Summary of the invention
The object of the invention is to solve above-mentioned prior art outgoing document more terse, and the more loaded down with trivial details technical matters of manufacturing process.
For achieving the above object, the present invention adopts following technical scheme: a kind of file protecting system based on virtual disk, it comprises: outer sending out made module, be in transmitting terminal, the file that is used for externally sending out carries out compress-encrypt, send out the encrypt file collection outside obtaining, and the rights of using of the file of externally sending out arrange a control of authority file outside obtaining; The outer packetization module of sending out is in transmitting terminal, generates outer packaging file can carrying out type with sending out the encrypt file collection outward and sending out the packing of control of authority file outward; And send out execution module outward, be in receiving end, be used for outer the control of authority file that checking can be carried out outer packaging file of type, if checking is passed through, then will send out the close virtual disk with being decompressed to by outer apprehensive plan disk drive module generation of encrypt file collected explanations or commentaries outward, obtain the outer file of sending out; If checking is not passed through, then terminating operation.
Further, described a kind of file protecting system based on virtual disk also comprises: send out the HOOK control module outward, be in receiving end, be used for adopting the HOOK technology, after the file of sending out is outside carried out, HOOK is inserted in the process of the outer file of sending out.
Further, send out execution module outward and also be used for, after the closing of a file of outside executed, sending out, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.
Further, the outer execution module of sending out also is used for, after the closing of a file in executed file, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
A kind of document protection method based on virtual disk, it comprises:
The file of externally sending out carries out compress-encrypt, obtains the outer encrypt file collection of sending out;
The rights of using of the file of externally sending out arrange, and obtain the outer control of authority file of sending out;
Generate outer packaging file carrying out type with sending out the encrypt file collection outward and sending out the packing of control of authority file outward;
The outer control of authority file of sending out of checking if checking is passed through, then generates the virtual disk of hiding, and will send out the encrypt file collected explanations or commentaries outward close and be decompressed to virtual disk, obtains the outer file of sending out; If checking is not passed through, then terminating operation.
Further, pass through in described checking, the virtual disk of then generate hiding will be sent out the encrypt file collected explanations or commentaries outward close and be decompressed to virtual disk, obtain also comprising after the step of the outer file of sending out:
Carry out the outer file of sending out; Adopt the HOOK technology, HOOK is inserted in the process of the outer file of sending out.
Further, in described employing HOOK technology, after the step in the process of the outer file of sending out of HOOK insertion, also comprise:
Close the executed outer file of sending out, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.
Further, outer file in the file step that described execution is sent out outward is file, then in described employing HOOK technology, after the step in the process of the outer file of sending out of HOOK insertion, also comprises:
Close a file in the executed file, according to the outer control of authority file of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
Further, the step that the rights of using of described external file arrange specifically comprises: operating right, authorization information, the Use Limitation of the file of externally sending out arrange.
Beneficial effect of the present invention is: technical solution of the present invention adopts the mode of virtual disk, and outgoing document is stored in the sightless virtual disk, improves degree of protection, prevents that effectively file from divulging a secret.In addition, the documenting that the present invention will send out outward becomes the single packing outgoing document that can carry out type (.exe), as long as this is sent to the user, the user can open, and manufacturing process is simple, and the user uses simple and convenient, and packaging file is less, and terse being convenient to transmitted.
Embodiment
Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing.
See also Fig. 1, it is the embodiment module diagram of a kind of file protecting system based on virtual disk of the present invention.
A kind of file protecting system based on virtual disk of the present invention, it comprises: outer send out make module (LdManager.exe) 11, outward send out packetization module (LdCab.exe) 12, outward send out execution module (Ldx.exe) 13, outward send out HOOK control module (LdSysCtrl.dll) 14, outer apprehensive plan disk drive module (LdDisk.sys) 15, send out control of authority file (LdCab.ldx) 16 and the outer encrypt file collection (LdCab.dat) 17 of sending out outward.
Wherein, outer sending out made module 11, is in transmitting terminal, and the file that is used for externally sending out carries out compress-encrypt, obtains the outer encrypt file collection 17 of sending out.In addition, the outer making module 11 of sending out also arranges for the rights of using of the file of externally sending out, and is recorded to an outer control of authority file 16.The rights of using of described external file arrange, and specifically comprise: the control informations such as the operating right of the file of externally sending out, authorization information, Use Limitation arrange.
The outer packetization module 12 of sending out, be in transmitting terminal, called by the outer making module 11 of sending out, its be used for sending out outward encrypt file collection 17, outward send out control of authority file 16, outward send out execution module 13, send out HOOK control module 14 outward, outer apprehensive plan disk drive module 15 is written to the outer file of sending out packetization module 12, packing generates an outer packaging file can carrying out type (.exe).
Outer the packaging file that transmitting terminal can be carried out type sends to receiving end.
At receiving end, send out outward packetization module 12 will transmitting terminal make the packing outer packaging file be discharged under the catalogue.
Outer apprehensive plan disk drive module 15 is in receiving end this moment, is used for generating the virtual disk of hiding.
The outer execution module 13 of sending out, be in receiving end this moment, be used for the outer control of authority file 16 of sending out of checking, particularly, the control informations such as the operating right of the file of externally sending out, authorization information, Use Limitation are verified, if checking is passed through, then will send out the close virtual disk with being decompressed to by outer apprehensive plan disk drive module 15 generations of encrypt file collected explanations or commentaries outward, obtain the outer file of sending out; If checking is not passed through, terminating operation then, deletion is outer to be sent out packetization module 12 and is discharged into file under the catalogue, and further, when surpassing the outer number of operations that control of authority file 16 is arranged of sending out, then self-deletion can be carried out outer packaging file of type.
It should be noted that sending out outside execution module 13 verifies, and after checking passed through, deciphering and outer the file obtaining that decompresses were single file or file.If the outer file of sending out is single file, then can after deciphering and decompressing, directly carry out, such as opening file.If the outer file of sending out is file, then use the mode of " explorer ", list file, carry out again.
Pass through in checking, and obtain sending out HOOK control module 14 outward after the outer file of sending out, be in receiving end, be used for adopting the HOOK technology, after the file of sending out is outside carried out, HOOK is inserted in the process of the outer file of sending out.
In addition, file for outer is the form of single file, the outer execution module 13 of sending out also is used for, after the closing of a file of outside executed, sending out, according to the outer control of authority file 16 of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.File for outer is the form of file, the outer execution module 13 of sending out also is used for, after the closing of a file in executed file, according to the outer control of authority file 16 of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file.
The corresponding a kind of document protection method based on virtual disk of the embodiment of a kind of file protecting system based on virtual disk of above-mentioned the present invention, specific as follows described:
See also Fig. 2, it is the embodiment schematic flow sheet of a kind of document protection method based on virtual disk of the present invention.
Step S1, the file of externally sending out carry out compress-encrypt, obtain the outer encrypt file collection 17 of sending out;
The control informations such as the operating right of step S2, the external file of sending out, authorization information, Use Limitation arrange, and are recorded to (perhaps obtaining) outer control of authority file 16 of sending out;
Step S3, will send out encrypt file collection 17 outward and send out control of authority file 16 packing outward and generate an outer packaging file carrying out type (.exe), send packaging file;
Step S4, receive packaging file, the outer control of authority file 16 of sending out of checking is if execution in step S5 is then passed through in checking; If checking is not passed through, then execution in step S10;
The virtual disk that step S5, generation are hidden;
Step S6, will send out encrypt file collection 17 deciphering outward and be decompressed to virtual disk, obtain the outer file of sending out;
Step S7, the outer file of sending out of execution;
Step S8, adopt the HOOK technology, HOOK is inserted in the process of the outer file of sending out, the restriction screenshotss, the operation such as copy, print, save as;
Step S9, close the executed outer file of sending out, judge whether to allow to revise according to the outer control of authority file 16 of sending out, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out.Above-mentioned steps S9 for outer file be single file; If outgoing document is a file, the described employing of step S8 HOOK technology then, after the step in the process of the outer file of sending out of HOOK insertion, also comprise: close a file in the executed file, according to the outer control of authority file 16 of sending out, judge whether to allow to revise, if allow, then amended file is put back to virtual disk, then withdraw from the outer file of sending out, and close the alternative document in the executed file;
Step S10, terminating operation;
Step S11, the number of operations that a control of authority file 16 is arranged outside surpassing, then self-deletion can be carried out outer packaging file of type.
Adopt the mode of file encryption compared to prior art; send out terminal outward and file is operated and protect by a file is installed; technical solution of the present invention adopts the mode of virtual disk, outgoing document is stored in the sightless virtual disk, and controls various file operations and prevent that file from divulging a secret.In addition, the documenting that existing mode will be sent out outward becomes an outgoing document, but need to send two files when sending, one is outgoing document, another is that file is sent out terminal outward, the documenting that the present invention will send out outward becomes the single packing outgoing document that can carry out type (.exe), as long as this is sent to the user, the user can open.
In addition, when adopting the mode protected file security of virtual disk, in conjunction with the HOOK technology operating right of file is controlled, realized the anti-secondary diffusion technique of outgoing document.
Here description of the invention and application is illustrative, is not to want with scope restriction of the present invention in the above-described embodiments.Here the distortion of disclosed embodiment and change is possible, and the various parts of the replacement of embodiment and equivalence are known for those those of ordinary skill in the art.Those skilled in the art are noted that in the situation that do not break away from spirit of the present invention or essential characteristic, and the present invention can be with other form, structure, layout, ratio, and realize with other assembly, material and parts.In the situation that do not break away from the scope of the invention and spirit, can carry out other distortion and change to disclosed embodiment here.