CN115134172B - Automatic configuration system and method for transparent encryption and decryption of terminal file - Google Patents

Automatic configuration system and method for transparent encryption and decryption of terminal file Download PDF

Info

Publication number
CN115134172B
CN115134172B CN202211050497.9A CN202211050497A CN115134172B CN 115134172 B CN115134172 B CN 115134172B CN 202211050497 A CN202211050497 A CN 202211050497A CN 115134172 B CN115134172 B CN 115134172B
Authority
CN
China
Prior art keywords
strategy
software
policy
decryption
transparent encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211050497.9A
Other languages
Chinese (zh)
Other versions
CN115134172A (en
Inventor
崔培升
桂升
郑彪
宋春岭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Original Assignee
BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD filed Critical BEIJING ESAFENET TECHNOLOGY DEVELOPMENT CO LTD
Priority to CN202211050497.9A priority Critical patent/CN115134172B/en
Publication of CN115134172A publication Critical patent/CN115134172A/en
Application granted granted Critical
Publication of CN115134172B publication Critical patent/CN115134172B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/084Configuration by using pre-existing information, e.g. using templates or copying from other elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0893Assignment of logical groups to network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of data security, and discloses an automatic configuration system and a method for transparent encryption and decryption of a terminal file, wherein the system comprises a terminal device, a strategy issuing server and a strategy configuration server; the terminal equipment is used for acquiring client software information and sending the client software information to the strategy issuing server, receiving the transparent encryption and decryption strategy and executing transparent encryption and decryption operation on the terminal file; the strategy issuing server is used for receiving the software information reported by the terminal equipment, forming software list information and uploading the software list information to the strategy configuration server; analyzing the strategy requirement file to obtain a transparent encryption and decryption strategy, and sending the transparent encryption and decryption strategy to the terminal equipment; the strategy configuration server is used for matching a corresponding transparent encryption and decryption strategy in the strategy library for each software to form a strategy requirement file and sending the strategy requirement file to the strategy issuing server. The invention does not need manual form work, is not easy to make mistakes, and has simple implementation operation and high implementation efficiency.

Description

Automatic configuration system and method for transparent encryption and decryption of terminal file
Technical Field
The invention relates to the technical field of data security, in particular to an automatic configuration system and method for transparent encryption and decryption of a terminal file.
Background
In the data security industry, the encryption and decryption process is automatically completed aiming at the terminal file, and a technology that an operation user manually executes an encryption and decryption command is not needed, which is called as a transparent encryption and decryption technology. For example, the chinese patent application with publication number CN114239017A discloses a transparent encryption and decryption method for a window system file, which encrypts the file content to form a ciphertext and transmits the ciphertext to a user side, monitors an operation function of the user side to form a plaintext, and then forms the ciphertext.
In the prior art, each client software project needs to investigate the requirement of client protection software through a manual form, and engineering implementers themselves are relied on to capture associated processes and associated files in the software running process by using process monitoring software, so as to configure a software encryption control strategy. The strategy configuration process in the prior art has high requirements on the skills of engineering technicians, a large amount of manual form work exists, repeated labor is easy to make mistakes, the strategy configuration implementation operation is difficult, and the implementation efficiency is influenced.
Disclosure of Invention
In view of the above-mentioned drawbacks and deficiencies of the prior art, the present invention provides an automatic configuration system and method for transparent encryption and decryption of a terminal file, which can solve all or part of the above-mentioned technical problems.
In a first aspect of the present invention, an automatic configuration system for transparently encrypting and decrypting a terminal file is provided, which includes:
terminal equipment, a strategy issuing server and a strategy configuration server, wherein,
the terminal equipment is used for periodically acquiring client software information, sending the client software information to the strategy issuing server, receiving a transparent encryption and decryption strategy issued by the strategy issuing server, and executing transparent encryption and decryption operation on the association process and the association file of the client software according to the transparent encryption and decryption strategy;
the strategy issuing server is used for receiving the software information periodically reported by the terminal equipment, marking each piece of software information according to the software name and the software version to form software list information needing to execute transparent encryption and decryption operation, and uploading the software list information to the strategy configuration server; analyzing the strategy requirement file sent by the strategy configuration server to obtain a transparent encryption and decryption strategy, and sending the transparent encryption and decryption strategy to the terminal equipment;
and the strategy configuration server is used for matching a corresponding transparent encryption and decryption strategy in the strategy library for each type of software in the software list information according to the strategy requirement of the client, forming a strategy requirement file containing a software name, a software version, an associated process, an associated file and the transparent encryption and decryption strategy, and sending the strategy requirement file to the strategy issuing server.
Further, the policy configuration server is further configured to:
and filtering the software list information reported from the strategy issuing server to filter the software information which does not need to be subjected to transparent encryption and decryption operation.
Further, the policy configuration server is further configured to:
judging whether a strong association strategy matched with the software name and the software version in the software list information exists in the strategy library, if so, matching the strong association strategy for the software version; the strong association policy comprises an association process and an association file of the software, and a direct mapping relation exists between the software name, the software version and the strong association policy of the software;
otherwise, judging whether a weak association strategy matched with the software name and the software version exists in the strategy library, if so, matching the weak association strategy for the software version, and establishing a strong association strategy matched with the software name and the software version in the strategy library; the weak association policy is a policy in which a mapping relationship exists between other software having the same software name and a different software version.
Further, if a strong association policy and a weak association policy which are matched with the software name and the software version in the software list information do not exist in the policy library, a new policy is generated in the policy library, an association process and an association file which correspond to the software name and the software version are configured for the new policy, and the new policy is stored as the strong association policy.
Further, the policy configuration server is further configured to:
and constructing the strategy library according to the software name, the software version, the associated process and the associated file of the software in the software list information, and adding a strategy containing the corresponding associated process and the associated file according to the iterative upgrade of the software version.
The second aspect of the present invention also provides an automatic configuration method for transparent encryption and decryption of a terminal file, including:
the terminal equipment periodically acquires software information of the client and sends the software information to the strategy issuing server;
the strategy issuing server receives software information periodically reported by the terminal equipment, marks each piece of software information according to the software name and the software version to form software list information needing to execute transparent encryption and decryption operation, and uploads the software list information to the strategy configuration server;
the strategy configuration server matches a corresponding transparent encryption and decryption strategy in a strategy library for each type of software in the software list information according to the strategy requirement of the client, forms a strategy requirement file containing a software name, a software version, an associated process, an associated file and the transparent encryption and decryption strategy, and sends the strategy requirement file to the strategy issuing server;
the strategy issuing server analyzes the strategy requirement file sent by the strategy configuration server to obtain a transparent encryption and decryption strategy, and issues the transparent encryption and decryption strategy to the terminal equipment;
and the terminal equipment receives the transparent encryption and decryption strategy issued by the strategy issuing server and executes transparent encryption and decryption operation on the associated process and the associated file of the client software according to the transparent encryption and decryption strategy.
Further, the method also comprises the following steps: the strategy configuration server filters the software list information reported from the strategy issuing server, and filters the software information which does not need transparent encryption and decryption operation.
Further, the method also comprises the following steps: the strategy configuration server judges whether a strong association strategy matched with the software name and the software version in the software list information exists in the strategy library, if so, the strong association strategy is matched for the software version; the strong association policy comprises an association process and an association file of the software, and a direct mapping relation exists among the software name, the software version and the strong association policy of the software;
otherwise, judging whether a weak association strategy matched with the software name and the software version exists in the strategy library, if so, matching the weak association strategy for the software version, and establishing a strong association strategy matched with the software name and the software version in the strategy library; the weak association policy is a policy in which a mapping relationship exists between other software having the same software name and a different software version.
Further, the policy configuration server further performs the following steps:
if the strong association strategy and the weak association strategy which are matched with the software name and the software version in the software list information do not exist in the strategy library, a newly added strategy is generated in the strategy library, an association process and an association file which correspond to the software name and the software version are configured for the newly added strategy, and the newly added strategy is stored as the strong association strategy.
Further, the method also comprises the following steps: and the strategy configuration server builds a strategy library according to the software name, the software version, the associated process and the associated file of the software in the software list information, and adds a strategy containing the corresponding associated process and the associated file according to the iterative upgrade of the software version.
The automatic configuration system and the method for transparent encryption and decryption of the terminal file, provided by the invention, realize automatic acquisition and identification of client software information and automatic configuration of a transparent encryption and decryption strategy of the client software, do not need manual form work of engineering technicians, are not easy to make mistakes, are simple to implement and operate, and have higher implementation efficiency.
Drawings
Other features, objects and advantages of the present invention will become more apparent upon reading of the detailed description of non-limiting embodiments thereof, made with reference to the following drawings:
fig. 1 is a schematic structural diagram of an automatic configuration system for transparent encryption and decryption of a terminal file according to an embodiment of the present invention;
FIG. 2 is a logic flow diagram of an automatic configuration method for transparent encryption and decryption of a terminal file according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating an automatic configuration method for transparently encrypting and decrypting a terminal file according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terminology used in the embodiments of the invention is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the description of the invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
It should be understood that although the terms first, second, third, etc. may be used to describe the acquisition modules in embodiments of the present invention, these acquisition modules should not be limited to these terms. These terms are used only to distinguish acquisition modules from one another.
The word "if" as used herein may be interpreted as "at 8230; \8230;" or "when 8230; \8230;" or "in response to a determination" or "in response to a detection", depending on the context. Similarly, the phrases "if determined" or "if detected (a stated condition or event)" may be interpreted as "when determined" or "in response to a determination" or "when detected (a stated condition or event)" or "in response to a detection (a stated condition or event)", depending on the context.
It should be noted that the terms "upper," "lower," "left," "right," and the like used in the description of the embodiments of the present invention are illustrated in the drawings, and should not be construed as limiting the embodiments of the present invention. In addition, in this context, it is also to be understood that when an element is referred to as being "on" or "under" another element, it can be directly formed on "or" under "the other element or be indirectly formed on" or "under" the other element through an intermediate element.
Referring to fig. 1, an embodiment of the present invention provides an automatic configuration system 100 for transparent encryption and decryption of a terminal file, which includes one or more terminal apparatuses 101, one or more policy issuing servers 102, and one or more policy configuration servers 103, which are communicatively connected to each other.
The terminal device 101 of the present embodiment includes, but is not limited to, mobile terminals such as smart phones, notebook computers, digital broadcast receivers, PDA personal digital assistants, PAD tablets, PMP portable multimedia players, in-vehicle terminals, wearable electronic devices, and the like, and stationary terminals such as digital TVs, desktop computers, smart home devices, and the like. Typically, one or more client software is installed on the terminal device 101.
The policy issuing server 102 and the policy configuration server 103 in this embodiment may be ordinary servers, or may be cluster servers that are deployed in a clustering manner to solve a large-scale client scenario. The policy issuing server 102 may issue the policy to the client of the terminal device 101 as needed, and complete information push of the transparent encryption and decryption policy software. The policy configuration server 103 is used for maintaining a unified software policy base, and recording standard policies of the software and its corresponding associated processes and associated files.
The functions and actions of the devices in the system of the present embodiment are described in detail below.
1. Terminal device 101
The one or more terminal devices 101 are configured to periodically collect software information installed on the client (the client software includes but is not limited to Office software, CAD software, programming software, and the like), periodically send the software information to the policy issuing server 102, receive a transparent encryption and decryption policy issued by the policy issuing server 102, and perform a transparent encryption and decryption operation on an associated process and an associated file of the client software according to the transparent encryption and decryption policy.
Further, the software information includes, but is not limited to, a software name, a software version, an associated process, and an associated file. It should be noted that the associated processes in this embodiment refer to all processes that may be started by the system when the client runs through a piece of software. The associated file of the embodiment refers to all files that may be involved when a piece of software runs on a client.
Taking office word software as an example, the related processes include:
". DOC |. DOT |. MHT |. ASD |. WBK |. AS |. RTF |. GIF |. PNG |. JPG |. JPEG |. TIF |. BMP |. WMF |. EMF |. HTML |. HTM, etc.
Taking office word software as an example, the related associated files include:
"WINWORD. EXE. ACROBAT. EXE. ACORD 32. EXE. ACRODIIST. EXE. ACROBELEEMENTS. EXE. MSPVIEW. EXE. FOXITR. 1. EXE. FOXITREADER. EXE. WORDCONV et al".
2. Policy issuing server 102
One or more policy issuing servers 102, configured to receive software information periodically reported by the terminal device 101, mark each piece of software information according to a software name and a software version to form software list information that needs to perform a transparent encryption/decryption operation, and upload the software list information to the policy configuration server 103; and analyzing the policy requirement file sent by the policy configuration server 103 to obtain a transparent encryption and decryption policy, and sending the transparent encryption and decryption policy to the terminal equipment 101. Therefore, the policy issuing server 102 is in communication with both the terminal device 101 and the policy configuration server 103, and is used for uploading collected software information and issuing transparent encryption and decryption task data.
Further, the software manifest information includes information such as a software name, a software version, an associated process, and an associated file of software for performing the transparent encryption and decryption operation. The transparent encryption and decryption policy is obtained by the policy issuing server 102 analyzing the encrypted policy requirement file, and the transparent encryption and decryption policy at least includes an associated process, an associated file and a transparent encryption and decryption action.
3. Policy configuration server 103
The policy configuration server 103 is configured to match a corresponding transparent encryption and decryption policy in the policy library for each software in the software list information according to the policy requirement of the client software, form a policy requirement file containing a software name, a software version, an associated process, an associated file, and a transparent encryption and decryption policy, and send the policy requirement file to the policy issuing server 102.
Specifically, the policy configuration server 103 maintains a unified software policy library, and records transparent encryption and decryption policies corresponding to the software and the associated processes and associated files thereof. The strategy library is constructed according to the software name, the software version, the associated process and the associated file of the software in the software list information, and a strategy containing the corresponding associated process and the associated file is newly added according to the iterative upgrade of the software version.
More preferably, the policy configuration server 103 is further configured to perform a filtering operation on the software list information reported from the policy issuing server 102, and filter a series of software information that does not need to perform a transparent encryption/decryption operation, such as a system patch.
Further, the logic of the policy configuration server 103 matching the transparent encryption and decryption policy in the policy repository for each software of the client is as follows:
(1) Strong association relation
If the software name and the software version of the software in the software list information can correspond to a certain policy in the policy library, and the policy not only includes the associated file and the associated process information corresponding to the policy, but also includes the mapping relationship established between the software name and the software version and the policy, the policy is a strong association policy with a strong association relationship.
For example: the prior software project configures a policy P for the software version a 1.0 in the policy configuration server 103, so that the policy P not only includes the associated file and the associated process of the software version a 1.0, but also includes the mapping relationship between the software version a 1.0 and the policy P. Then, as long as all subsequent imported client policy requirements include the software version a 1.0, a strong association relationship is established between the software version a 1.0 and the policy P, and the policy configuration server 103 automatically configures the software with the strong association policy P.
(2) Weak association relation
If the software name and software version of the software on the software list information cannot correspond to a certain policy of the policy repository, but another piece of software information with the same software name and different software version as the software can correspond to a certain policy of the policy repository of the policy configuration server 103. The policy is a weak association policy with weak association.
For example: the prior software project is the version A software 1.0, a policy P is configured on the policy configuration server 103, the policy requirement of the subsequent project import includes the version A software 2.0, but the version A software 2.0 does not have a strong association policy on the policy configuration server 103, a weak association relation is established between the version A software 2.0 and the policy P corresponding to the version A software 1.0, and the policy P is the weak association policy of the version A software 2.0.
Specifically, firstly, the policy configuration server 103 checks whether the software has a strong association relationship in the policy repository, and if so, automatically matches the strong association policy for the software, and completes the configuration of the software policy;
however, if there is no strong association, the policy configuration server 103 checks whether there is a weak association in the policy repository for the software, and if so, the policy configuration server 103 provides a way of merging into the weak association policy to complete iterative upgrade of a single policy, thereby avoiding a situation that corresponding policies of the same software and different software versions are disordered.
For example: a strategy P is configured on a strategy configuration server 103 for the 1.0 version of the software A of a certain software item, the strategy requirement introduced by the subsequent item comprises the 2.0 version of the software A, in the process of carrying out strategy configuration on the software of the version, a new P2 strategy is not allowed to be configured for the 2.0 version of the software A again, but the associated file and the associated process of the weak associated strategy P are required to be displayed through merging operation, the version change adjustment is carried out on the basis to meet the iterative upgrade requirement of the strategy, and meanwhile, the strong association relationship between the 2.0 version of the software A and the strategy P is established to accumulate a strategy library.
And finally, if the strong association relation and the weak association relation do not exist, adding a new strategy, and simultaneously establishing the strong association relation to accumulate a strategy library.
For example: the policy requirement of a certain software project includes the version 1.0 of the software a, but the policy configuration server 103 does not have a weak association policy or a strong association policy of the software, so the software cannot automatically configure the policy, cannot be merged into the existing policy according to the weak association policy, and only can actively configure the software association process and association type in the policy configuration process, and generate the strong association policy of the version 1.0 of the software a after storage.
The automatic configuration system 100 for transparent encryption and decryption of terminal files in the embodiment can automatically acquire and identify client software information, automatically configure a transparent encryption and decryption strategy of client software, do not need manual form work of engineering technicians, are not prone to errors, and are simple to implement and operate and high in implementation efficiency.
Referring to fig. 2, another embodiment of the present invention further provides an automatic configuration method for transparent encryption and decryption of a terminal file, where an execution main body of the method includes a terminal device 101, a policy issuing server 102, and a policy configuration server 103, and the automatic configuration of transparent encryption and decryption of an associated process and an associated file of client software is implemented through data interaction among the three. The method specifically comprises the following steps:
step S101, terminal equipment periodically acquires software information of a client and sends the software information to a strategy issuing server;
step S102, a strategy issuing server receives software information periodically reported by a terminal device, marks each piece of software information according to a software name and a software version to form software list information needing to execute transparent encryption and decryption operation, and uploads the software list information to a strategy configuration server;
step S103, the strategy configuration server matches a corresponding transparent encryption and decryption strategy in a strategy library for each software in the software list information according to the strategy requirement of the client, forms a strategy requirement file containing a software name, a software version, an associated process, an associated file and a transparent encryption and decryption strategy, and sends the strategy requirement file to a strategy issuing server;
step S104, the strategy issuing server analyzes the strategy requirement file sent by the strategy configuration server to obtain a transparent encryption and decryption strategy, and issues the transparent encryption and decryption strategy to the terminal equipment;
and step S105, the terminal equipment receives the transparent encryption and decryption strategy issued by the strategy issuing server, and executes transparent encryption and decryption operation on the associated process and the associated file of the client software according to the transparent encryption and decryption strategy.
Further, step S1031 is also included: the strategy configuration server filters the software list information reported from the strategy issuing server, and filters the software information which does not need transparent encryption and decryption operation.
Further, the method further includes step S1032: the strategy configuration server judges whether a strong association strategy matched with the software name and the software version in the software list information exists in the strategy base, if so, the strong association strategy is matched with the software version; the strong association policy comprises an association process and an association file of the software, and a direct mapping relation exists among the software name, the software version and the strong association policy of the software;
otherwise, judging whether a weak association strategy matched with the software name and the software version exists in the strategy library, if so, matching the weak association strategy for the software version, and establishing a strong association strategy matched with the software name and the software version in the strategy library; the weak association policy is a policy in which a mapping relationship exists between other software having the same software name and a different software version.
Further, the policy configuration server executes the following step S1033:
if the strategy base does not have a strong association strategy and a weak association strategy which are matched with the software name and the software version in the software list information, a new strategy is generated in the strategy base, an association process and an association file which correspond to the software name and the software version are configured for the new strategy, and the new strategy is stored as the strong association strategy.
Further, the method also comprises the following steps: the strategy configuration server builds a strategy library according to the software name, the software version, the associated process and the associated file of the software in the software list information, and adds a strategy containing the corresponding associated process and the associated file according to the iterative upgrade of the software version.
The steps of the embodiment of the method are completely consistent with the functions realized by the parts of the embodiment of the device, the technical scheme corresponding to the embodiment of the device can be used for executing the embodiment of the method, the realization principles and technical effects of the steps and the technical scheme are basically the same, and the description is omitted here.
The above description is that of the preferred embodiment of the invention only. It will be appreciated by those skilled in the art that the scope of the disclosure herein is not limited to the particular combination of features described above, but also encompasses other embodiments in which any combination of the features described above or their equivalents is encompassed without departing from the spirit of the disclosure. For example, the above features and (but not limited to) features having similar functions disclosed in the present invention are mutually replaced to form the technical solution.

Claims (10)

1. An automatic configuration system for transparent encryption and decryption of terminal files is characterized by comprising terminal equipment, a strategy issuing server and a strategy configuration server, wherein,
the terminal equipment is used for periodically acquiring client software information, sending the client software information to the strategy issuing server, receiving a transparent encryption and decryption strategy issued by the strategy issuing server, and executing transparent encryption and decryption operation on an associated process and an associated file of the client software according to the transparent encryption and decryption strategy;
the policy issuing server is used for receiving the software information periodically reported by the terminal equipment, marking each piece of software information according to the software name and the software version to form software list information needing to execute transparent encryption and decryption operation, and uploading the software list information to the policy configuration server; analyzing the strategy requirement file sent by the strategy configuration server to obtain a transparent encryption and decryption strategy, and sending the transparent encryption and decryption strategy to the terminal equipment;
and the policy configuration server is used for matching a corresponding transparent encryption and decryption policy for each software in the software list information in a policy library according to the policy requirement of the client, forming a policy requirement file containing a software name, a software version, an associated process, an associated file and a transparent encryption and decryption policy, and sending the policy requirement file to the policy issuing server.
2. The system according to claim 1, wherein the policy configuration server is further configured to:
and filtering the software list information reported from the strategy issuing server to filter the software information which does not need to be subjected to transparent encryption and decryption operation.
3. The system according to claim 1, wherein the policy configuration server is further configured to:
judging whether a strong association strategy matched with the software name and the software version in the software list information exists in the strategy library, if so, matching the strong association strategy for the software version; the strong association policy comprises an association process and an association file of the software, and a direct mapping relation exists among the software name, the software version and the strong association policy of the software;
otherwise, judging whether a weak association strategy matched with the software name and the software version exists in the strategy library, if so, matching the weak association strategy for the software version, and establishing a strong association strategy matched with the software name and the software version in the strategy library; the weak association policy is a policy that has a mapping relationship with other software with the same software name and different software versions.
4. An automatic configuration system for transparent encryption and decryption of terminal files according to claim 3,
if the strong association strategy and the weak association strategy which are matched with the software name and the software version in the software list information do not exist in the strategy library, a newly added strategy is generated in the strategy library, an association process and an association file which correspond to the software name and the software version are configured for the newly added strategy, and the newly added strategy is stored as the strong association strategy.
5. The system of claim 1, wherein the policy configuration server is further configured to:
and constructing a strategy library according to the software name, the software version, the associated process and the associated file of the software in the software list information, and adding a strategy containing the corresponding associated process and the associated file according to the iterative upgrade of the software version.
6. An automatic configuration method for transparent encryption and decryption of terminal files is characterized by comprising the following steps:
the terminal equipment periodically acquires software information of the client and sends the software information to the strategy issuing server;
the strategy issuing server receives the software information periodically reported by the terminal equipment, marks each piece of software information according to the software name and the software version to form software list information needing to execute transparent encryption and decryption operation, and uploads the software list information to the strategy configuration server;
the strategy configuration server matches a corresponding transparent encryption and decryption strategy in a strategy library for each type of software in the software list information according to the strategy requirement of the client, forms a strategy requirement file containing a software name, a software version, an associated process, an associated file and a transparent encryption and decryption strategy, and sends the strategy requirement file to the strategy issuing server;
the strategy issuing server analyzes the strategy requirement file sent by the strategy configuration server to obtain a transparent encryption and decryption strategy, and issues the transparent encryption and decryption strategy to the terminal equipment;
and the terminal equipment receives the transparent encryption and decryption strategy issued by the strategy issuing server and executes transparent encryption and decryption operation on the associated process and the associated file of the client software according to the transparent encryption and decryption strategy.
7. The method of claim 6, further comprising:
and the strategy configuration server carries out filtering operation on the software list information reported from the strategy issuing server and filters the software information which does not need to carry out transparent encryption and decryption operation.
8. The method of claim 6, further comprising:
the strategy configuration server judges whether a strong association strategy matched with the software name and the software version in the software list information exists in a strategy library, if so, the strong association strategy is matched for the software version; the strong association policy comprises an association process and an association file of the software, and a direct mapping relation exists between the software name, the software version and the strong association policy of the software;
otherwise, judging whether a weak association strategy matched with the software name and the software version exists in the strategy library, if so, matching the weak association strategy for the software version, and establishing a strong association strategy matched with the software name and the software version in the strategy library; the weak association policy is a policy that has a mapping relationship with other software with the same software name and different software versions.
9. The method according to claim 8, wherein the policy configuration server further performs the following steps:
if the strong association strategy and the weak association strategy which are matched with the software name and the software version in the software list information do not exist in the strategy library, a newly added strategy is generated in the strategy library, an association process and an association file which correspond to the software name and the software version are configured for the newly added strategy, and the newly added strategy is stored as the strong association strategy.
10. The method of claim 6, further comprising:
and the strategy configuration server constructs a strategy library according to the software name, the software version, the associated process and the associated file of the software in the software list information, and adds a strategy containing the corresponding associated process and the associated file according to the iterative upgrade of the software version.
CN202211050497.9A 2022-08-30 2022-08-30 Automatic configuration system and method for transparent encryption and decryption of terminal file Active CN115134172B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211050497.9A CN115134172B (en) 2022-08-30 2022-08-30 Automatic configuration system and method for transparent encryption and decryption of terminal file

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211050497.9A CN115134172B (en) 2022-08-30 2022-08-30 Automatic configuration system and method for transparent encryption and decryption of terminal file

Publications (2)

Publication Number Publication Date
CN115134172A CN115134172A (en) 2022-09-30
CN115134172B true CN115134172B (en) 2022-11-25

Family

ID=83387047

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211050497.9A Active CN115134172B (en) 2022-08-30 2022-08-30 Automatic configuration system and method for transparent encryption and decryption of terminal file

Country Status (1)

Country Link
CN (1) CN115134172B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008102702A (en) * 2006-10-18 2008-05-01 Hitachi Software Eng Co Ltd Security management system
CN105656860A (en) * 2014-11-20 2016-06-08 中兴通讯股份有限公司 Safety management and control method, apparatus and system for Android system
CN112307441A (en) * 2020-10-13 2021-02-02 洛阳理工学院 Computer software protection system
CN114357423A (en) * 2021-12-20 2022-04-15 国家电网有限公司 Data security management system based on transparent encryption, computer equipment and terminal

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100146582A1 (en) * 2008-12-04 2010-06-10 Dell Products L.P. Encryption management in an information handling system
US9563771B2 (en) * 2014-01-22 2017-02-07 Object Security LTD Automated and adaptive model-driven security system and method for operating the same
CN104881606B (en) * 2015-04-30 2017-12-26 天津大学 Software security requirement acquisition method based on Formal Modeling

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2008102702A (en) * 2006-10-18 2008-05-01 Hitachi Software Eng Co Ltd Security management system
CN105656860A (en) * 2014-11-20 2016-06-08 中兴通讯股份有限公司 Safety management and control method, apparatus and system for Android system
CN112307441A (en) * 2020-10-13 2021-02-02 洛阳理工学院 Computer software protection system
CN114357423A (en) * 2021-12-20 2022-04-15 国家电网有限公司 Data security management system based on transparent encryption, computer equipment and terminal

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
iOS文件系统加密保护策略研究;周国淼等;《信息工程大学学报》;20190815(第04期);全文 *

Also Published As

Publication number Publication date
CN115134172A (en) 2022-09-30

Similar Documents

Publication Publication Date Title
US10248414B2 (en) System and method for determining component version compatibility across a device ecosystem
EP2682863B1 (en) Installing applications remotely
US10616254B2 (en) Data stream surveillance, intelligence and reporting
JP5672491B2 (en) Information processing apparatus and method, and log collection system
CN102306256A (en) The file that obtains is carried out the prestige inspection
CN110932918B (en) Log data acquisition method and device and storage medium
CN111241559A (en) Training model protection method, device, system, equipment and computer storage medium
Wu et al. Efficient fingerprinting-based android device identification with zero-permission identifiers
CN107341025A (en) Using update method and device
CN111800292B (en) Early warning method and device based on historical flow, computer equipment and storage medium
CN103425501A (en) Application installation method, client, server side and system
CN111371889A (en) Message processing method and device, Internet of things system and storage medium
CN114239029A (en) System log safety processing method, device, equipment and storage medium
CN115134172B (en) Automatic configuration system and method for transparent encryption and decryption of terminal file
CN104125328A (en) Message processing method, message processing device and mobile terminal
CN112181794A (en) Page monitoring method and device, computer equipment and storage medium
CN111177536A (en) Method and device for transmitting customized information to unregistered user based on device fingerprint and electronic device
CN111767262A (en) Log display method, device, equipment and storage medium
CN111427917A (en) Search data processing method and related product
CN106250437A (en) A kind of electronic monitoring front end data acquisition method and system
CN111538666B (en) Method, device, computer equipment and storage medium for collecting test results in batches
CN109040990B (en) Information acquisition method and device, computer equipment and storage medium
US20170039273A1 (en) System and method for generating a customized singular activity stream
CN102546769A (en) Method for automatically transmitting files of USB (universal serial bus) flash disk of user based on Telnet protocol
CN112416875A (en) Log management method and device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant