|
|
|
|
|
|
|
|
|
EaseFilter File Encryption SDK is a transparent file system encryption filter driver, it provides you a comprehensive security solution to develop the transparent encryption products which it can encrypt or decrypt files on-the-fly, it can allow only authorized users or processes to access the encrypted files. Supported strong cryptographic algorithm Rijndael is a high security algorithm which was chosen by the National Institute of Standards and Technology (NIST) as the new Advanced Encryption Standard (AES), it can support key lengths 128-bits,192-bits and 256-bits.
EaseFilter File System Mini Filter Driver SDK is a mature commercial product. It provides a complete modular framework for the developers even without the driver development experience to build the filter driver within a day. The SDK includes the modules from code design to the product installation, it includes all the basic features you need to build a filter driver.
By embedded the DRM policies to the encrypted file's header, it allows you to implement the secure file sharing solution, you can control the shared file anywhere and anytime, it can help the organizations prevent data breaches caused by internal and external threats. It integrates DRM policy with leading enterprise and cloud applications to provide access control, data protection, and activity monitoring and reporting. By leveraging the digital rights management, encryption keys and access policies are stored in the remote central server, so your data is never at risk of being unlocked, stolen or misused, either by internal threats or external attacks. Your files remain control wherever you share them. Wherever your data is stored, on the cloud, on your laptop, on a USB drive, on a backup disk or on someone else's computer, only you, and those you authorize, can view the contents of those files.
The encryption software you can develop with EaseFilter File Encryption SDK
Encryption at rest prevents the attacker from accessing the unencrypted data by ensuring the data is encrypted when on disk.
Document encryption, file encryption is very important step for data protection, only the authorized users or processes can read the encrypted data, or will get the raw encrypted data.
To prevent the data breach, your data is encrypted all the time, even your data was lost and found in an unauthorized place, they are protected against the unauthorized access.
Encrypted your files with digital rights management data embedded into the encrypted header, protect, track and control your encrypted files anywhere anytime, you can grant or revoke the access control to any user at any time even the files were shared.
EaseFilter Encrypting File System
EaseFilter File System Encryption Driver is an encrypting file system, is a file system level encryption, a file based encryption. A transparent encryption filter driver will integrate the encryption or decryption in the read or write IO process in the file system level, without the extra IO it can improve your encryption performance dramatically. With the file system level auto encryption, you can prevent your sensitive data from being exposed or stolen, you can encrypt your folders/files to prevent your data breach.
EaseFilter encrypting file system is an alternative solution for Microsoft EFS. It has more features and more flexible than Microsoft EFS, it can support both user and process based encryption, it can encrypt every file with the unique encryption key, it can embedded custom tag data into the encrypted file.
Military-grade Advanced Encryption Standard (AES) algorithm. The encryption engine uses the Advanced Encryption Standard (AES) algorithm, a symmetric block cipher chosen by the U.S. government, using keys sized at 128, 192 and 256 bits.
Block level decryption. EaseFilter File System Encryption SDK performs real-time decryption of the encrypted file in any block data with 16 bytes. If you need to read the blocks of the big encrypted file, it doesn't need to decrypt the whole file, it only needs to decrypt the block data of the encrypted file, it can improve the read performance.
AES-NI Support. EaseFilter File Encryption Engine utilizes the US FIPS 140-2 compliant Microsoft CNG libraries, it can support AES-NI (or the Intel Advanced Encryption Standard New Instructions; AES-NI), at an algorithm level AES-NI provides significant speedup of AES. For non-Parallel modes of AES operation (CBC encrypt), AES-NI can provide 2-3 fold gain in performance over a completely software encryption. For parallel modes of AES operation (CBC-decrypt, CTR), AES-NI can provide 10x improvement over a completely software encryption.
Process Based File Encryption
Create a unique view for every process or user. Decryption per process is the most complicated part for the on-the-fly encryption development. In Windows file system, when a file was opened, it will create a cache view in memory, it will be shared by all processes or users with following file open. So, when an authorized process opened an encrypted file, the clear data was kept in system memory cache, at this point if an unauthorized process opened this same file, it will see the clear data instead of the raw encrypted data from the cache memory. How to prevent the clear data from being accessed by unauthorized processes via the share cache view in the memory? EaseFilter File Encryption engine uses the isolation filter driver technology to bypass the system cache manager and create the unique cache view for every process or user, so the clear data won't be shared by different processes or users.
The Isolation Mini Filter Driver
EaseFilter File Encryption SDK was implemented with Isolation Mini Filter Driver. An Isolation Mini Filter Driver is a Windows file system Minifilter driver that separates the view(s) of a file's data from the actual underlying data of that same file. A typical Isolation Layer Filter Driver can create two views of the access data, one is encrypted from the local storage, so your data is always encrypted in the local disk, the other one is decrypted to the authorized user, for every file open, the filter driver will create a unique memory cache, so the different users or processes won't see the same view of the data if they have different permission for the same file. When the process or the user was authorized to access the encrypted file, the filter driver will decrypt the data in memory during the read request, so the authorized process can get the clear data back, or it will get the raw encrypted data. When the encryption filter driver is turned off, the application will always get the encrypted raw data.
The well-designed EaseFilter Isolation Minifilter could allow both views, the decrypted view of the file’s contents and the encrypted view of the file’s contents, to different applications reading the file simultaneously. It can automatically decrypt data from an encrypted document when accessed by authorized application likes Microsoft Word. However, when that same encrypted document is accessed from an unauthorized application, for example a backup application, the Isolation Minifilter could provide the raw, encrypted contents of the file.
A C# File Encryption Example
Using EaseFilter File Encryption SDK is simple with the APIs, here is a simple C# auto file encryption example implementing with EaseFilter File Encryption SDK as below, you can setup an encryption folder in computer A, configure the authorized processes, users who can read the encrypted file, and setup the decryption folder in computer B. You can copy the encrypted file in computer A to the decryption folder in computer B, you can authorize the processes which can read the encrypted files in the decryption folder.
The following example creates a filter rule to encrypt the file in a encryption folder, create another filter rule to decrypt the encrypted file. Only the authorized the processes and users can read the encrypted file, or other processes or users will get the raw encrypted data. You can implement the following features:
© Copyright 2000-2023 COGITO SOFTWARE CO.,LTD. All rights reserved
