Transparent File Level Encryption Solution

Download  EaseFilter Transparent File Encryption SDK Setup File
Download  EaseFilter Transparent File Encryption SDK Zip File

Transparent File Encryption

Transparent file encryption performs real-time I/O encryption and decryption of the files in any block data with 16 bytes. The encryption uses a 256 bits symmetric key to encrypt or decrypt the data with AES encryption algorithm. Auto file encryption protects data "at rest", meaning the transparent data and files encryption. It provides the ability to comply with policies which can be applied by users, processes and file type. This allows only authorized users and processes to access the encrypted files, unauthorized users and processes can’t access the encrypted files.

Run the Auto FileCrypt Tool

The Auto FileCrypt Tool is a file based encryption tool. Run the auto file encryption service with administrator permission, add the managed folders as encryption folder, when the files were added to the managed folder, the files will be encrypted automatically, when files were read, the data will be decrypted in memory automatically. It is completely transparent to the users.

Auto File Encryption

In the managed folders, all new files will be encrypted automatically, and when you save the the modification of the encrypted file to disk, it also will be encrypted.

The encrypted file only can be read when the encryption service is running by the authorized users and processes, or the encrypted data will be returned.:

Encrypt File On-The-Go

Encryption on read is the feature which the files in the folder are not encrypted, when the black list processes read the files, they will get the encrypted data on the fly.
If you have the sensitive files in your local computer, they are not encrypted, you want to automatically encrypt them when your email sends them out, or your browser uploads them to the internet, or the explorer copy them to a USB drive.

Encryption On Read

Share your encrypted file with digital rights management

Safeguard file sharing without boundaries

Organizations have struggled with secure file sharing for years, data breaches are reported almost every day where sensitive information has been stolen, mishandled, or used for fraudulent purposes. Organizations need a new approach to keep their most sensitive assets secure throughout the global enterprise.

AssureFiles Secure File Sharing combines AES 256 bit encryption with digital rights management to give businesses persistent control over all stages of its life, enables employees to share files with anyone, via any method, without compromising business data or risking liability from data loss.

Dynamically control file access

AssureFiles Secure File Sharing solution helps organizations prevent data breaches caused by internal and external threats by enhancing access control to critical business applications and data. AssureFiles integrates DRM policy with leading enterprise and cloud applications to provide access control, data protection, and activity monitoring and reporting.

By leveraging the digital rights management, encryption keys and access policies are stored in the remote central server, so your data is never at risk of being unlocked, stolen or misused, either by internal threats or external attacks.Your files remain control wherever you share them. Wherever your data is stored, on the cloud, on your laptop, on a USB drive, on a backup disk or on someone else’s computer, only you, and those you authorize, can view the contents of those files.

With the centralized policy management, organizations can centrally control the creation, enforcement, and management of security policies to protect documents and files across all applications and systems. This ensures that the most up to date policies are applied and enforced consistently across the enterprise. You can grant or revoke the access control to any user at any time even the files were shared.

Keep tracking and auditing to the shared files

With the complete file access live tracking report, you can monitor who, when and where files are being accessed with the user and process information, computer identities and geo-location, also know all the unauthorized user information when unauthorized attempts are made and you can proactively block data leakage.

Integrate with the file system seamlessly

AssureFiles SecureAgent combines with a file system component, to support the file level encryption and decryption on-the-fly in the file system level, integrated with the access control component, enable your sensitive data always is encrypted.

With AssureFiles SecureAgent, you don't need to make any changes to your applications, infrastructure, or business practices, you can gain this secure solution right away.

AssureFiles secure file sharing can support most of the applications and files, such as Microsoft office files, PDF, 2&3D CAD files, images and other files.

How to share your files with SecureAgent

1. Start SecureAgent for both file owner who can create the share file and share file user who want to open the shared file.

2. Start SecureAgent service

To use the shared files, you need to start the SecureAgent service first, and you need to set the folder to store the shared files. After the service started, you can copy the share file to the drop folder, then you can open the shared file if you are authorized to open the share files.

3. Register your account for the first use, only the user who want to create the share file needs to register an account.

4. Manage the share file

Create new share file or modify the shared file to grant or revoke the access for users.

5. Shared file access log

6. Local files access control

Settings for the access control

EaseFilter File System Filter Driver SDK Framework

To develop file systems and file system filter drivers, use the Windows Driver Kit (WDK),which is provided by Microsoft. Even with the resources available in the Windows Driver Kit (WDK) developing file systems is certainly a challenge. To simplify your development and to provide you with a robust and well-tested file system filter driver that works with all versions and patch releases of the Windows operating systems supported by Microsoft, EaseFilter offers the file system filter driver SDK which provides a complete, modular environment for building active file system filters in your application. With the EaseFilter file system filter driver SDK, you can develop your own filter driver application with c++/c# or other languages.

EaseFilter File System Mini Filter Driver SDK is a mature commercial product. It provides a complete modular framework to the developers even without driver development experience to build the filter driver within a day. The SDK includes the modules from code design to the product installation, it includes all the basic features you need to build a filter driver.

EaseFilter File Encryption Examples in C#

The following example creates a filter rule to encrypt the file in a encryption folder, create another filter rule to decrypt the encrypted file. Only the authorized the processes and users can read the encrypted file, or other processes or users will get the raw encrypted data.

 
  
using System;
using EaseFilter.FilterControl;

namespace AutoFileEncryption
{
    class Program
    {
        static FilterControl filterControl = new FilterControl();

        static void Main(string[] args)
        {
            string lastError = string.Empty;
            string licenseKey = "Email us to request a trial key: info@easefilter.com";

            FilterAPI.FilterType filterType = FilterAPI.FilterType.CONTROL_FILTER | FilterAPI.FilterType.ENCRYPTION_FILTER | FilterAPI.FilterType.PROCESS_FILTER;
            int serviceThreads = 5;
            int connectionTimeOut = 10; //seconds

            try
            {
                //copy the right Dlls to the current folder.
                Utils.CopyOSPlatformDependentFiles(ref lastError);

                if (!filterControl.StartFilter(filterType, serviceThreads, connectionTimeOut, licenseKey, ref lastError))
                {
                    Console.WriteLine("Start Filter Service failed with error:" + lastError);
                    return;
                }
                        
                //setup a file filter rule for folder encryptFolder
                string encryptFolder = "c:\\encryptFolder\\*";
                FileFilter fileFilter = new FileFilter(encryptFolder);

                //enable the encryption for the filter rule.
                fileFilter.EnableEncryption = true;

                //get the 256bits encryption key with the passphrase
                string passPhrase = "mypassword";
                fileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);

                //disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
                fileFilter.EnableReadEncryptedData = false;

                //setup the authorized processes to decrypt the encrypted files.
                string authorizedProcessesForEncryptFolder = "notepad.exe;wordpad.exe";

                string[] processNames = authorizedProcessesForEncryptFolder.Split(new char[] { ';' });
                if (processNames.Length > 0)
                {
                    foreach (string processName in processNames)
                    {
                        if (processName.Trim().Length > 0)
                        {
                            //authorized the process with the read encrypted data right.
                            fileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
                        }
                    }
                }

                //setup the authorized users to decrypt the encrypted files.
                string authorizedUsersForEncryptFolder = "domainName\\user1";

                if (!string.IsNullOrEmpty(authorizedUsersForEncryptFolder) && !authorizedUsersForEncryptFolder.Equals("*"))
                {
                    string[] userNames = authorizedUsersForEncryptFolder.Split(new char[] { ';' });
                    if (userNames.Length > 0)
                    {
                        foreach (string userName in userNames)
                        {
                            if (userName.Trim().Length > 0)
                            {
                                //authorized the user with the read encrypted data right.
                                fileFilter.userAccessRightList.Add(userName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
                            }
                        }
                    }

                    if (fileFilter.userAccessRightList.Count > 0)
                    {
                        //set black list for all other users except the white list users.
                        uint accessFlag = FilterAPI.ALLOW_MAX_RIGHT_ACCESS & ~(uint)FilterAPI.AccessFlag.ALLOW_READ_ENCRYPTED_FILES;
                        //disable the decryption right, read the raw encrypted data for all except the authorized users.
                        fileFilter.userAccessRightList.Add("*", accessFlag);
                    }
                }

                //add the encryption file filter rule to the filter control
                filterControl.AddFilter(fileFilter);

                //setup a file filter rule for folder decryptFolder
                string decryptFolder = "c:\\decryptFolder\\*";                
                FileFilter decryptFileFilter = new FileFilter(decryptFolder);

                //enable the encryption for the filter rule.
                decryptFileFilter.EnableEncryption = true;

                //get the 256bits encryption key with the passphrase
                decryptFileFilter.EncryptionKey = Utils.GetKeyByPassPhrase(passPhrase, 32);

                //don't encrypt the new created file in the folder.
                decryptFileFilter.EnableEncryptNewFile = false;

                //disable the decyrption right, read the raw encrypted data for all except the authorized processes or users.
                decryptFileFilter.EnableReadEncryptedData = false;

                //setup authorized processes to decrypt the encrypted files.
                string authorizedProcessesForDecryptFolder = "notepad.exe;wordpad.exe";

                processNames = authorizedProcessesForDecryptFolder.Split(new char[] { ';' });
                if (processNames.Length > 0)
                {
                    foreach (string processName in processNames)
                    {
                        if (processName.Trim().Length > 0)
                        {
                            //authorized the process with the read encrypted data right.
                            decryptFileFilter.ProcessNameAccessRightList.Add(processName, FilterAPI.ALLOW_MAX_RIGHT_ACCESS);
                        }
                    }
                }

                filterControl.AddFilter(decryptFileFilter);

                if (!filterControl.SendConfigSettingsToFilter(ref lastError))
                {
                    Console.WriteLine("SendConfigSettingsToFilter failed." + lastError);
                    return;
                }

                Console.WriteLine("Start filter service succeeded.");

                // Wait for the user to quit the program.
                Console.WriteLine("Press 'q' to quit the sample.");
                while (Console.Read() != 'q') ;

                filterControl.StopFilter();

            }
            catch (Exception ex)
            {
                Console.WriteLine("Start filter service failed with error:" + ex.Message);
            }

        }

    }
}