摘要
应用层加密系统在实际的应用中一般要求用户在访问文件前手动进行加解密操作,有些系统中文件正常使用时必须以明文形式存储在磁盘上.基于文件系统驱动的加密文件系统减少了用户的参与操作,同时保证了磁盘上文件处于加密状态,但是其在设计与实现上较为复杂.针对上述方法存在的问题,本文采用W indow s NT内核操作系统的驱动框架,基于文件系统过滤驱动技术实现对数据进行透明加解密.通过这种方法不仅解决了应用层加密系统存在的不足,与加密文件系统相比开发实现较简单灵活.另外使用智能卡作为加解密密钥的存储容器,进一步增强整个系统的安全性.
User-mode encryption systems require users manually do encryption or decryption when they want to access a file, in some of those systems the file may reside in cleartext on disk while the user is actively working on it. Encryption file systems decrease the user interaction and guarantee the files in disk is in cipher-text ,but those systems are complex in design and real- ization. In this paper the encryption system is based on Windows NT driver model and file system filter driver to deal with data on the fly. It overcomes the disadvantages of both user-mode encryption systems and encryption file systems. Additionally, through storing the encryption key in the smart card the system security is enhanced.
出处
《小型微型计算机系统》
CSCD
北大核心
2007年第7期1181-1184,共4页
Journal of Chinese Computer Systems
关键词
文件系统过滤驱动
加密
解密
智能卡
file system filter driver
encryption
decryption
smart card
