CN101827101A - Information asset protection method based on credible isolated operating environment - Google Patents
Information asset protection method based on credible isolated operating environment Download PDFInfo
- Publication number
- CN101827101A CN101827101A CN201010150462A CN201010150462A CN101827101A CN 101827101 A CN101827101 A CN 101827101A CN 201010150462 A CN201010150462 A CN 201010150462A CN 201010150462 A CN201010150462 A CN 201010150462A CN 101827101 A CN101827101 A CN 101827101A
- Authority
- CN
- China
- Prior art keywords
- user
- file
- server
- information
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an information asset protection method based on a credible isolated operating environment. The information asset protection method comprises the steps of: firstly, intensively storing information assets by adopting a safety file server to ensure that the information assets are not stored at a user terminal, then when a user accesses, carrying out access control by adopting a reinforced identity authentication technology to ensure the legality of the accessing user, and finally forming the isolation between a working environment and a general environment by adopting the isolated operating environment based on a local virtualization technology at the user terminal, i.e. secret-related documents accessed in the working environment cannot be stored in a local disc, thus the purpose of preventing the information assets from being unintentionally or maliciously leaked can be achieved on the whole. The invention has higher reliability for the information assets without changing an original network topological structure and an original operation habit of a user.
Description
Technical field
The information assets resist technology that the invention belongs to and adopt the secure file server technology, strengthens identity identifying technology, credible isolated operating environment combines, particularly a kind of information asset protection method based on credible isolated operating environment.
Background technology
Along with the penetration of information technology improves, enterprise or institutional settings have all been set up internal network, network sets up, Information System configuration has brought a lot of facilities for these units, as resource-sharing, office automation and information transmission easily or the like, has greatly improved operating efficiency.But along with the openization degree of closed system improves, increasing information security issue is also simultaneously appeared in one's mind out.Characteristics such as the opening that network had, sharing make the important information resource that is distributed in each main frame be in a kind of high risk state, and these data are easy to be subjected to the attack of various malice such as illegal monitoring, bootlegging, unauthorized access.Being established as of various information systems implemented intelligent decision support and enterprise and produced the important foundation facility is provided; while also proposes new requirement to the information security work of business and government; how effectively to protect our unit's information assets, the solution of this problem is the important component part of informatization.
Enterprise information assets mainly comprises design drawing document, financial data, sales data, customer data etc., and the sensitive information assets of government bodies are meant concerning security matters official document etc., and its main storage mode is computer documents and database data.By network (for example Email, FTP service etc.), Peripheral Interface modes such as (USB flash disk copy, printings), be very easy to the unit's of causing sensitive information and illegally leak.How controlling the circulation of sensitive information in internal network, reduce the risk that it illegally leaks, is the major issue that the information assets protection system must solve.
The method of current unit information safeguarding of assets mainly comprises two kinds.The one, adopt physical isolation method, at first be to guarantee on the network-in-dialing that the internal institution network does not link the Internet, stop to leak the possibility of core information by network, next adopts gate control system, forbid that private USB flash disk carries the unit of entering and forbids the unit USB flash disk in addition, thereby stop to leak core information by mobile device.The advantage of this method is to form physically enclosed environment, the thorough shutoff approach of divulging a secret, but because the refinement of social cooperation's division of labor, exchange message is indispensable between the unit, therefore this method only is suitable for High Security Level units such as military project, can't be at government, business enterprise expand.The 2nd, adopt method for blocking, network service, desktop behavior, Peripheral Interface are monitored, only after putting the keeper on record, can carry out file transfer, document copying.This method has possessed certain feasibility with respect to first method, also can control the risk that leaks of enterprise information assets to a certain extent.But because sensitive information deposits at the subscriber's local computer, therefore adopt the extreme mode of part (as the dismounting hard disk, kill by force monitoring process etc.), still sensitive information can be leaked.
Summary of the invention
The object of the present invention is to provide a kind of information asset protection method, under the prerequisite that does not influence legacy network topological structure and user's use habit, improve the controllability of information assets, stop the information assets possibility that leaks based on credible isolated operating environment.
The technical solution that realizes the object of the invention is: a kind of information asset protection method based on credible isolated operating environment; at first adopt the secure file server with the information assets centralized stores; guarantee that information assets do not deposit at user terminal; then when user capture; adopt to strengthen the identity identifying technology control that conducts interviews; guarantee the legitimacy of calling party; at last in the isolation running environment of user terminal employing based on the local virtual technology; form the isolation of operational environment and general environment; be that the security files of visiting in the operational environment can't be saved in local disk, thereby whole reaching prevent that information assets is by the purpose that is not intended to or malice is leaked.
The present invention compared with prior art, its remarkable advantage: (1) information assets reliability is higher.On the one hand, the present invention adopts file server to leave the method for information assets concentratedly, avoids leaving the sensitive information assets in the client terminal local disk, effectively reduces the information assets risk of leakage, leave concentratedly also and offer help, make information assets more orderly and controlled for the management of assets.On the other hand, the user only enters mode of operation could tactiosensible information assets, and all user behaviors, network behavior, peripheral hardware switch-activity in the mode of operation are all directly controlled, and form a credible and secure isolation environment.(2) do not change user's legacy network topological structure.At first, the inventive method does not change user's existing network infrastructure, does not need to increase additional hardware equipment; Secondly, the mode that information assets is left concentratedly more is close to the paper document management regulation, is convenient to information management person information assets is carried out management and control.(3) do not change the original operating habit of user.Mode of operation environment based on local virtualization, can reappear the host environment fully, comprise software and hardware, therefore it is consistent with conventional environment to fulfil assignment under mode of operation, to the user is transparent, do not need to change any use habit, it is susceptible to user acceptance that this makes this method more hold.
Below in conjunction with accompanying drawing the present invention is described in further detail.
Description of drawings
Fig. 1 is the information assets visit data flow graph that the present invention is based on credible isolated operating environment.
But Fig. 2 is the encrypted file system read-write schematic diagram that the present invention is based on heap virtual layer structure.
Fig. 3 is that the present invention strengthens flow for authenticating ID figure.
Fig. 4 is the credible isolated operating environment module diagram that the present invention is based on local virtualization.
Fig. 5 is the flow chart that the present invention is based on the information asset protection method of credible isolated operating environment.
Embodiment
In conjunction with Fig. 5; the present invention is based on the information asset protection method of credible isolated operating environment; at first adopt the secure file server with the information assets centralized stores; guarantee that information assets do not deposit at user terminal; then when user capture; adopt to strengthen the identity identifying technology control that conducts interviews; guarantee the legitimacy of calling party; at last in the isolation running environment of user terminal employing based on the local virtual technology; form the isolation of operational environment and general environment; be that the security files of visiting in the operational environment can't be saved in local disk, thereby whole reaching prevent that information assets is by the purpose that is not intended to or malice is leaked.
In conjunction with Fig. 1, the present invention is based on the information asset protection method of credible isolated operating environment, idiographic flow is:
1. validated user is uploaded confidential document to file server;
When 2. file is left in visit concentratedly, at first go certificate server to strengthen authentication;
3. authentication allows it to carry out file server access by back notice validated user;
4. authentication by the user, is not thought the disabled user, and system forbids its access file server;
5. access file server file under mode of operation, system forbids this partial document is stored to local disk;
6. under mode of operation, system forbids that accessed document copying is to movable storage device.
The present invention is based on the information asset protection method of credible isolated operating environment, adopt the secure file server with the information assets centralized stores:
Step 1 is built the unit file server, and according to employee's right assignment memory space, guarantees that user's space can not interleaving access;
Step 2, relevant all documents of work that all employees will be stored in terminal at present are uploaded in the file server;
Step 3, secure file server adopt transparent encryption and decryption technology to encrypt or decryption processing uploading document;
In conjunction with Fig. 2, for strengthening the file server inherently safe that information assets is left concentratedly, but the present invention is based on the encrypted file system read-write process of heap virtual layer structure, that is:
1. call Read () from client layer by consumer process and attempt to visit the encrypted file system file;
2. to inner nuclear layer modulation V_Read () function access Virtual File System;
3. Virtual File System and secure file system adopt the readjustment mode, call VFS_Read () function;
4. call the UFS_dev_Read () of bottom document system (UFS) then;
5. at last by bottom document system call Disk_dev_Read () function, the visit physical disk is finished the file process of reading.
Wherein, but the secure file server adopts the encrypted file system stored information of heap virtual layer structure, this encrypted file system adopts three types of keys altogether: user's public private key pair, space public private key pair and file key, wherein the file key is a symmetric key, adopt symmetry algorithm that encrypted content file is preserved, use different keys to prevent Brute Force to each file, that is:
The first step, encryption flow:
(1) at first the user creates self space in system, and system generates the public private key pair in this space at random;
(2) user writes new file in this space, and then system produces the file key, and encrypted content file is stored;
(3) system's usage space PKI is to the file secret key encryption, and stores in the extended attribute of file;
(4) system uses client public key to the protection of space encrypted private key, is stored in the spatial spread attribute.
Second step, the deciphering flow process
(1) at first from the spatial spread attribute, extracts the space private key
(2) obtain the expressly space private key of form with private key for user after to its deciphering
(3) the file key of extraction ciphertext form from the file extent attribute is with space private key declassified document key;
(4) user uses file secret key decryption file content, obtains plaintext document.
In conjunction with Fig. 3, for stopping disabled user's access file server, cause information assets to leak, the present invention strengthens flow for authenticating ID, and the authentication agreement is defined as follows:
(1)AS→U:R
AS
(2)U→AS:{CerI
u,R
u,SIGN
u(R
AS)}
(3)AS→U:{CerI
AS,SIGN
AS(R
u)}
Wherein U represents Authentication Client, CerI
uThe expression user identity certificate, AS represents certificate server, CerI
ASThe letter of identity of expression certificate server, R
u, R
ASRepresent the random number that U and AS produce respectively, SIGN
u(x), SIGN
AS(x) represent U and AS digital signature respectively to x.
Its certification work process step is as follows:
(1) client U is by client-requested AS server;
(2) after server A S accepted client requests, response request also sent random number R to the client U by authentication
AS
(3) client is subjected to the AS response, uses private key R
ASSignature reads the certificate CerI of oneself simultaneously
uAnd generation random number R
u
(4) client response server sends oneself user certificate CerI
u, the client random number R
uWith signature SIGN to the server random number
u(R
AS) to server A S;
(5) server uses CerI
u, R
ASChecking SIGN
u(R
AS) whether correct, and checking CerI
uWhether credible;
(6) checking is not by then refusing user's login;
(7) checking is passed through the back server from client CerI
uThe middle identity information that extracts;
(8) whether be validated user according to the user identity querying server;
(9) not the login of validated user refusal;
(10) be that validated user allows login, return CerI
u, SIGN
AS(R
u);
(11) client validation CerI
u, SIGN
AS(R
u);
(12) login system is passed through in checking.
The present invention is based on the information asset protection method of credible isolated operating environment, adopt to strengthen the identity identifying technology control that conducts interviews:
The first step, the user finishes the Windows system login, handles responsive affairs as needs, then starts terminal software, and request enters mode of operation;
In second step, the user inserts the USB password card, and the input PIN code adopts the authentication agreement, after strengthening authentication, enters mode of operation, allows to obtain core information from server.
Wherein, the service structure that strengthens authentication is: at first need to dispose certificate server, bear authentication server functions, promptly the user downloads and execution Authentication Client program from certificate server in client, bears the Authentication Client function; Next is disposed data server and is used to store the validated user tabulation, in the authentication process, needs the certificate query authentication server at visit CA center, and downloadable authentication is nullified tabulation (CRL), is used to verify the state validity of digital certificate.
In conjunction with Fig. 4, for guaranteeing that sensitive information is not deposited in the client terminal local disk, the present invention adopts the local virtual structure to isolate running environment, isolation environment is realized with the form of Type II type virtual machine, directly on host operating system, move, constitute by five nucleus modules altogether: monitor, simple disk, operating system migration manager, modification tracking manager and system information reconstructed module based on volume shadow copy:
Monitor module is realized the responsive instruction of Simulation execution, and instruction transformation will not produce the self-trapping responsive instruction of non-privilege originally and replaces with the instruction with reporting system function during by operation; By simple disk and operating system migration manager based on volume shadow copy, system has realized need not to reinstall operating system in the virtual machine, but directly starts from host operating system, and the operating system after the startup is Local-Booted OS; Revise tracking manager and then utilize amendment record filtration drive record Local-Booted OS and the interior change in resources information of host operating system; The operation system information reconstitution assembly can be under the situation by operating system API not, utilizes the signal reconstruct of hardware layer to go out the semantic information of operating system.
The present invention is based on the information asset protection method of credible isolated operating environment, adopt the local virtual technique construction to isolate running environment, form the isolation of operational environment and general environment:
Step (1), the user enters mode of operation, can carry out the work by multiplexing all softwares of original installation, and mode of operation and general mode do not have difference concerning the user;
Step (2), the user can only deposit in server end from the All Files that server obtains or oneself writes, revises in operational environment, can't have this machine disk, and operational environment is isolated local storage.
Claims (9)
1. information asset protection method based on credible isolated operating environment; it is characterized in that: at first adopt the secure file server the information assets centralized stores; guarantee that information assets do not deposit at user terminal; then when user capture; adopt to strengthen the identity identifying technology control that conducts interviews; guarantee the legitimacy of calling party; at last in the isolation running environment of user terminal employing based on the local virtual technology; form the isolation of operational environment and general environment; be that the security files of visiting in the operational environment can't be saved in local disk, thereby whole reaching prevent that information assets is by the purpose that is not intended to or malice is leaked.
2. the information asset protection method based on credible isolated operating environment according to claim 1 is characterized in that adopting the secure file server with the information assets centralized stores:
Step 1 is built the unit file server, and according to employee's right assignment memory space, guarantees that user's space can not interleaving access;
Step 2, relevant all documents of work that all employees will be stored in terminal at present are uploaded in the file server;
Step 3, secure file server adopt transparent encryption and decryption technology to encrypt or decryption processing uploading document;
Step 4 is thoroughly removed the sensitive information of preserving on the terminal by keeper's assisting users.
3. the information asset protection method based on credible isolated operating environment according to claim 2; it is characterized in that but the secure file server adopts the encrypted file system stored information of heap virtual layer structure; this encrypted file system adopts three types of keys altogether: user's public private key pair; space public private key pair and file key; wherein the file key is a symmetric key; adopt symmetry algorithm that encrypted content file is preserved, use different keys to prevent Brute Force to each file, that is:
3.1 encryption flow:
3.1.1 at first the user creates self space in system, system generates the public private key pair in this space at random;
3.1.2 the user writes new file in this space, then system produces the file key, and encrypted content file is stored;
3.1.3 system's usage space PKI is to the file secret key encryption, and stores in the extended attribute of file;
3.1.4 system uses client public key to the protection of space encrypted private key, is stored in the spatial spread attribute.
3.2 deciphering flow process
3.2.1 at first from the spatial spread attribute, extract the space private key
3.2.2 obtain the expressly space private key of form after to its deciphering with private key for user
3.2.3 from the file extent attribute, extract the file key of ciphertext form, with space private key declassified document key;
3.2.4 the user uses file secret key decryption file content, obtains plaintext document.
4. the information asset protection method based on credible isolated operating environment according to claim 3, but it is characterized in that the encrypted file system read-write process of heap virtual layer structure, that is:
1. call Read () from client layer by consumer process and attempt to visit the encrypted file system file;
2. to inner nuclear layer modulation V_Read () function access Virtual File System;
3. Virtual File System and secure file system adopt the readjustment mode, call VFS_Read () function;
4. call the UFS_dev_Read () of bottom document system (UFS) then;
5. at last by bottom document system call Disk_dev_Read () function, the visit physical disk is finished the file process of reading.
5. the information asset protection method based on credible isolated operating environment according to claim 1 is characterized in that adopt strengthening the identity identifying technology control that conducts interviews:
The first step, the user finishes the Windows system login, handles responsive affairs as needs, then starts terminal software, and request enters mode of operation;
In second step, the user inserts the USB password card, and the input PIN code adopts the authentication agreement, after strengthening authentication, enters mode of operation, allows to obtain core information from server.
6. the information asset protection method based on credible isolated operating environment according to claim 5, it is characterized in that the service structure that strengthens authentication is: at first need to dispose certificate server, bear authentication server functions, be that the user downloads and execution Authentication Client program from certificate server in client, bear the Authentication Client function; Next is disposed data server and is used to store the validated user tabulation, in the authentication process, needs the certificate query authentication server at visit CA center, and downloadable authentication is nullified tabulation (CRL), is used to verify the state validity of digital certificate.
7. the information asset protection method based on credible isolated operating environment according to claim 5 is characterized in that authentication design of protocol and certification work flow process, and the authentication agreement is defined as follows:
(1)AS→U:R
AS
(2)U→AS:{CerI
u,R
u,SIGN
u(R
AS)}
(3)AS→U:{CerI
AS,SIGN
AS(R
u)}
Wherein U represents Authentication Client, CerI
uThe expression user identity certificate, AS represents certificate server, CerI
ASThe letter of identity of expression certificate server, R
u, R
ASRepresent the random number that U and AS produce respectively, SIGN
u(x), SIGN
AS(x) represent U and AS digital signature respectively to x.
Its certification work flow process is as follows:
(1) client U is by client-requested AS server;
(2) after server A S accepted client requests, response request also sent random number R to the client U by authentication
AS
(3) client is subjected to the AS response, uses private key R
ASSignature reads the certificate CerI of oneself simultaneously
uAnd generation random number R
u
(4) client response server sends oneself user certificate CerI
u, the client random number R
uWith signature SIGN to the server random number
u(R
AS) to server A S;
(5) server uses CerI
u, R
ASChecking SIGN
u(R
AS) whether correct, and checking CerI
uWhether credible;
(6) checking is not by then refusing user's login;
(7) checking is passed through the back server from client CerI
uThe middle identity information that extracts;
(8) whether be validated user according to the user identity querying server;
(9) not the login of validated user refusal;
(10) be that validated user allows login, return CerI
u, SIGN
AS(R
u);
(11) client validation CerI
u, SIGN
AS(R
u);
(12) login system is passed through in checking.
8. the information asset protection method based on credible isolated operating environment according to claim 1 is characterized in that adopting the local virtual technique construction to isolate running environment, forms the isolation of operational environment and general environment:
Step (1), the user enters mode of operation, can carry out the work by multiplexing all softwares of original installation, and mode of operation and general mode do not have difference concerning the user;
Step (2), the user can only deposit in server end from the All Files that server obtains or oneself writes, revises in operational environment, can't have this machine disk, and operational environment is isolated local storage.
9. the information asset protection method based on credible isolated operating environment according to claim 8; it is characterized in that the form realization of isolation environment with Type II type virtual machine; directly on host operating system, move, constitute by five nucleus modules altogether: monitor, simple disk, operating system migration manager, modification tracking manager and system information reconstructed module based on volume shadow copy:
Monitor module is realized the responsive instruction of Simulation execution, and instruction transformation will not produce the self-trapping responsive instruction of non-privilege originally and replaces with the instruction with reporting system function during by operation; By simple disk and operating system migration manager based on volume shadow copy, system has realized need not to reinstall operating system in the virtual machine, but directly starts from host operating system, and the operating system after the startup is Local-Booted OS; Revise tracking manager and then utilize amendment record filtration drive record Local-Booted OS and the interior change in resources information of host operating system; The operation system information reconstitution assembly can be under the situation by operating system API not, utilizes the signal reconstruct of hardware layer to go out the semantic information of operating system.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010150462A CN101827101A (en) | 2010-04-20 | 2010-04-20 | Information asset protection method based on credible isolated operating environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010150462A CN101827101A (en) | 2010-04-20 | 2010-04-20 | Information asset protection method based on credible isolated operating environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101827101A true CN101827101A (en) | 2010-09-08 |
Family
ID=42690803
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010150462A Pending CN101827101A (en) | 2010-04-20 | 2010-04-20 | Information asset protection method based on credible isolated operating environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101827101A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065104A (en) * | 2011-01-10 | 2011-05-18 | 深信服网络科技(深圳)有限公司 | Method, device and system for accessing off-site document |
| CN102065148A (en) * | 2011-01-12 | 2011-05-18 | 无锡网芯科技有限公司 | Memory system access authorizing method based on communication network |
| CN102137110A (en) * | 2011-04-15 | 2011-07-27 | 哈尔滨工业大学 | System service reconfigurable method of safe server of confidential document management system |
| CN102298756A (en) * | 2011-09-05 | 2011-12-28 | 中体彩科技发展有限公司 | Method for ensuring security of computer lottery trade information |
| CN102413159A (en) * | 2011-03-15 | 2012-04-11 | 北京邮电大学 | Trusty online storage system oriented to network operating system |
| WO2013189457A2 (en) * | 2013-04-15 | 2013-12-27 | 中兴通讯股份有限公司 | Terminal, cloud system server and interaction method and system thereof |
| CN103595790A (en) * | 2013-11-14 | 2014-02-19 | 华为技术有限公司 | Remote accessing method for device, thin client side and virtual machine |
| CN103595534A (en) * | 2013-11-08 | 2014-02-19 | 安徽云盾信息技术有限公司 | Data encryption and decryption system supporting device revoking operation and implementing method |
| CN103942678A (en) * | 2014-04-01 | 2014-07-23 | 武汉天喻信息产业股份有限公司 | Mobile payment system and method based on trusted execution environment |
| CN104268479A (en) * | 2014-09-29 | 2015-01-07 | 北京奇虎科技有限公司 | Text operation isolating method, device and mobile terminal |
| CN104348838A (en) * | 2014-11-18 | 2015-02-11 | 深圳市大成天下信息技术有限公司 | Document management system and method |
| CN105446793A (en) * | 2014-08-28 | 2016-03-30 | 国际商业机器公司 | Method and device for migrating virtual assets |
| CN105892444A (en) * | 2015-02-13 | 2016-08-24 | 费希尔-罗斯蒙特系统公司 | Security Event Detection Through Virtual Machine Introspection |
| CN106127073A (en) * | 2016-06-21 | 2016-11-16 | 新昌县七星街道明盛模具厂 | A kind of guard method of user's operation information |
| CN109508095A (en) * | 2018-12-29 | 2019-03-22 | 北京强氧新科信息技术有限公司 | A kind of synthetic method and device of virtual reality video |
| CN109923522A (en) * | 2016-11-12 | 2019-06-21 | 微软技术许可有限责任公司 | Anonymous container |
| CN112241530A (en) * | 2019-07-19 | 2021-01-19 | 中国人民解放军战略支援部队信息工程大学 | Malicious PDF document detection method and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030204572A1 (en) * | 2002-04-24 | 2003-10-30 | Hitachi, Ltd. | Computer system with virtualization function |
| CN201054139Y (en) * | 2007-07-04 | 2008-04-30 | 福建伊时代信息科技有限公司 | Secret-involved document management system |
| CN101304360A (en) * | 2007-05-08 | 2008-11-12 | 艾岩 | System and method for virtualization of user digital terminal |
| CN101594360A (en) * | 2009-07-07 | 2009-12-02 | 清华大学 | LAN system and the method for safeguarding LAN information safety |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
-
2010
- 2010-04-20 CN CN201010150462A patent/CN101827101A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030204572A1 (en) * | 2002-04-24 | 2003-10-30 | Hitachi, Ltd. | Computer system with virtualization function |
| CN101304360A (en) * | 2007-05-08 | 2008-11-12 | 艾岩 | System and method for virtualization of user digital terminal |
| CN201054139Y (en) * | 2007-07-04 | 2008-04-30 | 福建伊时代信息科技有限公司 | Secret-involved document management system |
| CN101594360A (en) * | 2009-07-07 | 2009-12-02 | 清华大学 | LAN system and the method for safeguarding LAN information safety |
| CN101674304A (en) * | 2009-10-15 | 2010-03-17 | 浙江师范大学 | Network identity authentication system and method |
Non-Patent Citations (8)
| Title |
|---|
| 《信息通信技术2010年》 20100415 戴元顺 云计算技术简述 全文 1-9 , 第2期 * |
| 《全国计算机安全学术交流会论文集(第二十四卷)》 20090912 缪嘉嘉等 基于可信隔离运行环境的信息资产保护系统 第430-434页 1,3-4,8-9 第24卷, * |
| 《全国计算机安全学术交流会论文集(第二十四卷)》 20090912 缪嘉嘉等 基于可信隔离运行环境的信息资产保护系统 第430-434页 2,5-7 第24卷, * |
| 《重庆师范大学学报(自然科学版)》 20080715 姚渝春 网络存储与UAMS模式研究 全文 1-9 第25卷, 第3期 * |
| 《金融管理与研究1995年》 19950330 刘治昌 N维空间加密技术在三金工程中的应用 全文 1-9 , 第1期 * |
| MUXIN ZHOU ET AL: "Spatial Encryption under Simper Assumption", 《PROVABLE SECURITY,LECTURE NOTES IN COMPUTER SCIENCE,2009》 * |
| 缪嘉嘉等: "基于可信隔离运行环境的信息资产保护系统", 《全国计算机安全学术交流会论文集(第二十四卷)》 * |
| 钟经伟: "基于Kylin的加密文件系统研究与实现", 《中国优秀博硕士学位论文全文数据库(硕士)信息科技辑 2006年》 * |
Cited By (28)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102065104A (en) * | 2011-01-10 | 2011-05-18 | 深信服网络科技(深圳)有限公司 | Method, device and system for accessing off-site document |
| CN102065148A (en) * | 2011-01-12 | 2011-05-18 | 无锡网芯科技有限公司 | Memory system access authorizing method based on communication network |
| CN102413159A (en) * | 2011-03-15 | 2012-04-11 | 北京邮电大学 | Trusty online storage system oriented to network operating system |
| CN102413159B (en) * | 2011-03-15 | 2012-10-17 | 北京邮电大学 | Trusty online storage system oriented to network operating system |
| CN102137110A (en) * | 2011-04-15 | 2011-07-27 | 哈尔滨工业大学 | System service reconfigurable method of safe server of confidential document management system |
| CN102137110B (en) * | 2011-04-15 | 2013-10-09 | 哈尔滨工业大学 | System service reconfigurable method of safe server of confidential document management system |
| CN102298756A (en) * | 2011-09-05 | 2011-12-28 | 中体彩科技发展有限公司 | Method for ensuring security of computer lottery trade information |
| WO2013189457A2 (en) * | 2013-04-15 | 2013-12-27 | 中兴通讯股份有限公司 | Terminal, cloud system server and interaction method and system thereof |
| WO2013189457A3 (en) * | 2013-04-15 | 2014-03-06 | 中兴通讯股份有限公司 | Terminal, cloud system server and interaction method and system thereof |
| CN103595534B (en) * | 2013-11-08 | 2017-01-04 | 安徽云盾信息技术有限公司 | A kind of holding equipment revokes data ciphering and deciphering system and the implementation method of operation |
| CN103595534A (en) * | 2013-11-08 | 2014-02-19 | 安徽云盾信息技术有限公司 | Data encryption and decryption system supporting device revoking operation and implementing method |
| US10042664B2 (en) | 2013-11-14 | 2018-08-07 | Huawei Technologies Co., Ltd. | Device remote access method, thin client, and virtual machine |
| CN103595790B (en) * | 2013-11-14 | 2017-01-04 | 华为技术有限公司 | The remote access method of equipment, thin-client and virtual machine |
| CN103595790A (en) * | 2013-11-14 | 2014-02-19 | 华为技术有限公司 | Remote accessing method for device, thin client side and virtual machine |
| CN103942678A (en) * | 2014-04-01 | 2014-07-23 | 武汉天喻信息产业股份有限公司 | Mobile payment system and method based on trusted execution environment |
| US10102026B2 (en) | 2014-08-28 | 2018-10-16 | International Business Machines Corporation | Migrating virtual asset |
| CN105446793A (en) * | 2014-08-28 | 2016-03-30 | 国际商业机器公司 | Method and device for migrating virtual assets |
| CN105446793B (en) * | 2014-08-28 | 2018-08-28 | 国际商业机器公司 | The method and apparatus for migrating fictitious assets |
| CN104268479A (en) * | 2014-09-29 | 2015-01-07 | 北京奇虎科技有限公司 | Text operation isolating method, device and mobile terminal |
| CN104268479B (en) * | 2014-09-29 | 2017-03-01 | 北京奇虎科技有限公司 | A kind of method of text maninulation isolation, device and mobile terminal |
| CN104348838A (en) * | 2014-11-18 | 2015-02-11 | 深圳市大成天下信息技术有限公司 | Document management system and method |
| CN104348838B (en) * | 2014-11-18 | 2017-08-25 | 深圳市大成天下信息技术有限公司 | A kind of document file management system and method |
| CN105892444A (en) * | 2015-02-13 | 2016-08-24 | 费希尔-罗斯蒙特系统公司 | Security Event Detection Through Virtual Machine Introspection |
| CN106127073A (en) * | 2016-06-21 | 2016-11-16 | 新昌县七星街道明盛模具厂 | A kind of guard method of user's operation information |
| CN109923522A (en) * | 2016-11-12 | 2019-06-21 | 微软技术许可有限责任公司 | Anonymous container |
| CN109923522B (en) * | 2016-11-12 | 2023-09-22 | 微软技术许可有限责任公司 | Anonymous container |
| CN109508095A (en) * | 2018-12-29 | 2019-03-22 | 北京强氧新科信息技术有限公司 | A kind of synthetic method and device of virtual reality video |
| CN112241530A (en) * | 2019-07-19 | 2021-01-19 | 中国人民解放军战略支援部队信息工程大学 | Malicious PDF document detection method and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101827101A (en) | Information asset protection method based on credible isolated operating environment | |
| CN102394894B (en) | Network virtual disk file safety management method based on cloud computing | |
| CA2935688C (en) | System and method for biometric protocol standards | |
| US20190050598A1 (en) | Secure data storage | |
| Viega | Building security requirements with CLASP | |
| Ghani et al. | Issues and challenges in cloud storage architecture: a survey | |
| CN108701094A (en) | The safely storage and distribution sensitive data in application based on cloud | |
| CN103763355A (en) | Cloud data uploading and access control method | |
| US20140208409A1 (en) | Access to data stored in a cloud | |
| Meetei et al. | Security issues in cloud computing | |
| US8321915B1 (en) | Control of access to mass storage system | |
| CN101382919A (en) | Storage data isolating method based on identity | |
| CN113901507B (en) | Multi-party resource processing method and privacy computing system | |
| CN114124392B (en) | Data controlled circulation method, system, device and medium supporting access control | |
| Alawneh et al. | Defining and analyzing insiders and their threats in organizations | |
| Kirar et al. | An efficient architecture and algorithm to prevent data leakage in Cloud Computing using multi-tier security approach | |
| CN109284622A (en) | Contact person information processing method, device and storage medium | |
| Basso et al. | Requirements, design and evaluation of a privacy reference architecture for web applications and services | |
| Derksen et al. | Backup and Recovery of IRMA Credentials | |
| Nagesh et al. | Cloud architectures encountering data security and privacy concerns—A review | |
| Wilusz et al. | Secure protocols for smart contract based insurance services | |
| Ghani et al. | Cloud storage architecture: research challenges and opportunities | |
| Dinesha et al. | Evaluation of secure cloud transmission protocol | |
| Adlam et al. | Applying Blockchain Technology to Security-Related Aspects of Electronic Healthcare Record Infrastructure | |
| Munir | Security model for mobile cloud database as a service (DBaaS) |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20100908 |