The Research Of Secure Data Storage Based On CryptoAPI And File System Filter Driver Technology

In recent years, along with the upgrading of computer storage devices, storage technology is increasing, not only storage device in the rapid growth in storage capacity, devices read and write speed has also been greatly improved. If you can't guarantee the security of stored data, resulting in the theft or destruction of stored data, will significantly affect the data owner. Therefore, in this context, storage security as an urgent requirement for all computer users, has now also developed a wide range of data security storage solutions..It is widely used in file encryption software is application-layer encryption. Users of the need for confidentiality through encryption software to encrypt the file, and then stored on disk; the need to read or modify files, decrypt the file before processing is complete and then the file is encrypted and stored. This encryption method is simple and low costs, but there is low security, a great impact on system performance, operation is complicated, opaque defects on the upper layer application.The subject of study for the above problem, we propose a method of data security, storage, and has low cost and high security features, has some innovative and value:1) The method uses Windows NT-driven framework, based on the file system filter driver technology for data encryption and decryption; file system filter driver in the kernel layer, the core layer of encryption and decryption of the user to avoid the tedious operation, use more simple and more convenient.2) The data stored in the virtual disk, and virtual disk is under right control; through authentication of users before they can open the virtual disk and can read or write the data stored in the virtual disk. For users without access permissions, the virtual disk is stored in the hard disk in a volume file, the data can't be accessed. 3) The certificates, public key certificates and data security operations of the system use Crypto API to operate all.4) Data is encrypted by symmetric cryptographic algorithm, and high security authentication using asymmetric cryptographic algorithm. At the same time the use of message digest functions to ensure the integrity of data transmission;5) The user's key and certificate are stored by digital certificate in the smart card, smart card interface by calling the read key into the encryption and decryption, and authentication and other operations. As the user's keys and certificates stored in smart card, it can't easily be stolen with a high security..