CN107066868A - A kind of data guard method and device of identity-based certification - Google Patents

A kind of data guard method and device of identity-based certification Download PDF

Info

Publication number
CN107066868A
CN107066868A CN201710193341.9A CN201710193341A CN107066868A CN 107066868 A CN107066868 A CN 107066868A CN 201710193341 A CN201710193341 A CN 201710193341A CN 107066868 A CN107066868 A CN 107066868A
Authority
CN
China
Prior art keywords
information
authentication
encryption
terminal device
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710193341.9A
Other languages
Chinese (zh)
Inventor
阚志刚
陈彪
卢佐华
方宁
彭建芬
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
YANGPUWEIYE TECHNOLOGY Ltd
Original Assignee
YANGPUWEIYE TECHNOLOGY Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by YANGPUWEIYE TECHNOLOGY Ltd filed Critical YANGPUWEIYE TECHNOLOGY Ltd
Priority to CN201710193341.9A priority Critical patent/CN107066868A/en
Publication of CN107066868A publication Critical patent/CN107066868A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

This application discloses a kind of data guard method and device of identity-based certification, the problem of security to solve data guard method presence in the prior art is poor.Methods described includes:Whether monitoring terminal equipment, which connects, includes authentication information and file encryption-decryption information in default hardware identification equipment, the default hardware identification equipment;If monitoring, the terminal device connects the default hardware identification equipment, and according to the authentication information, authentication is carried out to the default hardware identification equipment;If authentication passes through, according to the corresponding local cipher space of the file encryption-decryption presentation of information, the local cipher space, which is used to store, needs local data to be protected, it is described need to local data to be protected be the local data protected the need for after encryption.

Description

A kind of data guard method and device of identity-based certification
Technical field
The application is related to information security field, more particularly to a kind of data guard method and device of identity-based certification.
Background technology
With the arrival of information age, the safety issue of data is increasingly valued by people.
In actual applications, typically local data can be encrypted by user, to protect local data, it is to avoid local data It is stolen by others, such as provides the data in password authentication protection compressed package by tool of compression software, or, it is soft using encrypting Part local data is encrypted protection etc..
But above-mentioned data guard method security is poor, such as, and the terminal where undesirable invades local data The operations such as after equipment, undesirable is tracked by decryption software for the data after encryption, decompiling, just may crack and add Close data, or, after the terminal device where undesirable's invasion local data, encrypted data can be arbitrarily deleted, Again or, the data after encryption may be by wooden horse or viral subversive etc..
Therefore, at present, a kind of data guard method is needed badly, for solving the peace that data guard method is present in the prior art The problem of property is poor entirely.
The content of the invention
The embodiment of the present application provides a kind of data guard method and device of identity-based certification, to solve prior art The problem of security that middle data guard method is present is poor.
The embodiment of the present application uses following technical proposals:
A kind of data guard method of identity-based certification, methods described includes:
Whether monitoring terminal equipment, which connects to include in default hardware identification equipment, the default hardware identification equipment, is recognized Demonstrate,prove information and file encryption-decryption information;
If monitoring, the terminal device connects the default hardware identification equipment, right according to the authentication information The default hardware identification equipment carries out authentication;
If authentication passes through, according to the corresponding local cipher space of the file encryption-decryption presentation of information, described Ground encryption space, which is used to store, needs local data to be protected, it is described need to local data to be protected to protect the need for after encryption Local data.
A kind of data protecting device of identity-based certification, described device includes:
Whether monitoring modular, default hardware identification equipment is connected for monitoring terminal equipment, and the default hardware is recognized Demonstrate,prove and authentication information and file encryption-decryption information are included in equipment;
Authentication module, is monitoring that the terminal device connects the default hardware and recognize for the monitoring modular When demonstrate,proving equipment, according to the authentication information, authentication is carried out to the default hardware identification equipment;
Display module, for when the authentication module gets the result that authentication passes through, according to the text The corresponding local cipher space of part encryption and decryption presentation of information, the local cipher space, which is used to store, needs local number to be protected According to, it is described need to local data to be protected be the local data protected the need for after encryption.
At least one above-mentioned technical scheme that the embodiment of the present application is used can reach following beneficial effect:
Whether the data guard method of the identity-based certification provided using the embodiment of the present application, monitoring terminal equipment is connected Default hardware identification equipment, if monitoring, the terminal device connects the default hardware identification equipment, according to described Authentication information, carries out authentication to the default hardware identification equipment, if authentication passes through, is added according to the file The corresponding local cipher space of presentation of information is decrypted, wherein, authentication information and text are included in the default hardware identification equipment Part encryption and decryption information, the local cipher space, which is used to store, needs local data to be protected, the need local number to be protected According to the local data to protect the need for after encryption, data are protected by the method for software and hardware combining, and in the prior art only The method that data are encrypted is compared only with encryption software, the security of data guard method is improved.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, this Shen Schematic description and description please is used to explain the application, does not constitute the improper restriction to the application.In the accompanying drawings:
A kind of implementation process signal of the data guard method for identity-based certification that Fig. 1 provides for the embodiment of the present application Figure;
A kind of concrete structure signal of the data protecting device for identity-based certification that Fig. 2 provides for the embodiment of the present application Figure.
Embodiment
To make the purpose, technical scheme and advantage of the application clearer, below in conjunction with the application specific embodiment and Technical scheme is clearly and completely described corresponding accompanying drawing.Obviously, described embodiment is only the application one Section Example, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing Go out the every other embodiment obtained under the premise of creative work, belong to the scope of the application protection.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application is provided is described in detail.
In order to solve the problem of security that data guard method in the prior art is present is poor, the embodiment of the present application is provided A kind of data guard method of identity-based certification.In the embodiment of the present application, executive agent can be but be not limited to PC, Equipment such as tablet personal computer and mobile phone etc., or the application (Application, APP) run in these equipment.It can wherein manage Solution, the executive agent of this method is not construed as to this method for above equipment or using a kind of simply exemplary explanation Restriction.The idiographic flow schematic diagram of this method is as shown in figure 1, comprise the steps:
Step 101, whether monitoring terminal equipment connects default hardware identification equipment, the default hardware identification equipment In include authentication information and file encryption-decryption information.
If not monitoring, the terminal device connects the default hardware identification equipment, performs step 104;If monitoring The default hardware identification equipment is connected to the terminal device, then performs step 102.
Wherein, above-mentioned terminal device, including the interface that can be attached with external equipment, such as USB interface.It is above-mentioned pre- If hardware identification equipment, can be set for the hardware that can set up data cube computation by the interface on terminal device and terminal device It is standby, such as can be the hardware device such as USB flash disk or USB Key.
Generally, if being not connected with hardware device on terminal device, terminal device just will not monitor hardware device, if Hardware device has been gone up in terminal device connection, then terminal device will monitor that hardware device has been gone up in terminal device itself connection. When terminal device monitor terminal device itself connection gone up hardware device after, how to determine connection on hardware device whether It is default hardware identification equipment, can be determined by following methods:
In general, hardware device itself is provided with identity, when the upper terminal device of hardware device connection, eventually End equipment just can get the identity of the hardware device.So in the embodiment of the present application, can be in advance to be default hard Part authenticating device sets identity, and it is local that the identity is stored in into terminal device in advance.When terminal device is monitored After the upper hardware device of terminal device itself connection, the identity of the hardware device can be obtained, if the identity and guarantor in advance There is the local identity of terminal device identical, just can determine that the hardware device is default hardware identification equipment.
Step 102, according to the authentication information, authentication is carried out to the default hardware identification equipment.If identity Certification passes through, then performs step 103;If authentication does not pass through, step 105 is performed.
Can be as follows to the mode that default hardware identification equipment carries out authentication:
On terminal device connection is monitored after default hardware identification equipment, terminal device just ejects PIN code certification window Mouthful, the authentication window includes inputting the input frame of PIN code for user, and user is inputted after PIN code in the input frame, and terminal is set The PIN that the standby PIN code that can input user and authentication information include is compared, if differing, judges authentication Do not pass through;If identical, the digital certificate included according to the authentication information is carried out to the default hardware identification equipment Authentication, so judge authentication by or do not pass through.
, wherein it is desired to explanation, the digital certificate in default hardware identification equipment is to default hardware identification Equipment carry out authentication, and then judge authentication by or unsanctioned method, be prior art, no longer gone to live in the household of one's in-laws on getting married herein State.
Step 103, according to the corresponding local cipher space of the file encryption-decryption presentation of information.
In order that reader is easier to understand the data guard method of the embodiment of the present application offer, step 103 is being elaborated Before, the method for creating local cipher space is first introduced below, is comprised the steps:
Whether step a, terminal device monitoring terminal equipment itself connects default hardware identification equipment, if monitoring terminal Equipment connects default hardware identification equipment, then performs step b;If not monitoring, terminal device connects default hardware identification and set It is standby, then perform step e.
Whether terminal device monitoring terminal equipment itself connects the method for default hardware identification equipment reference can be made to step 101, no longer repeated herein.
Step b, according to authentication information, authentication is carried out to default hardware identification equipment, if authentication passes through, Perform step c;If authentication does not pass through, step f is performed.
Terminal device carries out identity authentication method according to authentication information, to default hardware identification equipment and can be found in step 102, no longer repeated herein.
Step c, creates encryption folder in disk space is locally had, by virtual disk mapping techniques, will encrypt Folders are into encrypted virtual disk space.
When terminal device creates encryption folder in existing disk space, terminal device can be in existing disk space Establishment file is pressed from both sides, the AES then included according to file encryption-decryption information, and this document folder is encrypted, is just created that Encryption folder.
It should be noted that the big I of above-mentioned file, which is user, specifies size.Terminal device is in existing disk space During middle establishment file folder, terminal device can eject establishment window, and the establishment window includes representing file for user's input The input frame of the data of size, user can input corresponding data according to self-demand in input frame.Terminal device will root The data inputted according to user, are created that the file for the size of data that size inputs for user.
Virtual disk mapping techniques are prior art, are no longer repeated herein.
Step d, is encrypted to the corresponding disk drive file of virtual disk space according to file encryption-decryption information, will add Close virtual disk space is defined as the local cipher space.
The AES included according to file encryption-decryption information enters to the corresponding disk drive file of virtual disk space Row encryption, the local cipher space is defined as by encrypted virtual disk space.
Wherein, the corresponding clear crytpographic key of encryption folder clear crytpographic key corresponding with local cipher space is identical.Above-mentioned text The size of part folder is identical with the size in local cipher space, and it can be that user specifies size that the size in local cipher space, which is,.
Step e, terminates.
Step f, terminates.
By above-mentioned creation method be created that come local cipher space, need local data to be protected for storing, need Local data to be protected is the local data protected the need for after encryption.The local data protected the need for after encryption can pass through Following methods are obtained:The AES that terminal device includes according to the file encryption-decryption information is to the local cipher space The local data protected the need for middle storage is encrypted.
In the embodiment of the present application, at least one AES can be included in file encryption-decryption information, terminal device exists The AES used when file is encrypted, the AES used when disk drive file is encrypted, with And the AES used when local data is encrypted, can be with identical, can also be different, the embodiment of the present application is not entered to this Row is any to be limited.
It should be strongly noted that the local cipher space being created that by above-mentioned creation method, does not connect in terminal device When connecing default hardware identification equipment, or the upper default hardware identification equipment of terminal device connection, but the default hardware Authenticating device authentication not by when, be constantly in hidden state, application layer user can not have found this using any means Space is encrypted on ground, and hacker, virus or wooden horse etc. can not obtain or destroy the sheet protected in local cipher space the need for storage Ground data, this local data protected the need for just can protecting the storage in local cipher space very well.
Default hardware identification equipment is gone up when terminal device is connected, and the default hardware identification equipment identities certification passes through When, terminal device the disk drive file of encryption can be decrypted, the magnetic after being decrypted according to file encryption-decryption information Dish driving file, according to the disk drive file after the decryption, shows corresponding virtual disk space.Wherein, virtual disk Space is just local cipher space.
Specifically, file encryption-decryption information includes the corresponding clear crytpographic key of disk drive file of encryption, terminal device According to file encryption-decryption information, the disk drive file corresponding clear crytpographic key of encryption can be obtained, and then basis is got Password, the disk drive file of encryption is decrypted, the disk drive file after being decrypted.Magnetic after decryption is got After dish driving file, just corresponding virtual disk space can be shown according to disk drive file after decryption.
In file encryption-decryption information, the corresponding password in local cipher space can also be included, in the step 103 that is finished Afterwards, terminal device can also obtain the corresponding password in local cipher space according to file encryption-decryption information, and then basis is got The corresponding password in local cipher space, local cipher space is decrypted, local cipher space is opened, this is accessed for user The local data protected the need for the encryption stored in ground encryption space.
If terminal device receives the local data protected the need for user accesses the encryption stored in local cipher space Access request, terminal device can eject cipher authentication window, and the cipher authentication window may include to input password for user Input frame, user is inputted after password in input frame, and terminal device can extract the password of user's input, and by the user of extraction The clear crytpographic key that the password of input includes with file encryption-decryption information is compared, if identical, responds above-mentioned access request; If differing, prompting message is exported, the prompting message is used to remind user cipher mistake.
After terminal device shows local cipher space, connect if default hardware identification equipment disconnects with terminal device Connect, then the local cipher space for having shown that out will stash, user just can not see the local cipher space.
Step 104, terminate.
Step 105, terminate.
In a kind of implement scene, when authentication not by when, terminal device can also export prompting message, for carrying The hardware identification equipment identities certification of awake user preset does not pass through, and end operation is then performed again.
Whether the data guard method of the identity-based certification provided using the embodiment of the present application, monitoring terminal equipment is connected Default hardware identification equipment, if monitoring, the terminal device connects the default hardware identification equipment, according to described Authentication information, carries out authentication to the default hardware identification equipment, if authentication passes through, is added according to the file The corresponding local cipher space of presentation of information is decrypted, wherein, authentication information and text are included in the default hardware identification equipment Part encryption and decryption information, the local cipher space, which is used to store, needs local data to be protected, the need local number to be protected According to the local data to protect the need for after encryption, data are protected by the method for software and hardware combining, and in the prior art only The method that data are encrypted is compared only with encryption software, the security of data guard method is improved.
It should be noted that in the embodiment of the present application, before using default hardware identification equipment, this can be preset The initialization of hardware identification equipment so that the default hardware identification equipment possesses referred in the embodiment of the present application default hard Part certification sets the function that possess.
In addition, in the embodiment of the present application, in order to improve be stored in after in local cipher space, encryption the need for protect Local data security, the default hardware identification equipment is carried out according to the authentication information performing step 102 Authentication, final authentication according to the file encryption-decryption presentation of information and is opening corresponding local cipher by rear Before space, terminal device can also carry out operations described below:
The face information of the currently used person of acquisition terminal equipment, and/or finger print information, and/or audio-frequency information, are determined The human face similarity degree of the face information prestored in the face information and terminal device of the currently used person of the terminal device collected More than the first default similarity threshold, and/or determine the finger print information collected and the finger print information prestored in terminal device Fingerprint similarity be more than the second default similarity threshold, and/or determine the currently used person of the terminal device collected The corresponding audio frequency characteristics of audio-frequency information are identical with the audio frequency characteristics prestored in terminal device.
Wherein, the first default similarity threshold and the second default similarity threshold can be set according to actual conditions, this In no longer repeated.
The data guard method of the identity-based certification provided above for the embodiment of the present application, based on same thinking, sheet Application also provides a kind of data protecting device of identity-based certification.
As shown in Fig. 2 a kind of structure of the data protecting device of the identity-based certification provided for the embodiment of the present application is shown It is intended to, mainly including following apparatus:
Whether monitoring modular 21, default hardware identification equipment, the default hardware are connected for monitoring terminal equipment Authentication information and file encryption-decryption information are included in authenticating device;
Authentication module 22, is monitoring that the terminal device connection is described default hard for the monitoring modular 21 During part authenticating device, according to the authentication information, authentication is carried out to the default hardware identification equipment;
Display module 23, for when the authentication module 22 gets the result that authentication passes through, according to institute The corresponding local cipher space of file encryption-decryption presentation of information is stated, the local cipher space is used for storage need to be to be protected local Data, it is described need to local data to be protected be the local data protected the need for after encryption.
In a kind of implement scene, described device also includes:
Acquisition module, gets after the result that authentication passes through for the authentication module 22, in display module According to the file encryption-decryption presentation of information and open before corresponding local cipher space, gathering the current of the terminal device makes The face information of user, and/or finger print information, and/or audio-frequency information;Then
In a kind of implement scene, described device also includes:
Determining module, face information and the end of the currently used person of the terminal device collected for determining The human face similarity degree of the face information prestored in end equipment is more than the first default similarity threshold, and/or determines what is collected The fingerprint similarity of finger print information of the finger print information with being prestored in the terminal device is more than the second default similarity threshold, And/or determine the corresponding audio frequency characteristics of audio-frequency information and the terminal of the currently used person of the terminal device collected The audio frequency characteristics prestored in equipment are identical.
In a kind of implement scene, the display module is used for:
According to the file encryption-decryption information, the disk drive file of encryption is decrypted, the disk after being decrypted Drive file;
According to the disk drive file after the decryption, corresponding virtual disk space is shown.
Whether the data guard method of the identity-based certification provided using the embodiment of the present application, monitoring terminal equipment is connected Default hardware identification equipment, if monitoring, the terminal device connects the default hardware identification equipment, according to described Authentication information, carries out authentication to the default hardware identification equipment, if authentication passes through, is added according to the file The corresponding local cipher space of presentation of information is decrypted, wherein, authentication information and text are included in the default hardware identification equipment Part encryption and decryption information, the local cipher space, which is used to store, needs local data to be protected, the need local number to be protected According to the local data to protect the need for after encryption, data are protected by the method for software and hardware combining, and in the prior art only The method that data are encrypted is compared only with encryption software, the security of data guard method is improved.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data. The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM), Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described Also there is other identical element in process, method, commodity or the equipment of element.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product. Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.) Formula.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent Replace, improve etc., it should be included within the scope of claims hereof.

Claims (10)

1. a kind of data guard method of identity-based certification, it is characterised in that methods described includes:
Whether monitoring terminal equipment is connected in default hardware identification equipment, the default hardware identification equipment comprising certification letter Breath and file encryption-decryption information;
If monitoring, the terminal device connects the default hardware identification equipment, according to the authentication information, to described Default hardware identification equipment carries out authentication;
It is described locally to add according to the corresponding local cipher space of the file encryption-decryption presentation of information if authentication passes through Close space, which is used to store, needs local data to be protected, it is described need to local data to be protected be the sheet protected the need for after encryption Ground data.
2. the method as described in claim 1, it is characterised in that authentication is by rear, according to the file encryption-decryption information Show and open before corresponding local cipher space, methods described also includes:
Gather the face information of the currently used person of the terminal device, and/or finger print information, and/or audio-frequency information;
The people prestored in the face information and the terminal device of determining the currently used person of the terminal device collected The human face similarity degree of face information is more than the first default similarity threshold, and/or determines the finger print information collected and institute The fingerprint similarity for stating the finger print information prestored in terminal device is more than the second default similarity threshold, and/or determines collection To the terminal device currently used person the corresponding audio frequency characteristics of audio-frequency information and the terminal device in the sound that prestores Frequency feature is identical.
3. the method as described in claim 1, it is characterised in that locally add according to the file encryption-decryption presentation of information is corresponding Close space, including:
According to the file encryption-decryption information, the disk drive file of encryption is decrypted, the disk drive after being decrypted File;
According to the disk drive file after the decryption, corresponding virtual disk space is shown.
4. the method as described in claim 1, it is characterised in that the local cipher space is created by following methods:
Whether monitoring terminal equipment connects default hardware identification equipment;
If monitoring, the terminal device connects the default hardware identification equipment, according to the authentication information, to described Default hardware identification equipment carries out authentication;
If authentication passes through, encryption folder is created in disk is locally had;
By virtual disk mapping techniques, the encryption folder is mapped to encrypted virtual disk space;
According to the file encryption-decryption information, disk drive file corresponding to the virtual disk space is encrypted;
The encrypted virtual disk space is defined as the local cipher space.
5. the method as described in claim 1, it is characterised in that the default hardware device is USB Key.
6. the method as described in claim 1, it is characterised in that the local data protected the need for after the encryption is under State method acquisition:
The AES included according to the file encryption-decryption information, to being protected in the local cipher space the need for storage Local data be encrypted.
7. the method as described in claim 1, it is characterised in that the size in the local cipher space is that user specifies size.
8. a kind of data protecting device of identity-based certification, it is characterised in that described device includes:
Whether monitoring modular, default hardware identification equipment is connected for monitoring terminal equipment, and the default hardware identification is set Authentication information and file encryption-decryption information are included in standby;
Authentication module, is monitoring that the terminal device connects the default hardware identification and set for the monitoring modular When standby, according to the authentication information, authentication is carried out to the default hardware identification equipment;
Display module, for when the authentication module gets the result that authentication passes through, being added according to the file The corresponding local cipher space of presentation of information is decrypted, the local cipher space, which is used to store, needs local data to be protected, institute State the local data for needing local data to be protected to protect the need for after encryption.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Acquisition module, gets after the result that authentication passes through for the authentication module, in display module according to institute State file encryption-decryption presentation of information and open before corresponding local cipher space, gather the currently used person's of the terminal device Face information, and/or finger print information, and/or audio-frequency information;Then
Described device also includes:
Determining module, face information and the terminal of the currently used person of the terminal device collected for determining are set The human face similarity degree of the face information prestored in standby is more than the first default similarity threshold, and/or determines collect described The fingerprint similarity of the finger print information prestored in finger print information and the terminal device is more than the second default similarity threshold, and/ Or determine that the corresponding audio frequency characteristics of audio-frequency information of the currently used person of the terminal device collected are set with the terminal The audio frequency characteristics prestored in standby are identical.
10. device as claimed in claim 8, it is characterised in that the display module, is used for:
According to the file encryption-decryption information, the disk drive file of encryption is decrypted, the disk drive after being decrypted File;
According to the disk drive file after the decryption, corresponding virtual disk space is shown.
CN201710193341.9A 2017-03-28 2017-03-28 A kind of data guard method and device of identity-based certification Pending CN107066868A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710193341.9A CN107066868A (en) 2017-03-28 2017-03-28 A kind of data guard method and device of identity-based certification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710193341.9A CN107066868A (en) 2017-03-28 2017-03-28 A kind of data guard method and device of identity-based certification

Publications (1)

Publication Number Publication Date
CN107066868A true CN107066868A (en) 2017-08-18

Family

ID=59621164

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710193341.9A Pending CN107066868A (en) 2017-03-28 2017-03-28 A kind of data guard method and device of identity-based certification

Country Status (1)

Country Link
CN (1) CN107066868A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107392039A (en) * 2017-09-22 2017-11-24 华北理工大学 Computer hard disk data encrypting method and its device
CN108573129A (en) * 2018-03-06 2018-09-25 李明霞 The anti-modification platform of intelligent computer file
WO2020001078A1 (en) * 2018-06-25 2020-01-02 湖南国科微电子股份有限公司 Safe operation method and system for storage data
CN113191778A (en) * 2021-05-20 2021-07-30 中国农业银行股份有限公司 Identity authentication method and identity authentication device

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201607722U (en) * 2009-12-28 2010-10-13 群丰科技股份有限公司 Security type storage device and data security system
CN102508792A (en) * 2011-09-30 2012-06-20 广州尚恩科技有限公司 Method for realizing secure access of data in hard disk
CN103294941A (en) * 2012-02-22 2013-09-11 腾讯科技(深圳)有限公司 Method for accessing private space and mobile device
CN103577761A (en) * 2013-10-25 2014-02-12 北京奇虎科技有限公司 Method and device for processing privacy data in mobile equipment
CN104484625A (en) * 2014-12-29 2015-04-01 北京明朝万达科技有限公司 Computer with dual operating systems and implementation method thereof
CN106326699A (en) * 2016-08-25 2017-01-11 广东七洲科技股份有限公司 Method for reinforcing server based on file access control and progress access control

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201607722U (en) * 2009-12-28 2010-10-13 群丰科技股份有限公司 Security type storage device and data security system
CN102508792A (en) * 2011-09-30 2012-06-20 广州尚恩科技有限公司 Method for realizing secure access of data in hard disk
CN103294941A (en) * 2012-02-22 2013-09-11 腾讯科技(深圳)有限公司 Method for accessing private space and mobile device
CN103577761A (en) * 2013-10-25 2014-02-12 北京奇虎科技有限公司 Method and device for processing privacy data in mobile equipment
CN104484625A (en) * 2014-12-29 2015-04-01 北京明朝万达科技有限公司 Computer with dual operating systems and implementation method thereof
CN106326699A (en) * 2016-08-25 2017-01-11 广东七洲科技股份有限公司 Method for reinforcing server based on file access control and progress access control

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107392039A (en) * 2017-09-22 2017-11-24 华北理工大学 Computer hard disk data encrypting method and its device
CN107392039B (en) * 2017-09-22 2020-06-30 华北理工大学 Computer hard disk data encryption method and device
CN108573129A (en) * 2018-03-06 2018-09-25 李明霞 The anti-modification platform of intelligent computer file
WO2020001078A1 (en) * 2018-06-25 2020-01-02 湖南国科微电子股份有限公司 Safe operation method and system for storage data
KR20210024070A (en) * 2018-06-25 2021-03-04 후난 고케 마이크로일렉트로닉스 컴퍼니 리미티드 Safe operation method and system of stored data
KR102450837B1 (en) 2018-06-25 2022-10-04 후난 고케 마이크로일렉트로닉스 컴퍼니 리미티드 Safe operation method and system of stored data
CN113191778A (en) * 2021-05-20 2021-07-30 中国农业银行股份有限公司 Identity authentication method and identity authentication device

Similar Documents

Publication Publication Date Title
CN107147652B (en) A kind of safety fusion authentication method of the polymorphic identity of user based on block chain
US9448949B2 (en) Mobile data vault
CN110324143A (en) Data transmission method, electronic equipment and storage medium
CN113536359B (en) Personal health record privacy protection and access system and method based on blockchain
CN107171791A (en) A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic
CN107066868A (en) A kind of data guard method and device of identity-based certification
CN105429761A (en) Key generation method and device
EP3337088A1 (en) Data encryption method, decryption method, apparatus, and system
CN105468940B (en) Method for protecting software and device
CN107359998A (en) A kind of foundation of portable intelligent password management system and operating method
CN109495252A (en) Data ciphering method, device, computer equipment and storage medium
CN113541935B (en) Encryption cloud storage method, system, equipment and terminal supporting key escrow
CN107092836A (en) A kind of data guard method and device based on system encryption
CN207150607U (en) A kind of data encrypting and deciphering system based on biological characteristic
US20200272759A1 (en) Systems and methods for secure high speed data generation and access
US20150281188A1 (en) Method and apparatus for cryptographic processing
CN104901810A (en) Data encryption storage method based on domestic cryptographic algorithm
CN110771190A (en) Controlling access to data
CN110401538A (en) Data ciphering method, system and terminal
CN107609410A (en) Android system data guard method, terminal device and storage medium based on HOOK
CN111008390A (en) Root key generation protection method and device, solid state disk and storage medium
CN104639332A (en) Protective method for solid-state disk encryption key
CN106650372A (en) open method and device of administrator authority
CN108540486A (en) The generation of cloud key and application method
CN110225014B (en) Internet of things equipment identity authentication method based on fingerprint centralized issuing mode

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor

Applicant after: Beijing Bang Bang Safety Technology Co. Ltd.

Address before: 100083 Xueyuan Road, Haidian District, Haidian District, Beijing, Haidian District, Beijing

Applicant before: Yangpuweiye Technology Limited

CB02 Change of applicant information
RJ01 Rejection of invention patent application after publication

Application publication date: 20170818

RJ01 Rejection of invention patent application after publication