CN107066868A - A kind of data guard method and device of identity-based certification - Google Patents
A kind of data guard method and device of identity-based certification Download PDFInfo
- Publication number
- CN107066868A CN107066868A CN201710193341.9A CN201710193341A CN107066868A CN 107066868 A CN107066868 A CN 107066868A CN 201710193341 A CN201710193341 A CN 201710193341A CN 107066868 A CN107066868 A CN 107066868A
- Authority
- CN
- China
- Prior art keywords
- information
- authentication
- encryption
- terminal device
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/78—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
This application discloses a kind of data guard method and device of identity-based certification, the problem of security to solve data guard method presence in the prior art is poor.Methods described includes:Whether monitoring terminal equipment, which connects, includes authentication information and file encryption-decryption information in default hardware identification equipment, the default hardware identification equipment;If monitoring, the terminal device connects the default hardware identification equipment, and according to the authentication information, authentication is carried out to the default hardware identification equipment;If authentication passes through, according to the corresponding local cipher space of the file encryption-decryption presentation of information, the local cipher space, which is used to store, needs local data to be protected, it is described need to local data to be protected be the local data protected the need for after encryption.
Description
Technical field
The application is related to information security field, more particularly to a kind of data guard method and device of identity-based certification.
Background technology
With the arrival of information age, the safety issue of data is increasingly valued by people.
In actual applications, typically local data can be encrypted by user, to protect local data, it is to avoid local data
It is stolen by others, such as provides the data in password authentication protection compressed package by tool of compression software, or, it is soft using encrypting
Part local data is encrypted protection etc..
But above-mentioned data guard method security is poor, such as, and the terminal where undesirable invades local data
The operations such as after equipment, undesirable is tracked by decryption software for the data after encryption, decompiling, just may crack and add
Close data, or, after the terminal device where undesirable's invasion local data, encrypted data can be arbitrarily deleted,
Again or, the data after encryption may be by wooden horse or viral subversive etc..
Therefore, at present, a kind of data guard method is needed badly, for solving the peace that data guard method is present in the prior art
The problem of property is poor entirely.
The content of the invention
The embodiment of the present application provides a kind of data guard method and device of identity-based certification, to solve prior art
The problem of security that middle data guard method is present is poor.
The embodiment of the present application uses following technical proposals:
A kind of data guard method of identity-based certification, methods described includes:
Whether monitoring terminal equipment, which connects to include in default hardware identification equipment, the default hardware identification equipment, is recognized
Demonstrate,prove information and file encryption-decryption information;
If monitoring, the terminal device connects the default hardware identification equipment, right according to the authentication information
The default hardware identification equipment carries out authentication;
If authentication passes through, according to the corresponding local cipher space of the file encryption-decryption presentation of information, described
Ground encryption space, which is used to store, needs local data to be protected, it is described need to local data to be protected to protect the need for after encryption
Local data.
A kind of data protecting device of identity-based certification, described device includes:
Whether monitoring modular, default hardware identification equipment is connected for monitoring terminal equipment, and the default hardware is recognized
Demonstrate,prove and authentication information and file encryption-decryption information are included in equipment;
Authentication module, is monitoring that the terminal device connects the default hardware and recognize for the monitoring modular
When demonstrate,proving equipment, according to the authentication information, authentication is carried out to the default hardware identification equipment;
Display module, for when the authentication module gets the result that authentication passes through, according to the text
The corresponding local cipher space of part encryption and decryption presentation of information, the local cipher space, which is used to store, needs local number to be protected
According to, it is described need to local data to be protected be the local data protected the need for after encryption.
At least one above-mentioned technical scheme that the embodiment of the present application is used can reach following beneficial effect:
Whether the data guard method of the identity-based certification provided using the embodiment of the present application, monitoring terminal equipment is connected
Default hardware identification equipment, if monitoring, the terminal device connects the default hardware identification equipment, according to described
Authentication information, carries out authentication to the default hardware identification equipment, if authentication passes through, is added according to the file
The corresponding local cipher space of presentation of information is decrypted, wherein, authentication information and text are included in the default hardware identification equipment
Part encryption and decryption information, the local cipher space, which is used to store, needs local data to be protected, the need local number to be protected
According to the local data to protect the need for after encryption, data are protected by the method for software and hardware combining, and in the prior art only
The method that data are encrypted is compared only with encryption software, the security of data guard method is improved.
Brief description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, this Shen
Schematic description and description please is used to explain the application, does not constitute the improper restriction to the application.In the accompanying drawings:
A kind of implementation process signal of the data guard method for identity-based certification that Fig. 1 provides for the embodiment of the present application
Figure;
A kind of concrete structure signal of the data protecting device for identity-based certification that Fig. 2 provides for the embodiment of the present application
Figure.
Embodiment
To make the purpose, technical scheme and advantage of the application clearer, below in conjunction with the application specific embodiment and
Technical scheme is clearly and completely described corresponding accompanying drawing.Obviously, described embodiment is only the application one
Section Example, rather than whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not doing
Go out the every other embodiment obtained under the premise of creative work, belong to the scope of the application protection.
Below in conjunction with accompanying drawing, the technical scheme that each embodiment of the application is provided is described in detail.
In order to solve the problem of security that data guard method in the prior art is present is poor, the embodiment of the present application is provided
A kind of data guard method of identity-based certification.In the embodiment of the present application, executive agent can be but be not limited to PC,
Equipment such as tablet personal computer and mobile phone etc., or the application (Application, APP) run in these equipment.It can wherein manage
Solution, the executive agent of this method is not construed as to this method for above equipment or using a kind of simply exemplary explanation
Restriction.The idiographic flow schematic diagram of this method is as shown in figure 1, comprise the steps:
Step 101, whether monitoring terminal equipment connects default hardware identification equipment, the default hardware identification equipment
In include authentication information and file encryption-decryption information.
If not monitoring, the terminal device connects the default hardware identification equipment, performs step 104;If monitoring
The default hardware identification equipment is connected to the terminal device, then performs step 102.
Wherein, above-mentioned terminal device, including the interface that can be attached with external equipment, such as USB interface.It is above-mentioned pre-
If hardware identification equipment, can be set for the hardware that can set up data cube computation by the interface on terminal device and terminal device
It is standby, such as can be the hardware device such as USB flash disk or USB Key.
Generally, if being not connected with hardware device on terminal device, terminal device just will not monitor hardware device, if
Hardware device has been gone up in terminal device connection, then terminal device will monitor that hardware device has been gone up in terminal device itself connection.
When terminal device monitor terminal device itself connection gone up hardware device after, how to determine connection on hardware device whether
It is default hardware identification equipment, can be determined by following methods:
In general, hardware device itself is provided with identity, when the upper terminal device of hardware device connection, eventually
End equipment just can get the identity of the hardware device.So in the embodiment of the present application, can be in advance to be default hard
Part authenticating device sets identity, and it is local that the identity is stored in into terminal device in advance.When terminal device is monitored
After the upper hardware device of terminal device itself connection, the identity of the hardware device can be obtained, if the identity and guarantor in advance
There is the local identity of terminal device identical, just can determine that the hardware device is default hardware identification equipment.
Step 102, according to the authentication information, authentication is carried out to the default hardware identification equipment.If identity
Certification passes through, then performs step 103;If authentication does not pass through, step 105 is performed.
Can be as follows to the mode that default hardware identification equipment carries out authentication:
On terminal device connection is monitored after default hardware identification equipment, terminal device just ejects PIN code certification window
Mouthful, the authentication window includes inputting the input frame of PIN code for user, and user is inputted after PIN code in the input frame, and terminal is set
The PIN that the standby PIN code that can input user and authentication information include is compared, if differing, judges authentication
Do not pass through;If identical, the digital certificate included according to the authentication information is carried out to the default hardware identification equipment
Authentication, so judge authentication by or do not pass through.
, wherein it is desired to explanation, the digital certificate in default hardware identification equipment is to default hardware identification
Equipment carry out authentication, and then judge authentication by or unsanctioned method, be prior art, no longer gone to live in the household of one's in-laws on getting married herein
State.
Step 103, according to the corresponding local cipher space of the file encryption-decryption presentation of information.
In order that reader is easier to understand the data guard method of the embodiment of the present application offer, step 103 is being elaborated
Before, the method for creating local cipher space is first introduced below, is comprised the steps:
Whether step a, terminal device monitoring terminal equipment itself connects default hardware identification equipment, if monitoring terminal
Equipment connects default hardware identification equipment, then performs step b;If not monitoring, terminal device connects default hardware identification and set
It is standby, then perform step e.
Whether terminal device monitoring terminal equipment itself connects the method for default hardware identification equipment reference can be made to step
101, no longer repeated herein.
Step b, according to authentication information, authentication is carried out to default hardware identification equipment, if authentication passes through,
Perform step c;If authentication does not pass through, step f is performed.
Terminal device carries out identity authentication method according to authentication information, to default hardware identification equipment and can be found in step
102, no longer repeated herein.
Step c, creates encryption folder in disk space is locally had, by virtual disk mapping techniques, will encrypt
Folders are into encrypted virtual disk space.
When terminal device creates encryption folder in existing disk space, terminal device can be in existing disk space
Establishment file is pressed from both sides, the AES then included according to file encryption-decryption information, and this document folder is encrypted, is just created that
Encryption folder.
It should be noted that the big I of above-mentioned file, which is user, specifies size.Terminal device is in existing disk space
During middle establishment file folder, terminal device can eject establishment window, and the establishment window includes representing file for user's input
The input frame of the data of size, user can input corresponding data according to self-demand in input frame.Terminal device will root
The data inputted according to user, are created that the file for the size of data that size inputs for user.
Virtual disk mapping techniques are prior art, are no longer repeated herein.
Step d, is encrypted to the corresponding disk drive file of virtual disk space according to file encryption-decryption information, will add
Close virtual disk space is defined as the local cipher space.
The AES included according to file encryption-decryption information enters to the corresponding disk drive file of virtual disk space
Row encryption, the local cipher space is defined as by encrypted virtual disk space.
Wherein, the corresponding clear crytpographic key of encryption folder clear crytpographic key corresponding with local cipher space is identical.Above-mentioned text
The size of part folder is identical with the size in local cipher space, and it can be that user specifies size that the size in local cipher space, which is,.
Step e, terminates.
Step f, terminates.
By above-mentioned creation method be created that come local cipher space, need local data to be protected for storing, need
Local data to be protected is the local data protected the need for after encryption.The local data protected the need for after encryption can pass through
Following methods are obtained:The AES that terminal device includes according to the file encryption-decryption information is to the local cipher space
The local data protected the need for middle storage is encrypted.
In the embodiment of the present application, at least one AES can be included in file encryption-decryption information, terminal device exists
The AES used when file is encrypted, the AES used when disk drive file is encrypted, with
And the AES used when local data is encrypted, can be with identical, can also be different, the embodiment of the present application is not entered to this
Row is any to be limited.
It should be strongly noted that the local cipher space being created that by above-mentioned creation method, does not connect in terminal device
When connecing default hardware identification equipment, or the upper default hardware identification equipment of terminal device connection, but the default hardware
Authenticating device authentication not by when, be constantly in hidden state, application layer user can not have found this using any means
Space is encrypted on ground, and hacker, virus or wooden horse etc. can not obtain or destroy the sheet protected in local cipher space the need for storage
Ground data, this local data protected the need for just can protecting the storage in local cipher space very well.
Default hardware identification equipment is gone up when terminal device is connected, and the default hardware identification equipment identities certification passes through
When, terminal device the disk drive file of encryption can be decrypted, the magnetic after being decrypted according to file encryption-decryption information
Dish driving file, according to the disk drive file after the decryption, shows corresponding virtual disk space.Wherein, virtual disk
Space is just local cipher space.
Specifically, file encryption-decryption information includes the corresponding clear crytpographic key of disk drive file of encryption, terminal device
According to file encryption-decryption information, the disk drive file corresponding clear crytpographic key of encryption can be obtained, and then basis is got
Password, the disk drive file of encryption is decrypted, the disk drive file after being decrypted.Magnetic after decryption is got
After dish driving file, just corresponding virtual disk space can be shown according to disk drive file after decryption.
In file encryption-decryption information, the corresponding password in local cipher space can also be included, in the step 103 that is finished
Afterwards, terminal device can also obtain the corresponding password in local cipher space according to file encryption-decryption information, and then basis is got
The corresponding password in local cipher space, local cipher space is decrypted, local cipher space is opened, this is accessed for user
The local data protected the need for the encryption stored in ground encryption space.
If terminal device receives the local data protected the need for user accesses the encryption stored in local cipher space
Access request, terminal device can eject cipher authentication window, and the cipher authentication window may include to input password for user
Input frame, user is inputted after password in input frame, and terminal device can extract the password of user's input, and by the user of extraction
The clear crytpographic key that the password of input includes with file encryption-decryption information is compared, if identical, responds above-mentioned access request;
If differing, prompting message is exported, the prompting message is used to remind user cipher mistake.
After terminal device shows local cipher space, connect if default hardware identification equipment disconnects with terminal device
Connect, then the local cipher space for having shown that out will stash, user just can not see the local cipher space.
Step 104, terminate.
Step 105, terminate.
In a kind of implement scene, when authentication not by when, terminal device can also export prompting message, for carrying
The hardware identification equipment identities certification of awake user preset does not pass through, and end operation is then performed again.
Whether the data guard method of the identity-based certification provided using the embodiment of the present application, monitoring terminal equipment is connected
Default hardware identification equipment, if monitoring, the terminal device connects the default hardware identification equipment, according to described
Authentication information, carries out authentication to the default hardware identification equipment, if authentication passes through, is added according to the file
The corresponding local cipher space of presentation of information is decrypted, wherein, authentication information and text are included in the default hardware identification equipment
Part encryption and decryption information, the local cipher space, which is used to store, needs local data to be protected, the need local number to be protected
According to the local data to protect the need for after encryption, data are protected by the method for software and hardware combining, and in the prior art only
The method that data are encrypted is compared only with encryption software, the security of data guard method is improved.
It should be noted that in the embodiment of the present application, before using default hardware identification equipment, this can be preset
The initialization of hardware identification equipment so that the default hardware identification equipment possesses referred in the embodiment of the present application default hard
Part certification sets the function that possess.
In addition, in the embodiment of the present application, in order to improve be stored in after in local cipher space, encryption the need for protect
Local data security, the default hardware identification equipment is carried out according to the authentication information performing step 102
Authentication, final authentication according to the file encryption-decryption presentation of information and is opening corresponding local cipher by rear
Before space, terminal device can also carry out operations described below:
The face information of the currently used person of acquisition terminal equipment, and/or finger print information, and/or audio-frequency information, are determined
The human face similarity degree of the face information prestored in the face information and terminal device of the currently used person of the terminal device collected
More than the first default similarity threshold, and/or determine the finger print information collected and the finger print information prestored in terminal device
Fingerprint similarity be more than the second default similarity threshold, and/or determine the currently used person of the terminal device collected
The corresponding audio frequency characteristics of audio-frequency information are identical with the audio frequency characteristics prestored in terminal device.
Wherein, the first default similarity threshold and the second default similarity threshold can be set according to actual conditions, this
In no longer repeated.
The data guard method of the identity-based certification provided above for the embodiment of the present application, based on same thinking, sheet
Application also provides a kind of data protecting device of identity-based certification.
As shown in Fig. 2 a kind of structure of the data protecting device of the identity-based certification provided for the embodiment of the present application is shown
It is intended to, mainly including following apparatus:
Whether monitoring modular 21, default hardware identification equipment, the default hardware are connected for monitoring terminal equipment
Authentication information and file encryption-decryption information are included in authenticating device;
Authentication module 22, is monitoring that the terminal device connection is described default hard for the monitoring modular 21
During part authenticating device, according to the authentication information, authentication is carried out to the default hardware identification equipment;
Display module 23, for when the authentication module 22 gets the result that authentication passes through, according to institute
The corresponding local cipher space of file encryption-decryption presentation of information is stated, the local cipher space is used for storage need to be to be protected local
Data, it is described need to local data to be protected be the local data protected the need for after encryption.
In a kind of implement scene, described device also includes:
Acquisition module, gets after the result that authentication passes through for the authentication module 22, in display module
According to the file encryption-decryption presentation of information and open before corresponding local cipher space, gathering the current of the terminal device makes
The face information of user, and/or finger print information, and/or audio-frequency information;Then
In a kind of implement scene, described device also includes:
Determining module, face information and the end of the currently used person of the terminal device collected for determining
The human face similarity degree of the face information prestored in end equipment is more than the first default similarity threshold, and/or determines what is collected
The fingerprint similarity of finger print information of the finger print information with being prestored in the terminal device is more than the second default similarity threshold,
And/or determine the corresponding audio frequency characteristics of audio-frequency information and the terminal of the currently used person of the terminal device collected
The audio frequency characteristics prestored in equipment are identical.
In a kind of implement scene, the display module is used for:
According to the file encryption-decryption information, the disk drive file of encryption is decrypted, the disk after being decrypted
Drive file;
According to the disk drive file after the decryption, corresponding virtual disk space is shown.
Whether the data guard method of the identity-based certification provided using the embodiment of the present application, monitoring terminal equipment is connected
Default hardware identification equipment, if monitoring, the terminal device connects the default hardware identification equipment, according to described
Authentication information, carries out authentication to the default hardware identification equipment, if authentication passes through, is added according to the file
The corresponding local cipher space of presentation of information is decrypted, wherein, authentication information and text are included in the default hardware identification equipment
Part encryption and decryption information, the local cipher space, which is used to store, needs local data to be protected, the need local number to be protected
According to the local data to protect the need for after encryption, data are protected by the method for software and hardware combining, and in the prior art only
The method that data are encrypted is compared only with encryption software, the security of data guard method is improved.
It should be understood by those skilled in the art that, embodiments of the invention can be provided as method, system or computer program
Product.Therefore, the present invention can be using the reality in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Apply the form of example.Moreover, the present invention can be used in one or more computers for wherein including computer usable program code
The computer program production that usable storage medium is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
The form of product.
The present invention is the flow with reference to method according to embodiments of the present invention, equipment (system) and computer program product
Figure and/or block diagram are described.It should be understood that can be by every first-class in computer program instructions implementation process figure and/or block diagram
Journey and/or the flow in square frame and flow chart and/or block diagram and/or the combination of square frame.These computer programs can be provided
The processor of all-purpose computer, special-purpose computer, Embedded Processor or other programmable data processing devices is instructed to produce
A raw machine so that produced by the instruction of computer or the computing device of other programmable data processing devices for real
The device for the function of being specified in present one flow of flow chart or one square frame of multiple flows and/or block diagram or multiple square frames.
These computer program instructions, which may be alternatively stored in, can guide computer or other programmable data processing devices with spy
Determine in the computer-readable memory that mode works so that the instruction being stored in the computer-readable memory, which is produced, to be included referring to
Make the manufacture of device, the command device realize in one flow of flow chart or multiple flows and/or one square frame of block diagram or
The function of being specified in multiple square frames.
These computer program instructions can be also loaded into computer or other programmable data processing devices so that in meter
Series of operation steps is performed on calculation machine or other programmable devices to produce computer implemented processing, thus in computer or
The instruction performed on other programmable devices is provided for realizing in one flow of flow chart or multiple flows and/or block diagram one
The step of function of being specified in individual square frame or multiple square frames.
In a typical configuration, computing device includes one or more processors (CPU), input/output interface, net
Network interface and internal memory.
Internal memory potentially includes the volatile memory in computer-readable medium, random access memory (RAM) and/or
The forms such as Nonvolatile memory, such as read-only storage (ROM) or flash memory (flash RAM).Internal memory is computer-readable medium
Example.
Computer-readable medium includes permanent and non-permanent, removable and non-removable media can be by any method
Or technology come realize information store.Information can be computer-readable instruction, data structure, the module of program or other data.
The example of the storage medium of computer includes, but are not limited to phase transition internal memory (PRAM), static RAM (SRAM), moved
State random access memory (DRAM), other kinds of random access memory (RAM), read-only storage (ROM), electric erasable
Programmable read only memory (EEPROM), fast flash memory bank or other memory techniques, read-only optical disc read-only storage (CD-ROM),
Digital versatile disc (DVD) or other optical storages, magnetic cassette tape, the storage of tape magnetic rigid disk or other magnetic storage apparatus
Or any other non-transmission medium, the information that can be accessed by a computing device available for storage.Define, calculate according to herein
Machine computer-readable recording medium does not include temporary computer readable media (transitory media), such as data-signal and carrier wave of modulation.
It should also be noted that, term " comprising ", "comprising" or its any other variant are intended to nonexcludability
Comprising so that process, method, commodity or equipment including a series of key elements are not only including those key elements, but also wrap
Include other key elements being not expressly set out, or also include for this process, method, commodity or equipment intrinsic want
Element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that wanted including described
Also there is other identical element in process, method, commodity or the equipment of element.
It will be understood by those skilled in the art that embodiments herein can be provided as method, system or computer program product.
Therefore, the application can be using the embodiment in terms of complete hardware embodiment, complete software embodiment or combination software and hardware
Form.Deposited moreover, the application can use to can use in one or more computers for wherein including computer usable program code
The shape for the computer program product that storage media is implemented on (including but is not limited to magnetic disk storage, CD-ROM, optical memory etc.)
Formula.
Embodiments herein is the foregoing is only, the application is not limited to.For those skilled in the art
For, the application can have various modifications and variations.It is all any modifications made within spirit herein and principle, equivalent
Replace, improve etc., it should be included within the scope of claims hereof.
Claims (10)
1. a kind of data guard method of identity-based certification, it is characterised in that methods described includes:
Whether monitoring terminal equipment is connected in default hardware identification equipment, the default hardware identification equipment comprising certification letter
Breath and file encryption-decryption information;
If monitoring, the terminal device connects the default hardware identification equipment, according to the authentication information, to described
Default hardware identification equipment carries out authentication;
It is described locally to add according to the corresponding local cipher space of the file encryption-decryption presentation of information if authentication passes through
Close space, which is used to store, needs local data to be protected, it is described need to local data to be protected be the sheet protected the need for after encryption
Ground data.
2. the method as described in claim 1, it is characterised in that authentication is by rear, according to the file encryption-decryption information
Show and open before corresponding local cipher space, methods described also includes:
Gather the face information of the currently used person of the terminal device, and/or finger print information, and/or audio-frequency information;
The people prestored in the face information and the terminal device of determining the currently used person of the terminal device collected
The human face similarity degree of face information is more than the first default similarity threshold, and/or determines the finger print information collected and institute
The fingerprint similarity for stating the finger print information prestored in terminal device is more than the second default similarity threshold, and/or determines collection
To the terminal device currently used person the corresponding audio frequency characteristics of audio-frequency information and the terminal device in the sound that prestores
Frequency feature is identical.
3. the method as described in claim 1, it is characterised in that locally add according to the file encryption-decryption presentation of information is corresponding
Close space, including:
According to the file encryption-decryption information, the disk drive file of encryption is decrypted, the disk drive after being decrypted
File;
According to the disk drive file after the decryption, corresponding virtual disk space is shown.
4. the method as described in claim 1, it is characterised in that the local cipher space is created by following methods:
Whether monitoring terminal equipment connects default hardware identification equipment;
If monitoring, the terminal device connects the default hardware identification equipment, according to the authentication information, to described
Default hardware identification equipment carries out authentication;
If authentication passes through, encryption folder is created in disk is locally had;
By virtual disk mapping techniques, the encryption folder is mapped to encrypted virtual disk space;
According to the file encryption-decryption information, disk drive file corresponding to the virtual disk space is encrypted;
The encrypted virtual disk space is defined as the local cipher space.
5. the method as described in claim 1, it is characterised in that the default hardware device is USB Key.
6. the method as described in claim 1, it is characterised in that the local data protected the need for after the encryption is under
State method acquisition:
The AES included according to the file encryption-decryption information, to being protected in the local cipher space the need for storage
Local data be encrypted.
7. the method as described in claim 1, it is characterised in that the size in the local cipher space is that user specifies size.
8. a kind of data protecting device of identity-based certification, it is characterised in that described device includes:
Whether monitoring modular, default hardware identification equipment is connected for monitoring terminal equipment, and the default hardware identification is set
Authentication information and file encryption-decryption information are included in standby;
Authentication module, is monitoring that the terminal device connects the default hardware identification and set for the monitoring modular
When standby, according to the authentication information, authentication is carried out to the default hardware identification equipment;
Display module, for when the authentication module gets the result that authentication passes through, being added according to the file
The corresponding local cipher space of presentation of information is decrypted, the local cipher space, which is used to store, needs local data to be protected, institute
State the local data for needing local data to be protected to protect the need for after encryption.
9. device as claimed in claim 8, it is characterised in that described device also includes:
Acquisition module, gets after the result that authentication passes through for the authentication module, in display module according to institute
State file encryption-decryption presentation of information and open before corresponding local cipher space, gather the currently used person's of the terminal device
Face information, and/or finger print information, and/or audio-frequency information;Then
Described device also includes:
Determining module, face information and the terminal of the currently used person of the terminal device collected for determining are set
The human face similarity degree of the face information prestored in standby is more than the first default similarity threshold, and/or determines collect described
The fingerprint similarity of the finger print information prestored in finger print information and the terminal device is more than the second default similarity threshold, and/
Or determine that the corresponding audio frequency characteristics of audio-frequency information of the currently used person of the terminal device collected are set with the terminal
The audio frequency characteristics prestored in standby are identical.
10. device as claimed in claim 8, it is characterised in that the display module, is used for:
According to the file encryption-decryption information, the disk drive file of encryption is decrypted, the disk drive after being decrypted
File;
According to the disk drive file after the decryption, corresponding virtual disk space is shown.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710193341.9A CN107066868A (en) | 2017-03-28 | 2017-03-28 | A kind of data guard method and device of identity-based certification |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710193341.9A CN107066868A (en) | 2017-03-28 | 2017-03-28 | A kind of data guard method and device of identity-based certification |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107066868A true CN107066868A (en) | 2017-08-18 |
Family
ID=59621164
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710193341.9A Pending CN107066868A (en) | 2017-03-28 | 2017-03-28 | A kind of data guard method and device of identity-based certification |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107066868A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107392039A (en) * | 2017-09-22 | 2017-11-24 | 华北理工大学 | Computer hard disk data encrypting method and its device |
CN108573129A (en) * | 2018-03-06 | 2018-09-25 | 李明霞 | The anti-modification platform of intelligent computer file |
WO2020001078A1 (en) * | 2018-06-25 | 2020-01-02 | 湖南国科微电子股份有限公司 | Safe operation method and system for storage data |
CN113191778A (en) * | 2021-05-20 | 2021-07-30 | 中国农业银行股份有限公司 | Identity authentication method and identity authentication device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201607722U (en) * | 2009-12-28 | 2010-10-13 | 群丰科技股份有限公司 | Security type storage device and data security system |
CN102508792A (en) * | 2011-09-30 | 2012-06-20 | 广州尚恩科技有限公司 | Method for realizing secure access of data in hard disk |
CN103294941A (en) * | 2012-02-22 | 2013-09-11 | 腾讯科技(深圳)有限公司 | Method for accessing private space and mobile device |
CN103577761A (en) * | 2013-10-25 | 2014-02-12 | 北京奇虎科技有限公司 | Method and device for processing privacy data in mobile equipment |
CN104484625A (en) * | 2014-12-29 | 2015-04-01 | 北京明朝万达科技有限公司 | Computer with dual operating systems and implementation method thereof |
CN106326699A (en) * | 2016-08-25 | 2017-01-11 | 广东七洲科技股份有限公司 | Method for reinforcing server based on file access control and progress access control |
-
2017
- 2017-03-28 CN CN201710193341.9A patent/CN107066868A/en active Pending
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201607722U (en) * | 2009-12-28 | 2010-10-13 | 群丰科技股份有限公司 | Security type storage device and data security system |
CN102508792A (en) * | 2011-09-30 | 2012-06-20 | 广州尚恩科技有限公司 | Method for realizing secure access of data in hard disk |
CN103294941A (en) * | 2012-02-22 | 2013-09-11 | 腾讯科技(深圳)有限公司 | Method for accessing private space and mobile device |
CN103577761A (en) * | 2013-10-25 | 2014-02-12 | 北京奇虎科技有限公司 | Method and device for processing privacy data in mobile equipment |
CN104484625A (en) * | 2014-12-29 | 2015-04-01 | 北京明朝万达科技有限公司 | Computer with dual operating systems and implementation method thereof |
CN106326699A (en) * | 2016-08-25 | 2017-01-11 | 广东七洲科技股份有限公司 | Method for reinforcing server based on file access control and progress access control |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107392039A (en) * | 2017-09-22 | 2017-11-24 | 华北理工大学 | Computer hard disk data encrypting method and its device |
CN107392039B (en) * | 2017-09-22 | 2020-06-30 | 华北理工大学 | Computer hard disk data encryption method and device |
CN108573129A (en) * | 2018-03-06 | 2018-09-25 | 李明霞 | The anti-modification platform of intelligent computer file |
WO2020001078A1 (en) * | 2018-06-25 | 2020-01-02 | 湖南国科微电子股份有限公司 | Safe operation method and system for storage data |
KR20210024070A (en) * | 2018-06-25 | 2021-03-04 | 후난 고케 마이크로일렉트로닉스 컴퍼니 리미티드 | Safe operation method and system of stored data |
KR102450837B1 (en) | 2018-06-25 | 2022-10-04 | 후난 고케 마이크로일렉트로닉스 컴퍼니 리미티드 | Safe operation method and system of stored data |
CN113191778A (en) * | 2021-05-20 | 2021-07-30 | 中国农业银行股份有限公司 | Identity authentication method and identity authentication device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107147652B (en) | A kind of safety fusion authentication method of the polymorphic identity of user based on block chain | |
US9448949B2 (en) | Mobile data vault | |
CN110324143A (en) | Data transmission method, electronic equipment and storage medium | |
CN113536359B (en) | Personal health record privacy protection and access system and method based on blockchain | |
CN107171791A (en) | A kind of data encryption/decryption method and encrypting and deciphering system based on biological characteristic | |
CN107066868A (en) | A kind of data guard method and device of identity-based certification | |
CN105429761A (en) | Key generation method and device | |
EP3337088A1 (en) | Data encryption method, decryption method, apparatus, and system | |
CN105468940B (en) | Method for protecting software and device | |
CN107359998A (en) | A kind of foundation of portable intelligent password management system and operating method | |
CN109495252A (en) | Data ciphering method, device, computer equipment and storage medium | |
CN113541935B (en) | Encryption cloud storage method, system, equipment and terminal supporting key escrow | |
CN107092836A (en) | A kind of data guard method and device based on system encryption | |
CN207150607U (en) | A kind of data encrypting and deciphering system based on biological characteristic | |
US20200272759A1 (en) | Systems and methods for secure high speed data generation and access | |
US20150281188A1 (en) | Method and apparatus for cryptographic processing | |
CN104901810A (en) | Data encryption storage method based on domestic cryptographic algorithm | |
CN110771190A (en) | Controlling access to data | |
CN110401538A (en) | Data ciphering method, system and terminal | |
CN107609410A (en) | Android system data guard method, terminal device and storage medium based on HOOK | |
CN111008390A (en) | Root key generation protection method and device, solid state disk and storage medium | |
CN104639332A (en) | Protective method for solid-state disk encryption key | |
CN106650372A (en) | open method and device of administrator authority | |
CN108540486A (en) | The generation of cloud key and application method | |
CN110225014B (en) | Internet of things equipment identity authentication method based on fingerprint centralized issuing mode |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 100083 Beijing, Haidian District Xueyuan Road 30 days building A 20 floor Applicant after: Beijing Bang Bang Safety Technology Co. Ltd. Address before: 100083 Xueyuan Road, Haidian District, Haidian District, Beijing, Haidian District, Beijing Applicant before: Yangpuweiye Technology Limited |
|
CB02 | Change of applicant information | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170818 |
|
RJ01 | Rejection of invention patent application after publication |