CN102214283B - Virtual disk-based file protection system and method - Google Patents
Virtual disk-based file protection system and method Download PDFInfo
- Publication number
- CN102214283B CN102214283B CN2011102120127A CN201110212012A CN102214283B CN 102214283 B CN102214283 B CN 102214283B CN 2011102120127 A CN2011102120127 A CN 2011102120127A CN 201110212012 A CN201110212012 A CN 201110212012A CN 102214283 B CN102214283 B CN 102214283B
- Authority
- CN
- China
- Prior art keywords
- file
- sending out
- virtual disk
- outgoing
- outward
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention discloses a virtual disk-based file protection system. The system comprises an outgoing manufacturing module, an outgoing packaging module and an outgoing executive module, wherein the outgoing manufacturing module is positioned at a transmitting end and used for compressing and encrypting outgoing files to acquire an outgoing encrypted file set and setting the using right of the outgoing files to acquire an outgoing right control file; the outgoing packaging module is positioned at the transmitting end and used for packaging the outgoing encrypted file set and the outgoing right control file to generate executable outgoing packaged files; and the outgoing executive module is positioned at a receiving end and used for verifying the outgoing right control file in the executable outgoing packaged files, decrypting and decompressing the outgoing encrypted file set to a virtual disk which is generated by an outgoing virtual disk driving module to acquire the outgoing files if the outgoing right control file passes the verification, and stopping operation if the outgoing right control file does not pass the verification. The protection level is improved by the virtual disk, and the outgoing files are easy to make, so that users can easily and conveniently use the virtual disk-based file protection system.
Description
Technical field
The present invention relates to a kind of file protecting system based on virtual disk and method.
Background technology
In existing file transfer and protected mode utilization; often the mode of employing is as described below: the file use file that the transmission A of enterprise sends out outward needs is sent out terminal outward and is carried out the outgoing document making; at first be that software is opened in the appointment that then encrypt file arranges file; operating right; authorization information; the control information such as timeliness and it is also encrypted after be recorded in the file; then will use file to send out terminal processes outward crosses file and file and sends out terminal outward and send together other enterprise B; other enterprise B is sent out terminal and is opened by just being decrypted according to before designated software the outgoing document processed after authenticating having installed outside the file, and makes file carry out limiting operation according to its authority setting.In this manner, even being dealt into the file of enterprise outside outward loses in process of transmitting or reaches other enterprise and still be in later under a kind of security control, do not affect all normal uses of other file of other enterprise B, in this case, make the transmission A of enterprise can control user, rights of using, term of life and the number of times of these files.And then the technical information that these files are comprised can not spread by secondary, effectively guaranteed the secret safety of enterprise key technology.
Yet there are following defective in above-mentioned existing method or product: at first, need accompanying document to send out terminal outward during outgoing document and just can open outgoing document, outgoing document is larger and not terse; Secondly, use an outer terminal to make an outer operating process more loaded down with trivial details.
Summary of the invention
The object of the invention is to solve above-mentioned prior art outgoing document more terse, and the more loaded down with trivial details technical matters of manufacturing process.
For achieving the above object, the present invention adopts following technical scheme: a kind of file protecting system based on virtual disk, it comprises: outer sending out made module, be in transmitting terminal, the file that is used for externally sending out carries out compress-encrypt, send out the encrypt file collection outside obtaining, and the rights of using of the file of externally sending out arrange a control of authority file outside obtaining; The outer packetization module of sending out is in transmitting terminal, generates outer packaging file can carrying out type with sending out the encrypt file collection outward and sending out the packing of control of authority file outward; And send out execution module outward, be in receiving end, be used for outer the control of authority file that checking can be carried out outer packaging file of type, if checking is passed through, then will send out the close virtual disk with being decompressed to by outer apprehensive plan disk drive module generation of encrypt file collected explanations or commentaries outward, obtain the outer file of sending out; If checking is not passed through, then terminating operation.
Further, described a kind of file protecting system based on virtual disk also comprises: send out the HOOK control module outward, be in receiving end, be used for adopting the HOOK technology, after the file of sending out is outside carried out, HOOK is inserted in the process of the outer file of sending out.
Further, send out execution module outward and also be used for, after the closing of a file of outside executed, sending out, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.
Further, the outer execution module of sending out also is used for, after the closing of a file in executed file, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
A kind of document protection method based on virtual disk, it comprises:
The file of externally sending out carries out compress-encrypt, obtains the outer encrypt file collection of sending out;
The rights of using of the file of externally sending out arrange, and obtain the outer control of authority file of sending out;
Generate outer packaging file carrying out type with sending out the encrypt file collection outward and sending out the packing of control of authority file outward;
The outer control of authority file of sending out of checking if checking is passed through, then generates the virtual disk of hiding, and will send out the encrypt file collected explanations or commentaries outward close and be decompressed to virtual disk, obtains the outer file of sending out; If checking is not passed through, then terminating operation.
Further, pass through in described checking, the virtual disk of then generate hiding will be sent out the encrypt file collected explanations or commentaries outward close and be decompressed to virtual disk, obtain also comprising after the step of the outer file of sending out:
Carry out the outer file of sending out; Adopt the HOOK technology, HOOK is inserted in the process of the outer file of sending out.
Further, in described employing HOOK technology, after the step in the process of the outer file of sending out of HOOK insertion, also comprise:
Close the executed outer file of sending out, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.
Further, outer file in the file step that described execution is sent out outward is file, then in described employing HOOK technology, after the step in the process of the outer file of sending out of HOOK insertion, also comprises:
Close a file in the executed file, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
Further, the step that the rights of using of described external file arrange specifically comprises: operating right, authorization information, the Use Limitation of the file of externally sending out arrange.
Beneficial effect of the present invention is: technical solution of the present invention adopts the mode of virtual disk, and outgoing document is stored in the sightless virtual disk, improves degree of protection, prevents that effectively file from divulging a secret.In addition, the documenting that the present invention will send out outward becomes the single packing outgoing document that can carry out type (.exe), as long as this is sent to the user, the user can open, and manufacturing process is simple, and the user uses simple and convenient, and packaging file is less, and terse being convenient to transmitted.
Description of drawings
Fig. 1 is the embodiment module diagram of a kind of file protecting system based on virtual disk of the present invention;
Fig. 2 is the embodiment schematic flow sheet of a kind of document protection method based on virtual disk of the present invention.
Embodiment
Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing.
See also Fig. 1, it is the embodiment module diagram of a kind of file protecting system based on virtual disk of the present invention.
A kind of file protecting system based on virtual disk of the present invention, it comprises: outer send out make module (LdManager.exe) 11, outward send out packetization module (LdCab.exe) 12, outward send out execution module (Ldx.exe) 13, outward send out HOOK control module (LdSysCtrl.dll) 14, outer apprehensive plan disk drive module (LdDisk.sys) 15, send out control of authority file (LdCab.ldx) 16 and the outer encrypt file collection (LdCab.dat) 17 of sending out outward.
Wherein, outer sending out made module 11, is in transmitting terminal, and the file that is used for externally sending out carries out compress-encrypt, obtains the outer encrypt file collection 17 of sending out.In addition, the outer making module 11 of sending out also arranges for the rights of using of the file of externally sending out, and is recorded to an outer control of authority file 16.The rights of using of described external file arrange, and specifically comprise: the control informations such as the operating right of the file of externally sending out, authorization information, Use Limitation arrange.
The outer packetization module 12 of sending out, be in transmitting terminal, called by the outer making module 11 of sending out, its be used for sending out outward encrypt file collection 17, outward send out control of authority file 16, outward send out execution module 13, send out HOOK control module 14 outward, outer apprehensive plan disk drive module 15 is written to the outer file of sending out packetization module 12, packing generates an outer packaging file can carrying out type (.exe).
Outer the packaging file that transmitting terminal can be carried out type sends to receiving end.
At receiving end, send out outward packetization module 12 will transmitting terminal make the packing outer packaging file be discharged under the catalogue.
Outer apprehensive plan disk drive module 15 is in receiving end this moment, is used for generating the virtual disk of hiding.
The outer execution module 13 of sending out, be in receiving end this moment, be used for the outer control of authority file 16 of sending out of checking, particularly, the control informations such as the operating right of the file of externally sending out, authorization information, Use Limitation are verified, if checking is passed through, then will send out the close virtual disk with being decompressed to by outer apprehensive plan disk drive module 15 generations of encrypt file collected explanations or commentaries outward, obtain the outer file of sending out; If checking is not passed through, terminating operation then, deletion is outer to be sent out packetization module 12 and is discharged into file under the catalogue, and further, when surpassing the outer number of operations that control of authority file 16 is arranged of sending out, then self-deletion can be carried out outer packaging file of type.
It should be noted that sending out outside execution module 13 verifies, and after checking passed through, deciphering and outer the file obtaining that decompresses were single file or file.If the outer file of sending out is single file, then can after deciphering and decompressing, directly carry out, such as opening file.If the outer file of sending out is file, then use the mode of " explorer ", list file, carry out again.
Pass through in checking, and obtain sending out HOOK control module 14 outward after the outer file of sending out, be in receiving end, be used for adopting the HOOK technology, after the file of sending out is outside carried out, HOOK is inserted in the process of the outer file of sending out.
In addition, file for outer is the form of single file, the outer execution module 13 of sending out also is used for, after the closing of a file of outside executed, sending out, according to the outer control of authority file 16 of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.File for outer is the form of file, the outer execution module 13 of sending out also is used for, after the closing of a file in executed file, according to the outer control of authority file 16 of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
The corresponding a kind of document protection method based on virtual disk of the embodiment of a kind of file protecting system based on virtual disk of above-mentioned the present invention, specific as follows described:
See also Fig. 2, it is the embodiment schematic flow sheet of a kind of document protection method based on virtual disk of the present invention.
Step S1, the file of externally sending out carry out compress-encrypt, obtain the outer encrypt file collection 17 of sending out;
The control informations such as the operating right of step S2, the external file of sending out, authorization information, Use Limitation arrange, and are recorded to (perhaps obtaining) outer control of authority file 16 of sending out;
Step S3, will send out encrypt file collection 17 outward and send out control of authority file 16 packing outward and generate an outer packaging file carrying out type (.exe), send packaging file;
Step S4, receive packaging file, the outer control of authority file 16 of sending out of checking is if execution in step S5 is then passed through in checking; If checking is not passed through, then execution in step S10;
The virtual disk that step S5, generation are hidden;
Step S6, will send out encrypt file collection 17 deciphering outward and be decompressed to virtual disk, obtain the outer file of sending out;
Step S7, the outer file of sending out of execution;
Step S8, adopt the HOOK technology, HOOK is inserted in the process of the outer file of sending out, the restriction screenshotss, the operation such as copy, print, save as;
Step S9, close the executed outer file of sending out, judge whether to allow to revise according to the outer control of authority file 16 of sending out, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.Above-mentioned steps S9 for outer file be single file; If outgoing document is a file, the described employing of step S8 HOOK technology then, after the step in the process of the outer file of sending out of HOOK insertion, also comprise: close a file in the executed file, according to the outer control of authority file 16 of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file;
Step S10, terminating operation;
Step S11, the number of operations that a control of authority file 16 is arranged outside surpassing, then self-deletion can be carried out outer packaging file of type.
Adopt the mode of file encryption compared to prior art; send out terminal outward and file is operated and protect by a file is installed; technical solution of the present invention adopts the mode of virtual disk, outgoing document is stored in the sightless virtual disk, and controls various file operations and prevent that file from divulging a secret.In addition, the documenting that existing mode will be sent out outward becomes an outgoing document, but need to send two files when sending, one is outgoing document, another is that file is sent out terminal outward, the documenting that the present invention will send out outward becomes the single packing outgoing document that can carry out type (.exe), as long as this is sent to the user, the user can open.
In addition, when adopting the mode protected file security of virtual disk, in conjunction with the HOOK technology operating right of file is controlled, realized the anti-secondary diffusion technique of outgoing document.
Here description of the invention and application is illustrative, is not to want with scope restriction of the present invention in the above-described embodiments.Here the distortion of disclosed embodiment and change is possible, and the various parts of the replacement of embodiment and equivalence are known for those those of ordinary skill in the art.Those skilled in the art are noted that in the situation that do not break away from spirit of the present invention or essential characteristic, and the present invention can be with other form, structure, layout, ratio, and realize with other assembly, material and parts.In the situation that do not break away from the scope of the invention and spirit, can carry out other distortion and change to disclosed embodiment here.
Claims (9)
1. the file protecting system based on virtual disk is characterized in that, comprising: outer sending out made module, be in transmitting terminal, the file that is used for externally sending out carries out compress-encrypt, obtains the outer encrypt file collection of sending out, and the rights of using of the file of externally sending out arrange a control of authority file outside obtaining; The outer packetization module of sending out is in transmitting terminal, generates outer packaging file can carrying out type with sending out the encrypt file collection outward and sending out the packing of control of authority file outward; And send out execution module outward, be in receiving end, be used for checking and can carry out outer control of authority file of outer packaging file of type, if checking is passed through, then will send out the close virtual disk of hiding with being decompressed to by outer apprehensive plan disk drive module generation of encrypt file collected explanations or commentaries outward, obtain the outer file of sending out; If checking is not passed through, then terminating operation.
2. a kind of file protecting system based on virtual disk according to claim 1 is characterized in that, also comprises: send out the HOOK control module outward; be in receiving end; be used for adopting the HOOK technology, after the file of sending out is outside carried out, HOOK inserted in the process of the outer file of sending out.
3. a kind of file protecting system based on virtual disk according to claim 2; it is characterized in that; the outer execution module of sending out also is used for; after the closing of a file of outside executed, sending out; according to the outer control of authority file of sending out, judge whether to allow to revise, if allow; then amended file is put back to virtual disk, then withdraw from the outer file of sending out.
4. a kind of file protecting system based on virtual disk according to claim 2; it is characterized in that; the described outer file of sending out is file, sends out execution module outward and also is used for, after the closing of a file in executed file; according to the outer control of authority file of sending out; judge whether to allow to revise, if allow, then amended file is put back to virtual disk; then withdraw from the outer file of sending out, and close the alternative document in the executed file.
5. the document protection method based on virtual disk is characterized in that, comprising:
The file of externally sending out carries out compress-encrypt, obtains the outer encrypt file collection of sending out;
The rights of using of the file of externally sending out arrange, and obtain the outer control of authority file of sending out;
Generate outer packaging file carrying out type with sending out the encrypt file collection outward and sending out the packing of control of authority file outward;
The outer control of authority file of sending out of checking if checking is passed through, then generates the virtual disk of hiding, and will send out the encrypt file collected explanations or commentaries outward close and be decompressed to virtual disk, obtains the outer file of sending out; If checking is not passed through, then terminating operation.
6. a kind of document protection method based on virtual disk according to claim 5, it is characterized in that, pass through in described checking, then generate the virtual disk of hiding, to send out the encrypt file collected explanations or commentaries outward close and be decompressed to virtual disk, obtain also comprising after the step of the outer file of sending out: carry out the outer file of sending out; Adopt the HOOK technology, HOOK is inserted in the process of the outer file of sending out.
7. a kind of document protection method based on virtual disk according to claim 6 is characterized in that, in described employing HOOK technology, after the step in the process of the outer file of sending out of HOOK insertion, also comprises:
Close the executed outer file of sending out, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.
8. a kind of document protection method based on virtual disk according to claim 6; it is characterized in that; outer file in the file step that described execution is sent out outward is file; then in described employing HOOK technology; after the step in the process of the outer file of sending out of HOOK insertion; also comprise: close a file in the executed file; according to the outer control of authority file of sending out; judge whether to allow to revise; if allow; then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
9. a kind of document protection method based on virtual disk according to claim 5; it is characterized in that; the step that the rights of using of described external file arrange specifically comprises: operating right, authorization information, the Use Limitation of the file of externally sending out arrange.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102120127A CN102214283B (en) | 2011-07-27 | 2011-07-27 | Virtual disk-based file protection system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102120127A CN102214283B (en) | 2011-07-27 | 2011-07-27 | Virtual disk-based file protection system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102214283A CN102214283A (en) | 2011-10-12 |
| CN102214283B true CN102214283B (en) | 2013-01-30 |
Family
ID=44745585
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102120127A Active CN102214283B (en) | 2011-07-27 | 2011-07-27 | Virtual disk-based file protection system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102214283B (en) |
Families Citing this family (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103441923B (en) * | 2013-08-27 | 2016-09-28 | 北京明朝万达科技股份有限公司 | A kind of Implementation of File Transfer method and apparatus based on network application software |
| CN103413100B (en) * | 2013-08-30 | 2016-09-07 | 国家电网公司 | File security protection system |
| CN103561091A (en) * | 2013-10-31 | 2014-02-05 | 上海上讯信息技术有限公司 | Document outgoing control system and method |
| CN104270377B (en) * | 2014-10-13 | 2017-12-01 | 深圳市星辰帷幄信息技术有限公司 | Document outgoing safety general system and method |
| CN104601548A (en) * | 2014-12-24 | 2015-05-06 | 深圳市大成天下信息技术有限公司 | Generation method and device of encrypted file and computing equipment |
| CN104715209B (en) * | 2015-04-03 | 2017-08-01 | 山东华软金盾软件股份有限公司 | A kind of outgoing document encryption protecting method |
| CN105786521B (en) * | 2016-03-18 | 2020-05-19 | 山东华软金盾软件股份有限公司 | File outgoing protection method and device |
| CN107483462B (en) * | 2017-08-30 | 2020-02-14 | 厦门天锐科技股份有限公司 | Operation authority management system and method of outgoing USB flash disk |
| CN110955381B (en) * | 2018-09-26 | 2023-12-26 | 山东华软金盾软件股份有限公司 | Device and method for compressing file outgoing package |
| CN115033907B (en) * | 2022-07-19 | 2022-11-01 | 北京护城河科技有限公司 | Data interaction method, system, device and storage medium |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5748738A (en) * | 1995-01-17 | 1998-05-05 | Document Authentication Systems, Inc. | System and method for electronic transmission, storage and retrieval of authenticated documents |
| CN1527249A (en) * | 2003-09-25 | 2004-09-08 | 南京邮电学院 | Quick enciphering method and device for wavelet image |
| CN1538632A (en) * | 2003-04-15 | 2004-10-20 | 栗宏刚 | Intelligent mobile identification method based on blue teeth technology and its application |
-
2011
- 2011-07-27 CN CN2011102120127A patent/CN102214283B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5748738A (en) * | 1995-01-17 | 1998-05-05 | Document Authentication Systems, Inc. | System and method for electronic transmission, storage and retrieval of authenticated documents |
| CN1538632A (en) * | 2003-04-15 | 2004-10-20 | 栗宏刚 | Intelligent mobile identification method based on blue teeth technology and its application |
| CN1527249A (en) * | 2003-09-25 | 2004-09-08 | 南京邮电学院 | Quick enciphering method and device for wavelet image |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102214283A (en) | 2011-10-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102214283B (en) | Virtual disk-based file protection system and method | |
| JP4916512B2 (en) | Copy digital content between content protection systems | |
| KR100946042B1 (en) | Tamper-resistant trusted virtual machine | |
| US8966580B2 (en) | System and method for copying protected data from one secured storage device to another via a third party | |
| JP5097130B2 (en) | Information terminal, security device, data protection method, and data protection program | |
| CN103488954B (en) | A kind of file encryption system | |
| CN104331644A (en) | Transparent encryption and decryption method for intelligent terminal file | |
| CN108718233B (en) | Encryption method, computer equipment and storage medium | |
| WO2013044709A1 (en) | Protection method and system for java source code | |
| KR20090101945A (en) | Upgrading a memory card that has security mechanisms that prevent copying of secure content and applications | |
| CN111709038A (en) | File encryption and decryption method, distributed storage system, equipment and storage medium | |
| CN102334124A (en) | File protection method and device | |
| KR20110093468A (en) | User terminal device, server and control method thereof | |
| US20210367776A1 (en) | Trusted execution environment-based key burning system and method | |
| CN106533663B (en) | Data ciphering method, encryption method, apparatus and data decryption method, decryption method, apparatus | |
| CN101441601A (en) | Ciphering transmission method of hard disk ATA instruction | |
| TW201530344A (en) | Application program access protection method and application program access protection device | |
| CN103294969A (en) | File system mounting method and file system mounting device | |
| JP2007233426A (en) | Application execution device | |
| CN103207976B (en) | Mobile storage file prevents the method for divulging a secret and the secret USB flash disk based on the method | |
| CN109168085B (en) | Hardware protection method for video stream of equipment client | |
| CN102111321A (en) | Encryption/decryption chip drive method used for VPN | |
| CN108563927A (en) | A kind of packaging ciphering method of host upgrading software | |
| CN100472391C (en) | License information management apparatus and license information management method | |
| TW201220124A (en) | Protection method, decryption method, player, storage medium, and encryption apparatus of digital content |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: Siming District of Xiamen City, Fujian province 361000 innovation building torch hi tech Zone Software Park B District 7FA unit Patentee after: Xiamen Tipray Technology Co., Ltd. Address before: Siming District of Xiamen City, Fujian province 361000 Xiamen torch high tech Development Zone Software Park Science Building 7F-C, E Patentee before: Xiamen Tipray Technology Co.,Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Virtual disk-based file protection system and method Effective date of registration: 20190715 Granted publication date: 20130130 Pledgee: Xiamen finance Company limited by guarantee Pledgor: Xiamen Tipray Technology Co., Ltd. Registration number: 2019990000715 |