机科学》 * |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897540A (en) * | 2015-12-31 | 2016-08-24 | 乐视移动智能信息技术(北京)有限公司 | VPN information obtaining and storing method and device |
| CN105721560A (en) * | 2016-01-27 | 2016-06-29 | 四川长虹电器股份有限公司 | Security storage system and method for unified member center user login password |
| CN105721560B (en) * | 2016-01-27 | 2018-12-25 | 四川长虹电器股份有限公司 | Unified member's central user login password safe storage system and method |
| CN107025675A (en) * | 2016-02-01 | 2017-08-08 | 广州市动景计算机科技有限公司 | Method, equipment, browser and the electronic equipment of processing interception picture |
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN106682521A (en) * | 2016-11-28 | 2017-05-17 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107256360A (en) * | 2017-06-07 | 2017-10-17 | 努比亚技术有限公司 | File encrypting method, mobile terminal and computer-readable recording medium |
| CN107330340B (en) * | 2017-06-19 | 2020-09-11 | 国家计算机网络与信息安全管理中心 | File encryption method, file encryption equipment, file decryption method, file decryption equipment and storage medium |
| CN107330340A (en) * | 2017-06-19 | 2017-11-07 | 国家计算机网络与信息安全管理中心 | File encrypting method, equipment, file decryption method, equipment and storage medium |
| CN109308417A (en) * | 2017-07-27 | 2019-02-05 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trust computing |
| CN110392035A (en) * | 2018-04-20 | 2019-10-29 | 罗德施瓦兹两合股份有限公司 | System and method for secure data processing |
| CN109255245A (en) * | 2018-08-13 | 2019-01-22 | 海南新软软件有限公司 | A kind of local cryptographic key protection method, apparatus and system |
| CN113196702A (en) * | 2018-11-16 | 2021-07-30 | 先进信息技术公司 | System and method for distributed data storage and transfer using blockchains |
| CN111241606A (en) * | 2020-01-21 | 2020-06-05 | 北京连山科技股份有限公司 | One drags three mobile storage device |
| CN113076313A (en) * | 2021-03-29 | 2021-07-06 | 福建新大陆通信科技股份有限公司 | Emergency broadcast data warehousing method |
| CN113076313B (en) * | 2021-03-29 | 2022-06-07 | 福建新大陆通信科技股份有限公司 | Emergency broadcast data warehousing method |
| CN115098447A (en) * | 2022-07-18 | 2022-09-23 | 重庆紫光华山智安科技有限公司 | File recovery method and device, electronic equipment and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105117635B (en) | 2019-08-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105117635A (en) | Local data security protection system and method | |
| CN105760764B (en) | Encryption and decryption method and device for embedded storage device file and terminal | |
| CN103106372B (en) | For lightweight privacy data encryption method and the system of android system | |
| CN106022155B (en) | Method and server for database security management | |
| CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| CN102138300A (en) | Message authentication code pre-computation with applications to secure memory | |
| CN110213354A (en) | Cloud storage data confidentiality guard method | |
| CN101582109A (en) | Data encryption method and device, data decryption method and device and solid state disk | |
| CN103294961A (en) | Method and device for file encrypting/decrypting | |
| CN104662870A (en) | Data security management system | |
| CN107370595A (en) | One kind is based on fine-grained ciphertext access control method | |
| WO2020123926A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
| CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
| US20120284534A1 (en) | Memory Device and Method for Accessing the Same | |
| CN104579689A (en) | Soft secret key system and implementation method | |
| CN101345624B (en) | Document access system and method | |
| CN101833625A (en) | File and folder safety protection method based on dynamic password and system thereof | |
| CN107332666A (en) | Terminal document encryption method | |
| CN105024992A (en) | Implementing use-dependent security settings in a single white-box implementation | |
| CN109687966A (en) | Encryption method and its system | |
| CN105978680B (en) | Encryption operation method for encryption key | |
| CN102752112A (en) | Authority control method and device based on signed message 1 (SM1)/SM2 algorithm | |
| CN106919348A (en) | Distributed memory system and storage method that anti-violence is cracked | |
| CN102480353A (en) | Method for password authentication and key protection | |
| CN103973698A (en) | User access right revoking method in cloud storage environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 304, room 3, building 23, building 68, North Ching Road, 100094, Beijing, Haidian District Applicant after: Caroline control (Beijing) Information Technology Co., Ltd. Address before: 100085 Beijing City, Haidian District Qinghe Zhu Fanglu Pro 68 Applicant before: Beijing Cherilead Tech Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100094 room 3, 23 building, 68 Beiqing Road, Haidian District, Beijing 304 Applicant after: Beijing Lianshan Polytron Technologies Inc Address before: 100094 room 3, 23 building, 68 Beiqing Road, Haidian District, Beijing 304 Applicant before: Caroline control (Beijing) Information Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |