CN103810436A - System and method for preventing enterprise sensitive data from leaking on mobile device - Google Patents

System and method for preventing enterprise sensitive data from leaking on mobile device Download PDF

Info

Publication number
CN103810436A
CN103810436A CN201410027775.8A CN201410027775A CN103810436A CN 103810436 A CN103810436 A CN 103810436A CN 201410027775 A CN201410027775 A CN 201410027775A CN 103810436 A CN103810436 A CN 103810436A
Authority
CN
China
Prior art keywords
data
access range
file
enterprise
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410027775.8A
Other languages
Chinese (zh)
Inventor
林崇颐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chunghwa Telecom Co Ltd
Original Assignee
Chunghwa Telecom Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chunghwa Telecom Co Ltd filed Critical Chunghwa Telecom Co Ltd
Publication of CN103810436A publication Critical patent/CN103810436A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G01MEASURING; TESTING
    • G01SRADIO DIRECTION-FINDING; RADIO NAVIGATION; DETERMINING DISTANCE OR VELOCITY BY USE OF RADIO WAVES; LOCATING OR PRESENCE-DETECTING BY USE OF THE REFLECTION OR RERADIATION OF RADIO WAVES; ANALOGOUS ARRANGEMENTS USING OTHER WAVES
    • G01S5/00Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations
    • G01S5/02Position-fixing by co-ordinating two or more direction or position line determinations; Position-fixing by co-ordinating two or more distance determinations using radio waves
    • G01S5/0252Radio frequency fingerprinting

Landscapes

  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Radar, Positioning & Navigation (AREA)
  • Remote Sensing (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Alarm Systems (AREA)

Abstract

The invention provides a system and a method for preventing enterprise confidential data from leaking on a mobile device, wherein after detecting that the mobile device has a file opening behavior, the content of the file data is monitored and analyzed, if the content of the file data contains confidential data characteristics, a nearby access range positioning device signal is searched, if the access range positioning device signal is detected, the current positioning information of the mobile device is calculated according to the signal intensity of the access range positioning device, and if the current positioning information is in an enterprise legal access range, the file data is allowed to be opened on the mobile device.

Description

On running gear, prevent the System and method for that the alert and resourceful data of enterprise leak
Technical field
The present invention is a kind of System and method for that prevents that data from leaking, particularly a kind of System and method for that prevents that on running gear the alert and resourceful data of enterprise from leaking.
Background technology
For strengthening money safety and protection enterprises confidential data, preventing that alert and resourceful data from leaking becomes important money peace protected working of enterprise.And along with the progress of running gear, more and more enterprise staffs use running gears to download alert and resourceful data to carry out work.But currently available technology all cannot reach, in the time downloading the running gear of the alert and resourceful data of enterprise and take away enterprise or lost by employee along with employee, prevent the alert and resourceful data of enterprise leaking by running gear.
As prior art, Taiwan patent announcement I237178, denomination of invention " in order to protect encryption system and the method thereof of data outflow in enterprise ", its fundamental purpose is to hold the archives that encryption is write out to prevent that company information from being flowed out enterprise is suffered damage by circumscribed storage facilities by user separately, and its method is, user's end judges whether to write out the order of file data to circumscribed storage facilities, thereafter, user holds according to security settings and judges whether to need control to write out this archives, if while needing control, this file data is writen to external hanging type storage device by cipher mode and is secure file.But; this technology is only separately in judging whether user's end is written to plug-in storage device by file data; once when file data is by being directly downloaded on running gear; cannot be by this plug-in storage device guard technology protection file data; therefore be a kind of file data guard technology that cannot be applied on running gear; therefore; if after having the running gear of alert and resourceful data and being taken away enterprise-wide or employee lose after this action device; alert and resourceful data on this action device can be unlocked and browse outward in enterprise-wide, cause data to leak.
And for example prior art, Taiwan patent announcement I377483, denomination of invention " file data leak guard method and system ", the method is the file system filter driver framework based on microsoft operation system, any archives action in interception operating system, in the time that new archive produces or keeps in, if application program is in white list, these archives can be encrypted, then in the time reading archives, archives request is read in interception, if application program is in white list, in archive content is deciphered, make the not archives through deciphering, user is by None-identified archive content data, and then reach the protection that prevents that data from leaking.But, in above-mentioned technology, encrypted file and management and control are also stored in PC according to condition simultaneously, if encrypted file for example, along with whole PC is taken away enterprise-wide (this PC is notebook computer or the stolen situation of this PC), in the time reading encrypted file, still can be through the management and control inspection of this technology, and encrypted file is decrypted, make this archives material to be read and to cause data to leak in enterprise-wide outward, therefore, this technology is only applicable to the operating means (for example desktop computer) that can not move, on the running gear that cannot move in portability, prevent that data from leaking.
As can be seen here, above-mentioned existing mode still has many disappearances, a real non-kindhearted design, and urgently improved.
Summary of the invention
The invention provides a kind of System and method for that prevents that on running gear the alert and resourceful data of enterprise from leaking, its fundamental purpose is, in the time downloading the running gear of the alert and resourceful data of enterprise and take away enterprise or lost by employee along with employee, can whether calculate this action device in enterprise-wide by locating information, avoid these alertness data still can be unlocked and read or copy in enterprise-wide outward, reach and prevent the alert and resourceful data of enterprise leaking by running gear.
Disclose according to the present invention and be used to prevent from the System and method for that the alert and resourceful data of enterprise leak from least comprising following steps: step 1 on running gear: detecting running gear has archives to open behavior; Step 2: the content of monitoring and analyze this file data; Step 3: if this file data report, containing alert and resourceful data characteristics, is searched near access range locating device signal; Step 4: if detect access range locating device signal, calculate the current locating information of this action device by access range locating device signal strength; Step 5: if current locating information, in enterprise's legal access scope, allows to open this file data in this action device.
The invention provides a kind of system that prevents that on running gear the alert and resourceful data of enterprise from leaking, comprising:
A plurality of access range locating devices, are the close range being formed with a plurality of these access range locating devices, define the executable legal access scope of file data; And
Running gear, for save File data.
Wherein this action device, comprising:
Locating device receiver module, the wireless signal sending for receiving a plurality of these access range locating devices;
Data location protection module, for judging whether file data and this action device are positioned at this legal access scope; And
Policy setting module, in order to record policy setting file, the characterizing definition that wherein policy setting file is file data, a plurality of this access range locating device and this legal access scope are set.
Wherein this data location protection module, comprising:
Archives monitoring module, the breakdown action of the file data on detecting this action device;
Whether data analysis module, analyze the breakdown action of the file data that this archives monitoring module detects and can carry out;
Policy implementation module, the setting of reading this policy setting file;
Locating information computing module, the relative position between calculated complex this access range locating device and this action device; And
Locating device connects user interface, when this action device is first in the time that this legal access scope is used, connects setting with a plurality of these access range locating devices.
On running gear, prevent the method that the alert and resourceful data of enterprise leak, step is as follows:
Be located at the archives monitoring module in running gear, detecting this action device has the unlatching behavior of file data;
Be located at the data analysis module in this action device, analyze the content of this file data;
If this file data meets the feature of alert and resourceful data, search the signal of a plurality of access range locating devices, the close range that wherein a plurality of these access range locating devices form, defines the executable legal access scope of this file data;
If search the signal of a plurality of these access range locating devices, by the locating information computing module of being located in this action device, the relative position between calculated complex this access range locating device and this action device; And
If this action device is positioned at this legal access scope, allow to open this file data in this action device.
The System and method for that prevents that on running gear the alert and resourceful data of enterprise from leaking provided by the invention, while mutually comparing with other prior aries, advantage is in the time downloading the running gear of the alert and resourceful data of enterprise and take away enterprise or lost by employee along with employee, can whether calculate this action device in enterprise-wide by locating information, avoid these alertness data still can be unlocked and read or copy in enterprise-wide outward, reach and prevent the alert and resourceful data of enterprise leaking by running gear.
Accompanying drawing explanation
Fig. 1 is the schematic diagram of the system that prevents on running gear of the present invention that the alert and resourceful data of enterprise from leaking;
Fig. 2 is running gear inner module schematic diagram of the present invention;
Fig. 3 is the process flow diagram of the method that prevents on running gear of the present invention that the alert and resourceful data of enterprise from leaking.
Symbol description
100a access range locating device
100b access range locating device
100c access range locating device
101 enterprise's legal access scopes
200 running gears
210 locating device receiver modules
220 data location protection modules
230 policy setting modules
221 archives monitoring modules
222 data analysis modules
223 policy implementation modules
224 locating information computing modules
225 locating devices connect user interface
301~310 steps flow charts
Embodiment
Effect of understanding technical characterictic of the present invention, content and advantage and can reach for the expensive juror of profit, hereby the present invention is coordinated to accompanying drawing, and be described in detail as follows with the expression-form of embodiment, and wherein used graphic, its purport is only the use of signal and aid illustration book, may not be true ratio after the invention process and precisely configuration, thus should be with regard to appended graphic ratio with configuration relation deciphering, limit the invention to the interest field in actual enforcement, close first chat bright.
Refer to Fig. 1, for preventing the schematic diagram of the system that the alert and resourceful data of enterprise leak on running gear of the present invention, wherein in enterprise, build access range locating device 100a, access range locating device 100b, access range locating device 100c, it is the wireless device apparatus building in enterprises, in order to define the accessible enterprise of alert and resourceful archives legal access scope 101, and receive access range locating device 100a by the locating device receiver module 210 on running gear 200, the wireless signal that access range locating device 100b and access range locating device 100c send, in the present embodiment, adopt wireless technology as radio communication purposes, with in this action device 200 during in indoor use, can obtain locating more accurately, above-mentioned wireless technology can be Wi-Fi, bluetooth, ZigBee, or Ultra Wide Band one of them but be not limited to this.And data location protection module 220, in order to check whether file data belongs to alert and resourceful data and whether this action device 200 is arranged in enterprise's legal access scope 101.In addition, on this action device 200, exist policy setting module 230 in order to record policy setting file, wherein the policy that the records setting file in this policy implementation module 230 at least comprises lower column data: alert and resourceful data characteristics definition, access range locating device record are set and enterprise's alert and resourceful data legal access scope is set, and wherein this alertness data characteristics at least comprises alert and resourceful data keyword and alert and resourceful data file feature.This action device 200 is downloaded alert and resourceful data to carry out the device of work for enterprise staff, can from the combination of intelligent mobile phone, panel computer and portable equipment, select arbitrarily one.
Refer to Fig. 2, for running gear inner module schematic diagram of the present invention, wherein above-mentioned data location protection module 220 includes archives monitoring module 221, data analysis module 222, policy implementation module 223, locating information computing module 224 and locating device and connects user interface 225.Wherein, this archives monitoring module 221, it is the API Hooking technology that uses general the art skill person widely to know, the archives breakdown action of application program on detecting this action device 200, and first suspend this archives breakdown action, transfer to data analysis module 222 to analyze this file data content again, in the time that data analysis module 222 these file datas of analysis can be let pass, this archives monitoring module 221 just can be replied the archives breakdown action of scripting utility, wherein, archives breakdown action for all files operation (as read or copy) of knowing this domain expert and understanding be bound to through file open event.Whether this data analysis module 222 can let pass in order to the file data breakdown action of analyzing archives monitoring module 221 and intercepting, this data analysis module 222 checks by policy implementation module 223 and locating information computing module 224 whether this file data comprises the locating information of alert and resourceful data and calculating this action device 200, if this file data does not comprise alert and resourceful data, be judged as and can let pass, if this file data report is containing alert and resourceful data, while needing locating information result of calculation to be less than or equal to enterprise's legal access scope 101 to set, just can be judged as and can let pass.This policy implementation module 223 is set in order to the policy that reads policy setting module 230.This locating information computing module 224 is in order to calculate the locating information of this action device 200 by locating device signal strength, wherein, this access range locating device signal strength calculates as utilizing login access range locating device 100a in advance, the signal strength of access range locating device 100b and access range locating device 100c and the access range locating device 100a searching at present, the signal strength of access range locating device 100b and access range locating device 100c positions calculating, and the algorithm of location Calculation is to adopt Euclidean distance distance measurement method, for example:
distance=sqrt((ss 1-ss′ 1) 2+(ss 2-ss′ 2) 2+(ss 3-ss′ 3) 2)
Wherein, (ss ' 1, ss ' 2, ss ' 3) represent the access range locating device 100a, the access range locating device 100b that search at present and the signal strength of access range locating device 100c, or other scalable methods.This locating device connects user interface 225 in order to when this action device 200 is first in the time that enterprise's legal access scope 101 is used, with access range locating device 100a, access range locating device 100b and access range locating device 100c connect setting, this connection is set will detect access range locating device 100a, the signal strength of access range locating device 100b and access range locating device 100c, by policy implementation module 223, this access range locating device is recorded to setting recording in policy setting module 230 again, using in future location Calculation as prior login access range locating device 100a, the signal strength information of access range locating device 100b and access range locating device 100c.In addition, in the present embodiment, this data analysis module 222 is carried time limit white list mechanism of control outside by archives, make enterprise staff can in during legally in restriction carry data use outside.
Refer to Fig. 3, for preventing the process flow diagram of the method that the alert and resourceful data of enterprise leak on running gear of the present invention, comprise following steps:
Step 301: in running gear 200 file opening data;
Step 302: locate the unlatching behavior of protection module 220 these file datas of monitoring by data, and analyze this file data content according to policy setting module 230;
Step 303: check whether this file data comprises alert and resourceful data characteristics;
Step 304: if file data meets alert and resourceful data characteristics, access range locating device 100a, access range locating device 100b and access range locating device 100c signal near searching;
Step 305: check and whether detect access range locating device signal;
Step 306: if detect access range locating device signal, read the record setting of access range locating device 100a, access range locating device 100b and access range locating device 100c in policy setting file;
Step 307: calculate this action device 200 current locating information by access range locating device signal strength;
Step 308: check that according to policy setting module 230 whether current locating information is in enterprise's legal access scope 101;
Step 309: if current locating information in enterprise's legal access scope 101, allows to open this file data in this action device 200;
Wherein, in step 303, if when this file data content does not comprise alert and resourceful data characteristics, be considered as non-alert and resourceful data, allow successful file opening data.Wherein, in step 305, if this action device 200 through detecting without any access range locating device signal, cannot file opening data (step 310).Wherein, in step 308, if this action device 200, through enterprise's alert and resourceful data legal access range check result of calculation, is greater than enterprise's legal access scope 101 while setting, cannot file opening data (step 310).
The System and method for that prevents that on running gear the alert and resourceful data of enterprise from leaking provided by the invention, while mutually comparing with other prior aries, advantage is in the time downloading the running gear of the alert and resourceful data of enterprise and take away enterprise or lost by employee along with employee, can whether calculate this action device in enterprise-wide by locating information, avoid these alertness data still can be unlocked and read or copy in enterprise-wide outward, reach and prevent the alert and resourceful data of enterprise leaking by running gear.
Above-listed detailed description is to be specifically described for possible embodiments of the present invention, and only this embodiment is not in order to limit the scope of the claims of the present invention, does not allly depart from the equivalence that skill spirit of the present invention does and implements or change, and all should be contained in the scope of the claims of this case.

Claims (4)

1. on running gear, prevent the system that the alert and resourceful data of enterprise leak, it is characterized in that, comprising:
A plurality of access range locating devices, are the close range being formed with a plurality of these access range locating devices, define the executable legal access scope of file data; And
Running gear, for save File data.
2. the system that prevents that on running gear the alert and resourceful data of enterprise from leaking according to claim 1, is characterized in that, this action device, comprising:
Locating device receiver module, the wireless signal sending for receiving a plurality of these access range locating devices;
Data location protection module, for judging whether file data and this action device are positioned at this legal access scope; And
Policy setting module, in order to record policy setting file, the characterizing definition that wherein policy setting file is file data, a plurality of this access range locating device and this legal access scope are set.
3. the system that prevents that on running gear the alert and resourceful data of enterprise from leaking according to claim 2, is characterized in that, this data location protection module, comprising:
Archives monitoring module, the breakdown action of the file data on detecting this action device;
Whether data analysis module, analyze the breakdown action of the file data that this archives monitoring module detects and can carry out;
Policy implementation module, the setting of reading this policy setting file;
Locating information computing module, the relative position between calculated complex this access range locating device and this action device; And
Locating device connects user interface, when this action device is first in the time that this legal access scope is used, connects setting with a plurality of these access range locating devices.
4. on running gear, prevent the method that the alert and resourceful data of enterprise leak, it is characterized in that, step is as follows:
Be located at the archives monitoring module in running gear, detecting this action device has the unlatching behavior of file data;
Be located at the data analysis module in this action device, analyze the content of this file data;
If this file data meets the feature of alert and resourceful data, search the signal of a plurality of access range locating devices, the close range that wherein a plurality of these access range locating devices form, defines the executable legal access scope of this file data;
If search the signal of a plurality of these access range locating devices, by the locating information computing module of being located in this action device, the relative position between calculated complex this access range locating device and this action device; And
If this action device is positioned at this legal access scope, allow to open this file data in this action device.
CN201410027775.8A 2013-10-02 2014-01-21 System and method for preventing enterprise sensitive data from leaking on mobile device Pending CN103810436A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
TW102135619A TW201514748A (en) 2013-10-02 2013-10-02 Business alert data leakage proofing system and method on mobile device
TW102135619 2013-10-02

Publications (1)

Publication Number Publication Date
CN103810436A true CN103810436A (en) 2014-05-21

Family

ID=50707187

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410027775.8A Pending CN103810436A (en) 2013-10-02 2014-01-21 System and method for preventing enterprise sensitive data from leaking on mobile device

Country Status (2)

Country Link
CN (1) CN103810436A (en)
TW (1) TW201514748A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201211823A (en) * 2010-09-15 2012-03-16 Apacer Technology Inc Location enabling storage device and method thereof
CN102404110A (en) * 2011-12-08 2012-04-04 宇龙计算机通信科技(深圳)有限公司 Method and device for obtaining keys
CN103383724A (en) * 2013-06-28 2013-11-06 记忆科技(深圳)有限公司 Storing device and data access authority management method thereof

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TW201211823A (en) * 2010-09-15 2012-03-16 Apacer Technology Inc Location enabling storage device and method thereof
CN102404110A (en) * 2011-12-08 2012-04-04 宇龙计算机通信科技(深圳)有限公司 Method and device for obtaining keys
CN103383724A (en) * 2013-06-28 2013-11-06 记忆科技(深圳)有限公司 Storing device and data access authority management method thereof

Also Published As

Publication number Publication date
TW201514748A (en) 2015-04-16

Similar Documents

Publication Publication Date Title
US10122747B2 (en) Response generation after distributed monitoring and evaluation of multiple devices
Theoharidou et al. A risk assessment method for smartphones
Mylonas et al. Smartphone forensics: A proactive investigation scheme for evidence acquisition
CN109660502A (en) Detection method, device, equipment and the storage medium of abnormal behaviour
US20130254880A1 (en) System and method for crowdsourcing of mobile application reputations
US9781143B1 (en) Systems and methods for detecting near field communication risks
US20090251318A1 (en) Anti-theft system of mobile device
US8683563B1 (en) Soft token posture assessment
CN108996411B (en) Tower crane safety inspection method and system based on RFID and Internet
CN113177205B (en) Malicious application detection system and method
CN109684863B (en) Data leakage prevention method, device, equipment and storage medium
US20160142916A1 (en) Data Stitching For Networked Automation
CN113486400A (en) Data leakage prevention method and device, electronic equipment and readable storage medium
CN104091119A (en) Mobile terminal as well as protection method and protection system of data in mobile terminal
CN104850797A (en) Device security management method and apparatus
CN110826094A (en) Information leakage monitoring method and device
US9521552B2 (en) Method and apparatus to use smart phones to securely and conveniently monitor intel pcs remotely
Bhardwaj et al. Sql injection attack detection, evidence collection, and notifying system using standard intrusion detection system in network forensics
KR101602480B1 (en) Illegal internet site filtering system and control method thereof, recording medium for performing the method
CN103810436A (en) System and method for preventing enterprise sensitive data from leaking on mobile device
CN105912934A (en) Anti-internal-crawling access control method oriented to data property right protection
CN115600201A (en) User account information safety processing method for power grid system software
Zeybek et al. A study on security awareness in mobile devices
KR101633490B1 (en) Apparatus and Method for User Interface to Check Details of Sensitive Data Usage on Mobile Device
KR101975287B1 (en) Internal data leakage prevention Smartphone operation control security system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20140521