CN105117635B - A kind of safety system and method for local data - Google Patents
A kind of safety system and method for local data Download PDFInfo
- Publication number
- CN105117635B CN105117635B CN201510125538.XA CN201510125538A CN105117635B CN 105117635 B CN105117635 B CN 105117635B CN 201510125538 A CN201510125538 A CN 201510125538A CN 105117635 B CN105117635 B CN 105117635B
- Authority
- CN
- China
- Prior art keywords
- file
- fragment
- data
- disk
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method for secure storing of local data, including by the file attribute information and filling information of data file to be protected, write-in calculates the virtual file of secret disk;It calls mobile close disk to generate data encryption key and broken key at random, then with the encrypted public key difference encryption data encryption key stored in USBKey and broken key, obtains data encryption key ciphertext and broken key ciphertext;It calls mobile close disk password to encrypt data file to be protected, carries out being crushed piecemeal to ciphertext data according still further to broken number n, obtain n parts of fragment files, HASH value is calculated to every part of fragment file;The stored ratio for calculating secret disk and mobile close disk in configuration file is read, and is grouped according to stored ratio;By the relevant information of protected data file, store to index data base file key information table and fragment index information table each data item in;The fragment file of grouping is stored in the secret disk of pre-set calculating and mobile close disk.
Description
Technical field
The present invention relates to field of information security technology, it particularly relates to a kind of safety system of local data and
Method.
Background technique
With daily life, electronic data such as private data and vital document are largely stored in data mode
On computer hard disc, these data are easily stolen by hacker by being implanted into Trojan software to computer.Recent domestic is no lack of greatly
It measures the personal information leakage of a state or party secret to occur, personal information information security is at current hot topic.
In the existing transparent encrypting and deciphering system of electronic document, common method is that transparent plus solution is carried out based on file redirection
It is close, although having carried out a series of safeguard measure to file, save the encryption file of file data since document creation to
Complete deletion is stored in always on present terminal computer.As long as obtaining these data files, although the data that we obtain are
Ciphertext messy code, but include the full content of file data, theoretically always there is technological means that file data ciphertext messy code is extensive
Multiple Cheng Mingwen.
For the problems in the relevant technologies, currently no effective solution has been proposed.
Summary of the invention
The object of the present invention is to provide a kind of safety system of local data and methods, do not depend on networked environment, will
The broken apart storage of data file guarantees the private data " being perfectly safe " of user, has to calculating in secret disk and mobile close disk
Effect overcomes currently available technology above shortcomings.
The purpose of the present invention is be achieved through the following technical solutions:
According to an aspect of the present invention, a kind of method for secure storing of local data, the safety of the local data are provided
Storage method the following steps are included:
By data file to be protected according to pre-set file attribute information and filling information, write-in is preset
The secret disk of calculating false file in;
The close disk of pre-set movement is called to generate data encryption key and broken key at random, then with pre-set
The encrypted public key stored in USBKey respectively encrypts data encryption key and broken key, and it is close to obtain data encryption key
Literary and broken key ciphertext;
Data file to be protected is encrypted using the data encryption key, ciphertext data are generated, further according to pre-
Ciphertext data described in the breaking method being first arranged and broken key pair carry out broken piecemeal, obtain n parts of fragment files, and calculate every
Part fragment file HASH value;
Call preconfigured fragment file in the stored ratio for calculating secret disk and mobile close disk, it will according to stored ratio
N parts of fragment files are divided into two groups of fragment files, and send corresponding fragment to the secret disk of the calculating and mobile close disk respectively
File;
The relevant information of preconfigured data file to be protected is stored in the text of pre-set index data base
In each data item of part key information table and fragment index information table;
Fragment file corresponding with the close disk of movement is stored in mobile close disk, and will be corresponding with secret disk is calculated
The storage of fragment file removes memory into the hidden folder for calculating secret disk.
Further, further includes:
Before using mobile close disk and USBKey, user identity is verified by pre-set log-on message, in user
In the case that identity is by verification, to the public and private key of pre-stored encryption in USBKey and mobile close disk carry out using.
Further, the file key information table includes: data/falseness file ID, close disk storage fragment number, movement
Close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field;Fragment index information table
It include: fragment HASH value, fragment store position, fragment reference digital section.
Further, further includes:
For in the case where first time is using mobile close disk, by the close disk ID of pre-set movement, mobile close disk path,
Pre-binding device id, crush fraction n and the pre-set configuration file of fragment store ratio write-in for calculating secret disk, i.e., in fact
The binding of existing equipment;
The id information of bound device in configuration file is deleted, i.e., realization equipment is unbinding.
According to another aspect of the present invention, a kind of safe storage device of local data, the peace of the local data are provided
Storage device includes: entirely
False file writing module, for by data file to be protected according to pre-set file attribute information and
Filling information is written in the pre-set false file for calculating secret disk;
Key generates protective module, for calling the close disk of pre-set movement to generate data encryption key at random and being crushed
Then key respectively adds data encryption key and broken key with the encrypted public key stored in pre-set USBKey
It is close, obtain data encryption key ciphertext and broken key ciphertext;
Broken module is encrypted, data file to be protected is encrypted using the data encryption key, generates ciphertext
Data carry out broken piecemeal further according to ciphertext data described in pre-set breaking method and broken key pair, obtain n parts of fragments
File, and calculate every part of fragment file HASH value;
Fragment file grouping module, for calling preconfigured fragment file calculating secret disk and moving depositing for close disk
N parts of fragment files are divided into two groups of fragment files according to stored ratio by storage ratio, and respectively to the secret disk of the calculating and movement
Close disk sends corresponding fragment file;
Index data base generation module, it is pre- for the relevant information of preconfigured data file to be protected to be stored in
In the file key information table for the index data base being first arranged and each data item of fragment index information table;
Fragment file storage module, for fragment file corresponding with the close disk of movement to be stored in mobile close disk;And
By fragment file storage corresponding with secret disk is calculated into the hidden folder for calculating secret disk, memory is removed.
Further, further includes:
Authentication module, for passing through pre-set log-on message school before using mobile close disk and USBKey
User identity is tested, it is close to the public and private key of encryption pre-stored in USBKey and movement in the case where user identity is by verification
Disk carry out using.
Further, the file key information table includes: data/falseness file ID, close disk storage fragment number, movement
Close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field;Fragment index information table
It include: fragment HASH value, fragment store position, fragment reference digital section.
According to another aspect of the present invention, a kind of safe read method of local data, the peace of the local data are provided
Full read method the following steps are included:
Step 1: reading the file ID in the false file for being stored in advance in and calculating secret disk, read according to false file ID
It is pre-configured in the HASH value of all fragment files corresponding with false file in index data base;
Step 2: according to the HASH value of all fragment files, respectively the close disk of the movement and calculate in secret disk inquiry with
The consistent fragment file of the HASH value of all fragment files, until finding pre-set n parts of fragment file;
Step 3: HASH value being calculated one by one to all n parts of fragment files, HASH value fragment file corresponding with false file
Carry out consistency desired result;In the HASH value of the corresponding HASH value fragment file of false file and n parts of fragment files, there are inconsistent
In the case where, system executes the pre-stored instruction for returning to wrong end operation automatically;In the corresponding HASH value of false file
Under the HASH value unanimous circumstances of fragment file and n parts of fragment files, 4 are thened follow the steps;
Step 4: the fragment file searched in calculating secret disk is read in into mobile close disk;
Step 5: calling the encryption key stored in the mobile close pre-set key storage area of disk, decrypt index number respectively
According to the corresponding data encryption key ciphertext of fragment file ID in library and broken key ciphertext, obtains data encryption key and be crushed
Key;Using put compatible reassembly algorithm with broken calculation and broken key pair n part fragment files recombinated to obtain data it is literary
Part ciphertext, then with data encryption key ciphertext data file cipher text, obtain data file;
Step 6: the HASH value of data file described in step 5 is calculated, with protected data file in false file
HASH value is compared, and under comparison result unanimous circumstances, content data file is showed user;Otherwise, it executes preparatory
The instruction of the wrong end operation of the return of storage.
According to another aspect of the present invention, a kind of security readers of local data, the peace of the local data are provided
Reading device includes: entirely
False file read module, for reading the file ID in the false file for being stored in advance in and calculating secret disk, root
The HASH value for all fragment files corresponding with false file being pre-configured in index data base is read according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, respectively in the close disk of the movement and meter
The consistent fragment file of HASH value for calculating inquiry and all fragment files in secret disk, until finding pre-set n parts of fragment
File;
Fragment file matching module, it is corresponding with false file for calculating HASH value one by one to all n parts of fragment files
HASH value fragment file carries out consistency desired result;In the corresponding HASH value fragment file of false file and n parts of fragment files
HASH value is deposited in the case of inconsistencies, and system executes the pre-stored instruction for returning to wrong end operation automatically;
Fragment file mobile module, in the corresponding HASH value fragment file of false file and n parts of fragment files
Under HASH value unanimous circumstances;The fragment file searched in calculating secret disk is read in into mobile close disk;
Deciphering module is recombinated, for calling the encryption key stored in the mobile close pre-set key storage area of disk, point
Not Xie Mi the corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext in index data base, obtain data and add
Key and broken key;Using putting compatible reassembly algorithm with broken calculation and broken key pair n part fragment files carry out again
Group obtains data file ciphertext, then with data encryption key ciphertext data file cipher text, obtains data file;
Document authentication module, for calculating the HASH value for the data file that recombination deciphering module obtains, with falseness text
The HASH value of protected data file is compared in part, and under comparison result unanimous circumstances, content data file is shown
To user;Otherwise, the pre-stored instruction for returning to wrong end operation is executed.
According to another aspect of the present invention, a kind of safety system of local data, the peace of the local data are provided
All risk insurance protecting system includes the safe storage device of local data and the security readers of local data, wherein the local number
According to safe storage device include:
False file writing module, for by data file to be protected according to pre-set file attribute information and
Filling information is written in the pre-set false file for calculating secret disk;
Key generates protective module, for calling the close disk of pre-set movement to generate data encryption key at random and being crushed
Then key respectively adds data encryption key and broken key with the encrypted public key stored in pre-set USBKey
It is close, obtain data encryption key ciphertext and broken key ciphertext;
Broken module is encrypted, data file to be protected is encrypted using the data encryption key, generates ciphertext
Data carry out broken piecemeal further according to ciphertext data described in pre-set breaking method and broken key pair, obtain n parts of fragments
File, and calculate every part of fragment file HASH value;
Fragment file grouping module, for calling preconfigured fragment file calculating secret disk and moving depositing for close disk
N parts of fragment files are divided into two groups of fragment files according to stored ratio by storage ratio, and respectively to the secret disk of the calculating and movement
Close disk sends corresponding fragment file;
Index data base generation module, it is pre- for the relevant information of preconfigured data file to be protected to be stored in
In the file key information table for the index data base being first arranged and each data item of fragment index information table;
Fragment file storage module, for fragment file corresponding with the close disk of movement to be stored in mobile close disk;And
By fragment file storage corresponding with secret disk is calculated into the hidden folder for calculating secret disk, memory is removed;
The security readers of the local data include:
False file read module, for reading the file ID in the false file for being stored in advance in and calculating secret disk, root
The HASH value for all fragment files corresponding with false file being pre-configured in index data base is read according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, respectively in the close disk of the movement and meter
The consistent fragment file of HASH value for calculating inquiry and all fragment files in secret disk, until finding pre-set n parts of fragment
File;
Fragment file matching module, it is corresponding with false file for calculating HASH value one by one to all n parts of fragment files
HASH value fragment file carries out consistency desired result;In the corresponding HASH value fragment file of false file and n parts of fragment files
HASH value is deposited in the case of inconsistencies, and system executes the pre-stored instruction for returning to wrong end operation automatically;
Fragment file mobile module, in the corresponding HASH value fragment file of false file and n parts of fragment files
Under HASH value unanimous circumstances;The fragment file searched in calculating secret disk is read in into mobile close disk;
Deciphering module is recombinated, for calling the encryption key stored in the mobile close pre-set key storage area of disk, point
Not Xie Mi the corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext in index data base, obtain data and add
Key and broken key;Using putting compatible reassembly algorithm with broken calculation and broken key pair n part fragment files carry out again
Group obtains data file ciphertext, then with data encryption key ciphertext data file cipher text, obtains data file;
Document authentication module, for calculating the HASH value for the data file that recombination deciphering module obtains, with falseness text
The HASH value of protected data file is compared in part, and under comparison result unanimous circumstances, content data file is shown
To user;Otherwise, the pre-stored instruction for returning to wrong end operation is executed.
The invention has the benefit that.
(1) present invention is using encryption crushing technology, data file encryption is broken and separation stores, and point is stored to calculating secret
In disk and mobile close disk.Either party loses or divulges a secret for computer (notebook) and mobile close disk, since they only have data
Partial piece, attacker can not restore partial data by partial piece;
(2) even if computer and mobile close disk are stolen simultaneously, moving the data in close disk has encryption and finite number of time
The duplicate protection of user's PIN code effectively reduces a possibility that attacker reads fragment file from the close disk of movement;
(3) when reading protected data file, pass through the HASH of verification fragment HASH value and the data file of recombination
Value, it is consistent with data file when last stored with the protected data file for ensuring that user reads, it has been effectively ensured protected
The integrality and availability of data file;
(4) transparent encryption and decryption is carried out to file using inner nuclear layer file driving filtering technique, the use for not influencing user is practised
It is used, there is good user experience;
In conclusion the present invention provides for user, safety is high, local data safeguard protection of better user experience
Method.
Detailed description of the invention
It in order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, below will be to institute in embodiment
Attached drawing to be used is needed to be briefly described, it should be apparent that, the accompanying drawings in the following description is only some implementations of the invention
Example, for those of ordinary skill in the art, without creative efforts, can also obtain according to these attached drawings
Obtain other attached drawings.
Fig. 1 is a kind of flow diagram of the method for secure storing of the local data described according to embodiments of the present invention;
Fig. 2 is a kind of structural schematic diagram of the safe storage device of the local data described according to embodiments of the present invention;
Fig. 3 is a kind of flow diagram of the safe read method of the local data described according to embodiments of the present invention;
Fig. 4 is a kind of flow diagram of the security readers of the local data described according to embodiments of the present invention;
Fig. 5 is a kind of hardware structural diagram of the security system of the local data described according to embodiments of the present invention;
Fig. 6 is a kind of data file to be protected of the safety method of the local data described according to embodiments of the present invention
Secure storage form schematic diagram.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, those of ordinary skill in the art's every other embodiment obtained belong to what the present invention protected
Range.
As shown in Figure 1, it is according to an aspect of the present invention described according to embodiments of the present invention, provide a kind of local data
Method for secure storing, the method for secure storing of the local data the following steps are included:
By data file to be protected according to pre-set file attribute information and filling information, write-in is preset
The secret disk of calculating false file in;
The close disk of pre-set movement is called to generate data encryption key and broken key at random, then with pre-set
The encrypted public key stored in USBKey respectively encrypts data encryption key and broken key, and it is close to obtain data encryption key
Literary and broken key ciphertext;
Data file to be protected is encrypted using the data encryption key, ciphertext data are generated, further according to pre-
Ciphertext data described in the breaking method being first arranged and broken key pair carry out broken piecemeal, obtain n parts of fragment files, and calculate every
Part fragment file HASH value;
Call preconfigured fragment file in the stored ratio for calculating secret disk and mobile close disk, it will according to stored ratio
N parts of fragment files are divided into two groups of fragment files, and send corresponding fragment to the secret disk of the calculating and mobile close disk respectively
File;
The relevant information of preconfigured data file to be protected is stored in the text of pre-set index data base
In each data item of part key information table and fragment index information table;
Fragment file corresponding with the close disk of movement is stored in mobile close disk, and will be corresponding with secret disk is calculated
The storage of fragment file removes memory into the hidden folder for calculating secret disk.
Further, further includes:
Before using mobile close disk and USBKey, user identity is verified by pre-set log-on message, in user
In the case that identity is by verification, to the public and private key of pre-stored encryption in USBKey and mobile close disk carry out using.
Further, the file key information table includes: data/falseness file ID, close disk storage fragment number, movement
Close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field;Fragment index information table
It include: fragment HASH value, fragment store position, fragment reference digital section.
Further, further includes:
For in the case where first time is using mobile close disk, by the close disk ID of pre-set movement, mobile close disk path,
Pre-binding device id, crush fraction n and the pre-set configuration file of fragment store ratio write-in for calculating secret disk, i.e., in fact
The binding of existing equipment;
The id information of bound device in configuration file is deleted, i.e., realization equipment is unbinding.
As shown in Fig. 2, according to another aspect of the present invention, a kind of safe storage device of local data is provided, this
The safe storage device of ground data includes:
False file writing module, for by data file to be protected according to pre-set file attribute information and
Filling information is written in the pre-set false file for calculating secret disk;
Key generates protective module, for calling the close disk of pre-set movement to generate data encryption key at random and being crushed
Then key respectively adds data encryption key and broken key with the encrypted public key stored in pre-set USBKey
It is close, obtain data encryption key ciphertext and broken key ciphertext;
Broken module is encrypted, data file to be protected is encrypted using the data encryption key, generates ciphertext
Data carry out broken piecemeal further according to ciphertext data described in pre-set breaking method and broken key pair, obtain n parts of fragments
File, and calculate every part of fragment file HASH value;
Fragment file grouping module, for calling preconfigured fragment file calculating secret disk and moving depositing for close disk
N parts of fragment files are divided into two groups of fragment files according to stored ratio by storage ratio, and respectively to the secret disk of the calculating and movement
Close disk sends corresponding fragment file;
Index data base generation module, it is pre- for the relevant information of preconfigured data file to be protected to be stored in
In the file key information table for the index data base being first arranged and each data item of fragment index information table;
Fragment file storage module, for fragment file corresponding with the close disk of movement to be stored in mobile close disk;And
By fragment file storage corresponding with secret disk is calculated into the hidden folder for calculating secret disk, memory is removed.
Further, further includes:
Authentication module, for passing through pre-set log-on message school before using mobile close disk and USBKey
User identity is tested, it is close to the public and private key of encryption pre-stored in USBKey and movement in the case where user identity is by verification
Disk carry out using.
Further, the file key information table includes: data/falseness file ID, close disk storage fragment number, movement
Close disk storage fragment number, data encryption key ciphertext, broken key ciphertext, fragment HASH value field;Fragment index information table
It include: fragment HASH value, fragment store position, fragment reference digital section.
As shown in figure 3, according to another aspect of the present invention, a kind of safe read method of local data is provided, this
The safe read methods of ground data the following steps are included:
Step 1: reading the file ID in the false file for being stored in advance in and calculating secret disk, read according to false file ID
It is pre-configured in the HASH value of all fragment files corresponding with false file in index data base;
Step 2: according to the HASH value of all fragment files, respectively the close disk of the movement and calculate in secret disk inquiry with
The consistent fragment file of the HASH value of all fragment files, until finding pre-set n parts of fragment file;
Step 3: HASH value being calculated one by one to all n parts of fragment files, HASH value fragment file corresponding with false file
Carry out consistency desired result;In the HASH value of the corresponding HASH value fragment file of false file and n parts of fragment files, there are inconsistent
In the case where, system executes the pre-stored instruction for returning to wrong end operation automatically;In the corresponding HASH value of false file
Under the HASH value unanimous circumstances of fragment file and n parts of fragment files, 4 are thened follow the steps;
Step 4: the fragment file searched in calculating secret disk is read in into mobile close disk;
Step 5: calling the encryption key stored in the mobile close pre-set key storage area of disk, decrypt index number respectively
According to the corresponding data encryption key ciphertext of fragment file ID in library and broken key ciphertext, obtains data encryption key and be crushed
Key;Using put compatible reassembly algorithm with broken calculation and broken key pair n part fragment files recombinated to obtain data it is literary
Part ciphertext, then with data encryption key ciphertext data file cipher text, obtain data file;
Step 6: the HASH value of data file described in step 5 is calculated, with protected data file in false file
HASH value is compared, and under comparison result unanimous circumstances, content data file is showed user;Otherwise, it executes preparatory
The instruction of the wrong end operation of the return of storage.
According to another aspect of the present invention, a kind of security readers of local data, the peace of the local data are provided
Reading device includes: entirely
As shown in figure 4, false file read module, for reading in the false file for being stored in advance in and calculating secret disk
File ID reads all fragment files corresponding with false file being pre-configured in index data base according to false file ID
HASH value;
Fragment store enquiry module, for the HASH value according to all fragment files, respectively in the close disk of the movement and meter
The consistent fragment file of HASH value for calculating inquiry and all fragment files in secret disk, until finding pre-set n parts of fragment
File;
Fragment file matching module, it is corresponding with false file for calculating HASH value one by one to all n parts of fragment files
HASH value fragment file carries out consistency desired result;In the corresponding HASH value fragment file of false file and n parts of fragment files
HASH value is deposited in the case of inconsistencies, and system executes the pre-stored instruction for returning to wrong end operation automatically;
Fragment file mobile module, in the corresponding HASH value fragment file of false file and n parts of fragment files
Under HASH value unanimous circumstances;The fragment file searched in calculating secret disk is read in into mobile close disk;
Deciphering module is recombinated, for calling the encryption key stored in the mobile close pre-set key storage area of disk, point
Not Xie Mi the corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext in index data base, obtain data and add
Key and broken key;Using putting compatible reassembly algorithm with broken calculation and broken key pair n part fragment files carry out again
Group obtains data file ciphertext, then with data encryption key ciphertext data file cipher text, obtains data file;
Document authentication module, for calculating the HASH value for the data file that recombination deciphering module obtains, with falseness text
The HASH value of protected data file is compared in part, and under comparison result unanimous circumstances, content data file is shown
To user;Otherwise, the pre-stored instruction for returning to wrong end operation is executed.
According to another aspect of the present invention, a kind of safety system of local data, the peace of the local data are provided
All risk insurance protecting system includes the safe storage device of local data and the security readers of local data, wherein the local number
According to safe storage device include:
False file writing module, for by data file to be protected according to pre-set file attribute information and
Filling information is written in the pre-set false file for calculating secret disk;
Key generates protective module, for calling the close disk of pre-set movement to generate data encryption key at random and being crushed
Then key respectively adds data encryption key and broken key with the encrypted public key stored in pre-set USBKey
It is close, obtain data encryption key ciphertext and broken key ciphertext;
Broken module is encrypted, data file to be protected is encrypted using the data encryption key, generates ciphertext
Data carry out broken piecemeal further according to ciphertext data described in pre-set breaking method and broken key pair, obtain n parts of fragments
File, and calculate every part of fragment file HASH value;
Fragment file grouping module, for calling preconfigured fragment file calculating secret disk and moving depositing for close disk
N parts of fragment files are divided into two groups of fragment files according to stored ratio by storage ratio, and respectively to the secret disk of the calculating and movement
Close disk sends corresponding fragment file;
Index data base generation module, it is pre- for the relevant information of preconfigured data file to be protected to be stored in
In the file key information table for the index data base being first arranged and each data item of fragment index information table;
Fragment file storage module, for fragment file corresponding with the close disk of movement to be stored in mobile close disk;And
By fragment file storage corresponding with secret disk is calculated into the hidden folder for calculating secret disk, memory is removed;
The security readers of the local data include:
False file read module, for reading the file ID in the false file for being stored in advance in and calculating secret disk, root
The HASH value for all fragment files corresponding with false file being pre-configured in index data base is read according to false file ID;
Fragment store enquiry module, for the HASH value according to all fragment files, respectively in the close disk of the movement and meter
The consistent fragment file of HASH value for calculating inquiry and all fragment files in secret disk, until finding pre-set n parts of fragment
File;
Fragment file matching module, it is corresponding with false file for calculating HASH value one by one to all n parts of fragment files
HASH value fragment file carries out consistency desired result;In the corresponding HASH value fragment file of false file and n parts of fragment files
HASH value is deposited in the case of inconsistencies, and system executes the pre-stored instruction for returning to wrong end operation automatically;
Fragment file mobile module, in the corresponding HASH value fragment file of false file and n parts of fragment files
Under HASH value unanimous circumstances;The fragment file searched in calculating secret disk is read in into mobile close disk;
Deciphering module is recombinated, for calling the encryption key stored in the mobile close pre-set key storage area of disk, point
Not Xie Mi the corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext in index data base, obtain data and add
Key and broken key;Using putting compatible reassembly algorithm with broken calculation and broken key pair n part fragment files carry out again
Group obtains data file ciphertext, then with data encryption key ciphertext data file cipher text, obtains data file;
Document authentication module, for calculating the HASH value for the data file that recombination deciphering module obtains, with falseness text
The HASH value of protected data file is compared in part, and under comparison result unanimous circumstances, content data file is shown
To user;Otherwise, the pre-stored instruction for returning to wrong end operation is executed.
When concrete application, as shown in figure 5, this system includes computer system, data protection software and mobile close disk;Its
In:
The computer system is connected with the close disk of the movement by USB interface;It can be desktop computer, notebook, intelligence
It can terminal;
The data protection software installation on said computer system, on said computer system for user setting
A certain particular file folder protected, be to calculate secret disk by this document folder definition;Program and kernel are controlled using application layer
Layer file system filter driver, the data file for calculating the arbitrary format of secret disk to write-in are protected;
The close disk of movement is one and itself has hardware cryptographic system mobile storage disc;The data of the mobile close disk of disengaging are all
It is that in plain text, the data being stored in mobile close disk are ciphertexts, passes through crypto chip encryption/decryption;Intelligent code key (following letter
Claim USBKey) close disk is moved by USB interface access, it joins together with the close disk of movement using passing through the key on the close disk of movement
The PIN code for inputting USBKey verifies user identity, to obtain the access right for encrypting public private key pair and mobile close disk in USBKey.
In conjunction with as shown in Fig. 2, controlling program and inner nuclear layer file system filter driver for number to be protected using application layer
It is write as a false file according to file, is stored on the secret disk of calculating, it is visible to user;Data file encryption to be protected is broken
N parts of (n is the integer greater than 1, be can configure) fragment files are broken into, by the n parts of fragment file according to stored ratio (configurable)
It is divided into two groups, is stored respectively in the hidden folder for calculating secret disk and in mobile close disk;Establish an index data inventory
It is stored in mobile close disk, guarantees data security while realizing fragment file quick storage and inquiry reliable;Wherein:
The falseness file is consistent with the format of data file to be protected and file name, and the content of storage includes fixing
Two parts of file attribute information and filling information of size;The file attribute information: including file ID, file level of confidentiality, text
Part controls the size of information, founder, the source owner, current owner, file verification and protected data file, is protected
The HASH value for protecting the HASH value of data file, filemodetime, current file complete trails, aforementioned information, for by data text
The true content of part is directed to corresponding fragment file in the secret disk of calculating and mobile close disk;The filling information: if true
Data file size is less than or equal to file attribute information size, then false file is not filled;Otherwise, the length of filling information
The length of file attribute information is subtracted for the length of authentic document, what filling information can be randomly generated, it is also possible to fix
Value;
The fragment file, which refers to, first encrypts data file to be protected with Encryption Algorithm, then with broken algorithm to ciphertext
Broken obtained file;The fragment file is named with the HASH value of fragment content, for verifying the integrality of fragment file;
The index data base includes file key information table and fragment index information table, for storing key information and broken
Piece information;File key information table includes: that file ID, close disk storage fragment number, mobile close disk storage fragment number, data add
Key ciphertext, broken key ciphertext, fragment HASH value field;Fragment index information table includes: fragment HASH value, fragment store
Position, fragment quote digital section.
In addition, this system can also include binding module, authentication module, encrypt broken module, recombination deciphering module, fragment
Store enquiry module;Wherein:
The binding module include binding and it is unbinding;During data protection software is in installation or first time makes
When disk close with movement, by close disk ID, close disk path, bound device ID, broken number n, the fragment store ratio for calculating secret disk
Configuration file is written, realizes apparatus bound;Bound device id information in allocation of computer file is deleted, realizes to release and tie up
It is fixed;
The authentication module be after the close disk of movement accesses computer system every time, it is right before carrying out PIN code verification
Whether mobile close disk and the secret disk of calculating correspond to and are authenticated;Authentication method are as follows: extract the ID of mobile close disk and calculate secret disk
The bound device ID of information is compared, if unanimously, then move the PIN code verification of close disk;Otherwise, denied access computer
Close disk;
It is described to encrypt broken module progress key generation, cryptographic key protection, encryption, broken, fragment grouping, calculate HASH value behaviour
Make;The key generates, and mobile close disk is called to generate data encryption key and broken key at random;The cryptographic key protection is used
USBKey is encrypted to obtain data encryption key ciphertext and be crushed close to the encrypted public key of data encryption key and broken key
Key ciphertext;The encryption calls mobile close disk to content data file to be protected with being encrypted to obtain data ciphertext;
It is described broken, using broken algorithm and broken key and fragment number n, data ciphertext is broken into n parts of fragment files;Institute
Fragment grouping is stated, according to the fragment store ratio lambda for calculating secret disk in configuration file, x(x ≈ λ * will be divided by calculating fragment
N, x are integer) two groups of part and n-x part, x parts of broken files are randomly choosed from n parts of fragment files, it is determined that this x parts is stored into
Secret disk is calculated, in addition n-x parts of fragment files are stored into mobile close disk;The calculating HASH value, input text will be calculated by referring to
The HASH value of part;
Key, fragment recombination and decryption oprerations are decrypted in the recombination deciphering module;The decruption key calls
Data encryption key ciphertext and broken key ciphertext is decrypted in the private key stored in USBKey respectively;The fragment recombination,
Using reassembly algorithm corresponding with broken algorithm and broken key, n parts of fragment files are combined into data ciphertext;The decryption,
Call mobile close disk that data ciphertext is decrypted into data clear text with the broken data ciphertext of data encryption key;
The method that the fragment store enquiry module realizes a kind of fragment file quick storage and deletion: in fragmentation
When file: being inquired in the fragment index information table of index data base on identical fragment store position with the presence or absence of literary with the fragment
The identical fragment HASH value of part HASH value;If it exists, by fragment number of references+1;Otherwise, fragment file is stored to corresponding
Fragment store position (calculate secret disk or mobile cryptographic key);When deleting agent-protected file: for corresponding n parts of fragment
File inquires the fragment that on identical fragment store position and will be deleted in the fragment index information table of index data base one by one
The identical fragment HASH value of file HASH value;If fragment number of references is 1, the fragment file and related database records are deleted;
If fragment number of references is greater than 1, by fragment number of references -1;Until deleting corresponding all n parts of fragment files.
Further, the broken algorithm controls a randomizer as seed by broken key, generates one
The isometric random sequence with the binary bit stream of data ciphertext to be broken, each element value of the sequence fall in set 0,
1 ... .n-1 } in, it is stitched and fastened according to the binary bit that identical value in the sequence chooses corresponding position respectively, so
Data are just divided into n parts of ciphertext fragments, every part of fragment is numbered according to sequential value.
Further, the reassembly algorithm controls a randomizer as seed by broken key, generates one
The isometric random sequence with the binary bit stream of data ciphertext to be broken, each element value of the sequence fall in set 0,
1 ... .n-1 } in, the fragment binary digit of identical number is successively selected according to stochastic ordering train value, and from left to right split one
It rises, obtains data ciphertext.
Further, the randomizer selects the Linear Congruential Generator with good stochastic behaviourX k=AX k-1
+B(modC), wherein A=7141, B=54773, C=259200.Randomly choose primary condition X0As broken key.Use Yk=Xk
(modn) generate element value in set { 0,1 ... .n-1 } range with the isometric random sequence of data ciphertext binary bit stream.
In addition, it is pacified using above-mentioned local data the present invention also provides a kind of method for secure storing of local data
All risk insurance protecting system, comprising the following steps:
A1: by the file attribute information and filling information of data file to be protected, write-in calculates the virtual text of secret disk
Part;
A2: calling mobile close disk to generate data encryption key and broken key at random, is then added with what is stored in USBKey
Migong key distinguishes encryption data encryption key and broken key, obtains data encryption key ciphertext and broken key ciphertext;It calls
Mobile close disk password encrypts data file to be protected, carries out being crushed piecemeal to ciphertext data according still further to broken number n,
N parts of fragment files are obtained, HASH value is calculated to every part of fragment file;
A3: reading the stored ratio that secret disk and mobile close disk are calculated in configuration file, calculates fragment rule of classification from n parts
Middle random selection x(x ≈ λ * stored ratio, x is integer) part;
A4: by the relevant information of protected data file, the file key information table and fragment of index data base are arrived in storage
In each data item of index information table;
A5: the broken file storage of x part that A3 step is determined is into the hidden folder for calculating secret disk, by remaining n-x
The broken file storage of part removes memory into the close disk of movement.
Also, the present invention also provides a kind of safe read methods of local data, it is pacified using above-mentioned local data
All risk insurance protecting system, comprising the following steps:
B1: data protection software reads the file ID in the false file for calculating secret disk, is read and is moved according to file ID
The HASH value for all fragment files of correspondence that index data base stores in close disk;
B2: according to above-mentioned HASH value, respectively from the close disk of movement and calculate in secret disk inquiry All Files name with it is above-mentioned
The consistent fragment file of HASH value, n parts altogether;
B3: calculating HASH value to all n parts of fragment files one by one, carries out consistency with corresponding HASH value fragment filename
Verification.If have one it is inconsistent, illustrate that fragment file has been tampered, can not recover correct data file, return to mistake knot
Beam operation;If verification is consistent, enter B4 step;
B4: the x part fragment file searched in secret disk will be calculated and read in mobile close disk;
B5: the encryption key of mobile Mi Pan key storage area storage is called, decrypts file ID pair in index data base respectively
The data encryption key ciphertext and broken key ciphertext answered, obtain data encryption key and broken key;With broken key pair n parts
Fragment file is recombinated to obtain data file ciphertext, then with data encryption key ciphertext data file cipher text, obtains data text
Part;
B6: the HASH value of data file described in B5 step, the HASH value with protected data file in false file are calculated
It is compared;If consistent, content data file is showed into user;Otherwise, illustrate that data file has been destroyed, return " wrong
Accidentally ".
In conclusion the present invention is using encryption crushing technology, by data file by means of above-mentioned technical proposal of the invention
Encryption is broken and separation stores, and divides and is stored in the secret disk of calculating and the close disk of movement.Computer (notebook) and mobile close disk are any
One side loses or divulges a secret, and since they only have the partial piece of data, attacker can not restore complete by partial piece
Data;
Even if computer and mobile close disk are stolen simultaneously, the data in mobile close disk have the user of encryption and finite number of time
The duplicate protection of PIN code effectively reduces a possibility that attacker reads fragment file from the close disk of movement;
When reading protected data file, the HASH value of the data file by verifying fragment HASH value and recombination,
It is consistent with data file when last stored with the protected data file for ensuring that user reads, protected data has been effectively ensured
The integrality and availability of file;
Transparent encryption and decryption is carried out to file using inner nuclear layer file driving filtering technique, does not influence the use habit of user,
With good user experience;
In conclusion the present invention provides for user, safety is high, local data safeguard protection of better user experience
Method.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Within mind and principle, any modification, equivalent replacement, improvement and so on be should all be included in the protection scope of the present invention.
Claims (10)
1. a kind of method for secure storing of local data, which comprises the following steps:
By data file to be protected according to pre-set file attribute information and filling information, pre-set meter is written
In the false file for calculating secret disk;
The close disk of pre-set movement is called to generate data encryption key and broken key at random, then with pre-set
The encrypted public key stored in USBKey respectively encrypts data encryption key and broken key, and it is close to obtain data encryption key
Literary and broken key ciphertext;
Data file to be protected is encrypted using the data encryption key, ciphertext data are generated, further according to setting in advance
Ciphertext data described in the breaking method set and broken key pair carry out broken piecemeal, obtain n parts of fragment files, and calculate every part it is broken
Piece file HASH value;
Call preconfigured fragment file in the stored ratio for calculating secret disk and mobile close disk, according to stored ratio by n parts
Fragment file is divided into two groups of fragment files, and sends corresponding fragment text to the secret disk of the calculating and mobile close disk respectively
Part;
The file that the relevant information of preconfigured data file to be protected is stored in pre-set index data base is closed
In each data item of key information table and fragment index information table, the data in the file key information table include that data encryption is close
Key ciphertext and broken key ciphertext;
Fragment file corresponding with the close disk of movement is stored in mobile close disk, and will fragment corresponding with secret disk is calculated
File storage removes memory into the hidden folder for calculating secret disk.
2. the method for secure storing of local data according to claim 1, which is characterized in that further include:
Before using mobile close disk and USBKey, user identity is verified by pre-set log-on message, in user identity
In the case where by verification, to the public and private key of pre-stored encryption in USBKey and mobile close disk carry out using.
3. the method for secure storing of local data according to claim 1, which is characterized in that the file key information table
Further comprise: data/falseness file ID, close disk storage fragment number, mobile close disk storage fragment number, fragment HASH value word
Section;Fragment index information table includes: fragment HASH value, fragment store position, fragment reference digital section.
4. the method for secure storing of local data according to claim 1, which is characterized in that further include:
For in the case where first time is using mobile close disk, by the close disk ID of pre-set movement, mobile close disk path, in advance tie up
Pre-set configuration file is written in locking equipment ID, crush fraction n and the fragment store ratio for calculating secret disk, that is, realizes and set
Standby binding;
The id information of bound device in configuration file is deleted, i.e., realization equipment is unbinding.
5. a kind of safe storage device of local data characterized by comprising
False file writing module, for by data file to be protected according to pre-set file attribute information and filling
Information is written in the pre-set false file for calculating secret disk;
Key generates protective module, for calling the close disk of pre-set movement to generate data encryption key at random and being crushed close
Then key respectively adds data encryption key and broken key with the encrypted public key stored in pre-set USBKey
It is close, obtain data encryption key ciphertext and broken key ciphertext;
Broken module is encrypted, data file to be protected is encrypted using the data encryption key, generates ciphertext data,
Broken piecemeal is carried out further according to ciphertext data described in pre-set breaking method and broken key pair, obtains n parts of fragment files,
And calculate every part of fragment file HASH value;
Fragment file grouping module, for calling preconfigured fragment file in the storage ratio for calculating secret disk and mobile close disk
N parts of fragment files are divided into two groups of fragment files according to stored ratio by example, and respectively to the secret disk of the calculating and mobile close disk
Send corresponding fragment file;
Index data base generation module is set in advance for the relevant information of preconfigured data file to be protected to be stored in
In the file key information table for the index data base set and each data item of fragment index information table;
Fragment file storage module, for fragment file corresponding with the close disk of movement to be stored in mobile close disk;And it will be with
The corresponding fragment file storage of secret disk is calculated into the hidden folder for calculating secret disk, removes memory.
6. the safe storage device of local data according to claim 5, which is characterized in that further include:
Authentication module, for being verified and being used by pre-set log-on message before using mobile close disk and USBKey
Family identity, in the case where user identity is by verification, to the public and private key of pre-stored encryption in USBKey and mobile close disk into
It exercises and uses.
7. the safe storage device of local data according to claim 5, which is characterized in that the file key information table
Include: data/falseness file ID, close disk storage fragment number, mobile close disk storage fragment number, data encryption key ciphertext,
Broken key ciphertext, fragment HASH value field;Fragment index information table includes: that fragment HASH value, fragment store position, fragment draw
Use digital section.
8. a kind of safe read method of local data, which comprises the following steps:
Step 1: reading the file ID in the false file for being stored in advance in and calculating secret disk, read according to false file ID preparatory
Configure the HASH value of all fragment files corresponding with false file in index data base;
Step 2: according to the HASH value of all fragment files, being inquired and all fragments in the close disk of movement and the secret disk of calculating respectively
The consistent fragment file of the HASH value of file, until finding pre-set n parts of fragment file;
Step 3: HASH value being calculated one by one to all n parts of fragment files, HASH value fragment file corresponding with false file carries out
Consistency desired result;In the HASH value of the corresponding HASH value fragment file of false file and n parts of fragment files, there are inconsistent feelings
Under condition, system executes the pre-stored instruction for returning to wrong end operation automatically;In the corresponding HASH value fragment of false file
Under the HASH value unanimous circumstances of file and n parts of fragment files, 4 are thened follow the steps;
Step 4: the fragment file searched in calculating secret disk is read in into mobile close disk;
Step 5: calling the encryption key stored in the mobile close pre-set key storage area of disk, decrypt index data base respectively
The middle corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext, obtain data encryption key and broken key;
Using put compatible reassembly algorithm with broken calculation and broken key pair n parts of fragment files recombinated to obtain data file it is close
Text, then with data encryption key ciphertext data file cipher text, obtain data file;
Step 6: calculating the HASH value of data file described in step 5, the HASH value with protected data file in false file
It is compared, under comparison result unanimous circumstances, content data file is showed into user;Otherwise, it executes pre-stored
Return to the instruction of wrong end operation.
9. a kind of security readers of local data characterized by comprising
False file read module, for reading the file ID in the false file for being stored in advance in and calculating secret disk, according to void
Spurious document ID reads the HASH value for all fragment files corresponding with false file being pre-configured in index data base;
Fragment store enquiry module, for the HASH value according to all fragment files, respectively in the close disk of movement and the secret disk of calculating
The consistent fragment file of HASH value of middle inquiry and all fragment files, until finding pre-set n parts of fragment file;
Fragment file matching module, for calculating HASH value one by one to all n parts of fragment files, HASH corresponding with false file
It is worth fragment file and carries out consistency desired result;In the HASH value of false file corresponding HASH value fragment file and n parts of fragment files
It deposits in the case of inconsistencies, system executes the pre-stored instruction for returning to wrong end operation automatically;
Fragment file mobile module, for the HASH value in false file corresponding HASH value fragment file and n parts of fragment files
Under unanimous circumstances;The fragment file searched in calculating secret disk is read in into mobile close disk;
Deciphering module is recombinated, for calling the encryption key stored in the mobile close pre-set key storage area of disk, is solved respectively
The corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext, it is close to obtain data encryption in close index data base
Key and broken key;Compatible reassembly algorithm is put and broken key pair n parts of fragment files recombinate using with broken calculation
To data file ciphertext, then with data encryption key ciphertext data file cipher text, data file is obtained;
Document authentication module, for calculating the HASH value for the data file that recombination deciphering module obtains, in false file
The HASH value of protected data file is compared, and under comparison result unanimous circumstances, content data file is showed use
Family;Otherwise, the pre-stored instruction for returning to wrong end operation is executed.
10. a kind of safety system of local data, which is characterized in that safe storage device and local including local data
The security readers of data;Wherein, the safe storage device of the local data includes:
False file writing module, for by data file to be protected according to pre-set file attribute information and filling
Information is written in the pre-set false file for calculating secret disk;
Key generates protective module, for calling the close disk of pre-set movement to generate data encryption key at random and being crushed close
Then key respectively adds data encryption key and broken key with the encrypted public key stored in pre-set USBKey
It is close, obtain data encryption key ciphertext and broken key ciphertext;
Broken module is encrypted, data file to be protected is encrypted using the data encryption key, generates ciphertext data,
Broken piecemeal is carried out further according to ciphertext data described in pre-set breaking method and broken key pair, obtains n parts of fragment files,
And calculate every part of fragment file HASH value;
Fragment file grouping module, for calling preconfigured fragment file in the storage ratio for calculating secret disk and mobile close disk
N parts of fragment files are divided into two groups of fragment files according to stored ratio by example, and respectively to the secret disk of the calculating and mobile close disk
Send corresponding fragment file;
Index data base generation module is set in advance for the relevant information of preconfigured data file to be protected to be stored in
In the file key information table for the index data base set and each data item of fragment index information table;
Fragment file storage module, for fragment file corresponding with the close disk of movement to be stored in mobile close disk;And it will be with
The corresponding fragment file storage of secret disk is calculated into the hidden folder for calculating secret disk, removes memory;
The security readers of the local data include:
False file read module, for reading the file ID in the false file for being stored in advance in and calculating secret disk, according to void
Spurious document ID reads the HASH value for all fragment files corresponding with false file being pre-configured in index data base;
Fragment store enquiry module, for the HASH value according to all fragment files, respectively in the close disk of the movement and computer
The consistent fragment file of HASH value with all fragment files is inquired in close disk, until finding pre-set n parts of fragment file;
Fragment file matching module, for calculating HASH value one by one to all n parts of fragment files, HASH corresponding with false file
It is worth fragment file and carries out consistency desired result;In the HASH value of false file corresponding HASH value fragment file and n parts of fragment files
It deposits in the case of inconsistencies, system executes the pre-stored instruction for returning to wrong end operation automatically;
Fragment file mobile module, for the HASH value in false file corresponding HASH value fragment file and n parts of fragment files
Under unanimous circumstances;The fragment file searched in calculating secret disk is read in into mobile close disk;
Deciphering module is recombinated, for calling the encryption key stored in the mobile close pre-set key storage area of disk, is solved respectively
The corresponding data encryption key ciphertext of fragment file ID and broken key ciphertext, it is close to obtain data encryption in close index data base
Key and broken key;Compatible reassembly algorithm is put and broken key pair n parts of fragment files recombinate using with broken calculation
To data file ciphertext, then with data encryption key ciphertext data file cipher text, data file is obtained;
Document authentication module, for calculating the HASH value for the data file that recombination deciphering module obtains, in false file
The HASH value of protected data file is compared, and under comparison result unanimous circumstances, content data file is showed use
Family;Otherwise, the pre-stored instruction for returning to wrong end operation is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510125538.XA CN105117635B (en) | 2015-03-20 | 2015-03-20 | A kind of safety system and method for local data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510125538.XA CN105117635B (en) | 2015-03-20 | 2015-03-20 | A kind of safety system and method for local data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105117635A CN105117635A (en) | 2015-12-02 |
| CN105117635B true CN105117635B (en) | 2019-08-06 |
Family
ID=54665621
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510125538.XA Active CN105117635B (en) | 2015-03-20 | 2015-03-20 | A kind of safety system and method for local data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105117635B (en) |
Families Citing this family (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105897540A (en) * | 2015-12-31 | 2016-08-24 | 乐视移动智能信息技术(北京)有限公司 | VPN information obtaining and storing method and device |
| CN105721560B (en) * | 2016-01-27 | 2018-12-25 | 四川长虹电器股份有限公司 | Unified member's central user login password safe storage system and method |
| CN107025675A (en) * | 2016-02-01 | 2017-08-08 | 广州市动景计算机科技有限公司 | Method, equipment, browser and the electronic equipment of processing interception picture |
| CN106682521B (en) * | 2016-11-28 | 2020-02-07 | 北京计算机技术及应用研究所 | File transparent encryption and decryption system and method based on driver layer |
| CN107256360A (en) * | 2017-06-07 | 2017-10-17 | 努比亚技术有限公司 | File encrypting method, mobile terminal and computer-readable recording medium |
| CN107330340B (en) * | 2017-06-19 | 2020-09-11 | 国家计算机网络与信息安全管理中心 | File encryption method, file encryption equipment, file decryption method, file decryption equipment and storage medium |
| CN109308417B (en) * | 2017-07-27 | 2022-11-01 | 阿里巴巴集团控股有限公司 | Unlocking method and device based on trusted computing |
| US11023601B2 (en) * | 2018-04-20 | 2021-06-01 | Rohde & Schwarz Gmbh & Co. Kg | System and method for secure data handling |
| CN109255245A (en) * | 2018-08-13 | 2019-01-22 | 海南新软软件有限公司 | A kind of local cryptographic key protection method, apparatus and system |
| CN111241606B (en) * | 2020-01-21 | 2021-03-23 | 北京连山科技股份有限公司 | One drags three mobile storage device |
| CN113076313B (en) * | 2021-03-29 | 2022-06-07 | 福建新大陆通信科技股份有限公司 | Emergency broadcast data warehousing method |
| CN115098447B (en) * | 2022-07-18 | 2024-06-18 | 重庆紫光华山智安科技有限公司 | File recovery method and device, electronic equipment and readable storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103198264A (en) * | 2013-03-14 | 2013-07-10 | 厦门市美亚柏科信息股份有限公司 | Method and device for recovering encrypted file system data |
| CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
| CN104333455A (en) * | 2014-11-26 | 2015-02-04 | 肖龙旭 | Secrete communication system and method for smart phone |
-
2015
- 2015-03-20 CN CN201510125538.XA patent/CN105117635B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103198264A (en) * | 2013-03-14 | 2013-07-10 | 厦门市美亚柏科信息股份有限公司 | Method and device for recovering encrypted file system data |
| CN103346998A (en) * | 2013-05-18 | 2013-10-09 | 北京凯锐立德科技有限公司 | File breaking encryption-based file security protection method |
| CN104333455A (en) * | 2014-11-26 | 2015-02-04 | 肖龙旭 | Secrete communication system and method for smart phone |
Non-Patent Citations (1)
| Title |
|---|
| 一种基于数据分割与分级的云存储数据隐私保护机制;徐小龙等;《计算机科学》;20130228;第40卷(第2期);第98-102页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105117635A (en) | 2015-12-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105117635B (en) | A kind of safety system and method for local data | |
| CN104662870B (en) | Data safety management system | |
| CN103455764B (en) | A kind of file encryption based on file division folding and decryption system | |
| US9070112B2 (en) | Method and system for securing documents on a remote shared storage resource | |
| US20130254536A1 (en) | Secure server side encryption for online file sharing and collaboration | |
| CN105024803B (en) | Behavior fingerprint in white box realization | |
| CN101341490B (en) | Method for control access of file system, related system, SIM card and computer program product used therein | |
| CN103745164B (en) | A kind of file safety storage method based on environmental and system | |
| CN105721135B (en) | Implement the method for cryptographic operation using replacement box | |
| CN110213354A (en) | Cloud storage data confidentiality guard method | |
| CN107370595A (en) | One kind is based on fine-grained ciphertext access control method | |
| CN102710668A (en) | Data privacy guarantee method suitable for cloud storage | |
| EP2924953B1 (en) | Method and system for encrypted data synchronization for secure data management | |
| CN105024992B (en) | It realizes in the realization of single white box and is arranged using security related | |
| US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
| CN103955654A (en) | USB (Universal Serial Bus) flash disk secure storage method based on virtual file system | |
| US20240121089A1 (en) | Protecting data using controlled corruption in computer networks | |
| CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
| CN101833625A (en) | File and folder safety protection method based on dynamic password and system thereof | |
| CN110401538A (en) | Data ciphering method, system and terminal | |
| CN107332666A (en) | Terminal document encryption method | |
| CN105721134B (en) | It is realized using the single whitepack with multiple external encodes | |
| CN101174941B (en) | Off-line digital copyright protection method and device for mobile terminal document | |
| Shekhtman et al. | EngraveChain: Tamper-proof distributed log system | |
| CN105978680A (en) | Implementing padding in a white-box implementation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Address after: 304, room 3, building 23, building 68, North Ching Road, 100094, Beijing, Haidian District Applicant after: Caroline control (Beijing) Information Technology Co., Ltd. Address before: 100085 Beijing City, Haidian District Qinghe Zhu Fanglu Pro 68 Applicant before: Beijing Cherilead Tech Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: 100094 room 3, 23 building, 68 Beiqing Road, Haidian District, Beijing 304 Applicant after: Beijing Lianshan Polytron Technologies Inc Address before: 100094 room 3, 23 building, 68 Beiqing Road, Haidian District, Beijing 304 Applicant before: Caroline control (Beijing) Information Technology Co., Ltd. |
|
| CB02 | Change of applicant information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |