面向SAP系统的透明加解密方法

Transparent encryption and decryption methods for systems applications and products in data pocessing

针对广泛应用于国内的企业资源计划(ERP)商用管理软件——数据处理系统应用与产品(SAP)系统存在的本地文件导出安全性问题,建立高度匹配于SAP系统特点及特定进程的文件透明加解密系统,在驱动层针对SAP系统关联的特定进程涉及的新建、读、写文件等操作进行捕获,通过卷上下文与流上下文提取缓存信息,依据所捕获的文件操作类型,完成不同的缓存置换;在应用层实现密钥的获取与分发。同时实现了文件透明加解密系统的客户化定制,通过配置可以实现对SAP系统特定进程,导出文件类型甚至特定文件的指定。实验结果表明,该系统在对用户无干扰无需人工介入的前提下,能自动与SAP系统无缝对接,对导出文件透明加解密,并限定导出文件仅能在本地计算机中使用;最终有效地与SAP系统本身自带的用户名登录、权限管控等安全控制机制整合联动,完善了SAP系统在外部商业数据输出安全性管控上的缺失,提升企业对商业数据安全使用、输出的管控及保障能力。

For the national widely applied famous Enterprise Resource Planning （ ERP ） software system – Systems Applications and Products in data processing （ SAP） , against the existing outstanding local file exporting security problem, a transparent encryption and decryption file system was established according to SAP system characteristic and specific process. Operations of file creation, read and write within specific process in the driver layer were successfully captured by the transparent encryption and decryption file system, cache information of both volume up and low context and flow up and low context were also correctly extracted. Based on the captured operation type, cache replacement automation function was successfully achieved according to predefined rules. Additionally, in the application layer, security key’s automatic acquisition and distribution was successfully realized. The system supported user customization, where configuration and definition of file export action within specific SAP process, specific file type and even specific file were strongly supported. The experimental results prove that, the system successfully realizes automatic control of file exportation and exported file application on local termination without any interruption or additional manual action required. In addition, system also sufficiently integrate file transparent encryption and decryption function with SAP system local security control mechanism, such as user name logon and authority control, enhances the missing security control on SAP external business data exportation, fully improves enterprise control and management ability on safe application and exportation of business data.