基于操作系统核心层的文档保护  被引量：1

作　　者：刘佳 刘昕 高澜 宋国正 LIU Jia;LIU Xin;GAO Lan;SONG Guo-zheng(Huazhong Electric Power Technology Development Co., Ltd., State Grid Hubei Electric Power Co., Ltd., Wuhan 430071, China;Xianning Power Supply Company, State Grid Hubei Electric a, Power Co., Ltd., XianNing 437100, China)

机构地区：[1]国网湖北省电力有限公司湖北华中电力科技开发有限责任公司,湖北武汉430071 [2]咸宁供电公司,湖北咸宁437100

出　　处：《电力信息与通信技术》2018年第5期30-34,共5页Electric Power Information and Communication Technology

摘　　要：传统基于Windows操作系统的电子文档保护通常在操作系统的用户层(R3层)进行加密运算,密码算法常基于DES、3DES、RC4等对称加密算法,读写过程通常是调用Windows R3层API的接口函数,其文件I/O指向或输出方式容易暴露文件路径遭到黑客利用,导致数据泄漏或破坏,为此提出了一种更加安全的电子文档保护方法,即基于操作系统核心层的文档安全保护系统。该系统采用文件微过滤驱动技术、文件重定向技术将文档的读写操作控制在驱动层面、利用双向数据通信技术建立核心层(R0层)与USBKEY驱动层的运算通道,将"权限-进程-文档"三者"强粘连"在一起。与传统的文档保护方法相比,该方法的文档读写运算需要依赖外部介质,加解密过程在USBKEY中进行,结果输出更安全,流转更可靠。适用于对电子文件保护级别更高的企事业单位、政府等部门。The traditional electronic document protection based on Windows operating system is usually encrypted at the user layer R3 of the operating system., cryptographic algorithms are usually based on symmetric encryption algorithms such as DES,3 DES,RC4, and the reading and writing process is usually based on calling the interface function of Windows R3 layer API. Its file I/O direction or output mode is easy to expose the file path to be exploited by hackers, resulting in data disclosure or destruction.This paper presents a more secure electronic document protection method of document security protection system operating system based on the core layer. The system uses file filter driver technology, file redirection technology to control document read-write operation in the drive level,. Through the establishment of calculation channel between core layer（R0） and USBKEY driver operation channel layer using the bidirectional data communication technology, ＂privilege-process-document＂ are all ＂strongly glued＂ together. Compared with the traditional document protection method, the document read and write operation of this method relies on external media, and the encryption and decryption process is carried out in USBKEY. The output is safer and the flow is more reliable. It is applicable to enterprises and institutions, government and other departments with higher level of protection of electronic documents.

关 键 词：电子文档保护 国密算法 透明加解密 虚拟磁盘 USBKEY 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]