CN100476750C - System and method for monitoring and registering computer activity - Google Patents
System and method for monitoring and registering computer activity Download PDFInfo
- Publication number
- CN100476750C CN100476750C CNB031293522A CN03129352A CN100476750C CN 100476750 C CN100476750 C CN 100476750C CN B031293522 A CNB031293522 A CN B031293522A CN 03129352 A CN03129352 A CN 03129352A CN 100476750 C CN100476750 C CN 100476750C
- Authority
- CN
- China
- Prior art keywords
- computer
- certificate
- policy
- record
- digital
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
This invention discloses a kind of computer action monitoring recording system and method. The method records the action on the computer, which with digital certificate that comprises several policy articles. The steps comprise: (1) verifying digital certificate; (2) executing a set action that recorded in the computer. The said action is specified by the policy articles. The said system comprises a set of recording program that operated in computer, and a set of processing program that operated in another computer. The system can realize the monitoring and recording of computer action by the said method. The invention utilizes the digital certificate that comprises several policy articles and public key of administrator. It provides the guarantee of trust between 'the computer and computer user whose action is recorded and managed' and 'the administrator which manages the monitoring and recording system.' It also can increase the security of computer information.
Description
Technical field
The present invention relates to a kind of software and hardware and combine and use the computer system and the method for particular key or algorithm, particularly relate to a kind of computer activity monitoring and recording system and method for using particular key or algorithm.
Running computer monitoring and logging software are used for the activity of carrying out in this computing machine is monitored and record in real time in a computing machine.This software can the user on keyboard keystroke action, the motion of mouse and pressing on mouse button are hit action, and the visit that file is carried out is between program and the communication of carrying out on the net, the website of being visited is all noted the collection of the figure on the display screen or the like.These data of noting can by network real-time pass to other computing machine, perhaps preserve hereof and handle for another software.In some applications, monitoring may move in confidence with logging software, and the user does not discover, thereby usually is called as " spyware ".Employer can utilize this software to follow the tracks of their employee's production, work efficiency nearly; The children that the heads of a family also can guard them with it are in the activity on the Internet; Company then can supervise the working condition of computing machine, server and gateway in their computer network with it.Yet traditional monitoring and logging software have the following shortcoming, thereby have hindered its widespread use: for example, 1. when using it to supervise employee movable, destroyed employee's privacy and trust.Employees do not make clear it is who is disposing and managing this cover software; Which data about them of also not understanding has been recorded, and whom has can handle or examine closely these data again.Even if employees can see the policy document of announcing to everybody, scope and the rule of monitoring with record has been described, but employees still can suspect, do not know that can these policy documents really obtain carrying out, can not be sure of that these data of noting can not abused by unrelated person.2. employer's authenticity of the data noted that is uncertain about, the software of the master-hand among the employee or third party's exploitation might be distorted the data noted (deletion, add or replace), also may just prevent that some data from going on record from the source.3. the data of being noted may be stolen, and is is perhaps intercepted and captured also by the third party and illegally uses.
Summary of the invention
The objective of the invention is to overcome disadvantages associated that existing computer activity monitoring and register system exist, provide a kind of and can improve the trust between computer user and the monitoring management personnel and the computer activity monitoring and recording system and the method for the monitored computer information safe of raising.
To achieve these goals, the technical scheme that the present invention takes: a kind of computer activity monitoring record method, described method write down its activity on the computing machine that has the digital certificate that comprises some policy clauses, its step comprises:
(1) digital certificate is verified;
(2) execution comprises a whole set of action that is recorded in the activity of carrying out on this computing machine, and this cover action is stipulated by an aforesaid cover policy clause.
The cover handling procedure that a kind of computer activity monitoring and recording system is included in a cover logging program that moves on certain computing machine and moves on another computing machine; Described logging program has a digital certificate, comprise some policy clauses in the certificate, and described logging program comprises:
(1) certification authentication module is used for digital certificate is verified, accepts or refusal with decision;
(2) logging modles are used to carry out a cover action, wherein comprise the record activity, produce some described those movable recording data blocks that comprise, and a described cover moves and comprises that the record activity is by above-mentioned policy clause defined;
Described handling procedure comprises a processing module, is used for handling the described activity of writing down at described those recording data blocks.
Beneficial effect of the present invention is, the invention provides a kind of reliable computer activity supervision, register system and method, the present invention utilizes content to comprise the digital certificate of some policies and gerentocratic PKI, and the assurance of mutual trust is provided between " computing machine that its activity is recorded and manages or computer user " and " managing the supvr of this supervision and register system ".The record of computer activity and other running are to carry out according to the policy clause in the certificate, and the PKI that provides in the certificate of utility is encrypted the data of noting, can also further utilize computing machine or computer user's private key to add digital signature to recorded data, therefore increase the security of information on the computing machine.
Description of drawings
Fig. 1 is the synoptic diagram that embodies " logging program " of a specific implementation of the present invention;
Fig. 2 is the synoptic diagram that embodies " handling procedure " of a specific implementation of the present invention;
Fig. 3 is the synoptic diagram of a policy certificate of described " logging program " use;
Fig. 4 is the synoptic diagram of 5 policy examples;
Fig. 5 is the processing flow chart of described " logging program ";
Fig. 6 is the data encrypted flow diagram that described " logging program " produces;
Fig. 7 is the processing flow chart of described " handling procedure ";
Fig. 8 is the structural drawing that contains " logging program " of " the user's signature generation module " that provide according to another realization of the present invention;
Fig. 9 is the structural drawing that contains " handling procedure " of " the user's signature generation module " that provide according to another realization of the present invention;
Figure 10 is the processing flow chart of described " user's signature generation module ";
Figure 11 is the processing flow chart of described " user's signature authentication module ".
Embodiment
Below in conjunction with each accompanying drawing, the present invention is described in further detail: a kind of computer activity monitoring record method, described method write down its activity on the computing machine that has the digital certificate that comprises some policy clauses, its step comprises:
(1) digital certificate is verified;
(2) execution comprises a whole set of action that is recorded in the activity of carrying out on this computing machine, and this cover action is stipulated by an aforesaid cover policy clause.
Contain a PKI in the described digital certificate, and,
(1) some recording data blocks of described those activities have been write down in generation;
(2) utilizing described PKI that those mentioned recording data blocks are encrypted becomes a data stream that contains many encrypted data block, and these encrypted data block will utilize the private key that matches with this PKI to decipher on an other computing machine.
Described data stream is gone by any being sent in the described other computing machine in following three kinds of methods:
(1) sends by computer network;
(2) send by communication network;
(3) send by storage medium.
Described computing machine has a certain user's private key, and, utilize described private key, for described those encrypted data block produce the number of digital signature, these digital signature and described some encrypted data block will be utilized on a described other computing machine with the PKI of described private key for user pairing and verify.
Described computing machine has a certain user's a private key, and described method further comprises:
(1) produces the some recording data blocks that comprise described activity;
(2) utilize described private key, for described some recording data blocks produce the number of digital signature, described number of digital signature and some recording data blocks will utilize on an other computing machine with the PKI of described private key for user pairing and verify.
Described digital certificate contains a digital signature, describedly digital certificate is verified the checking that has further comprised described digital signature.
Described method further comprises with computer user or database to be checked, and accepts still to refuse described digital certificate with decision.
A described cover action is selected from following set:
(1) record keystroke situation;
(2) kowtowing of mouse of record hit and situation of movement;
(3) the visit situation of log file;
(4) the visit situation of database of record;
(5) working time of logging program;
(6) record network communication situation;
(7) headphone communication situation;
(8) recording voice input and output situation;
(9) recording of video input and output situation;
(10) record website visiting situation;
(11) recording messages transmitting-receiving situation;
(12) recorded electronic mail situation;
(13) document image;
(14) record screen snap image;
(15) logger computer resource operating position;
(16) attribute of logging program;
(17) attribute of setting program;
(18) configuring condition of setting program;
(19) registration entries of system is set;
(20) open file;
(21) send message;
(22) receive message;
(23) display message.
Described some policies include and are used for carrying out at least the computer-executable code of a certain described activity, and described execution comprises carries out above-mentioned computer-executable code;
Described computer-executable code can be to write with in the following programming language any one:
(1) Java language;
(2) Pearl language;
(3) Tcl language;
(4) Visual BASIC;
(5) Active X language;
(6) COM language;
(7) .NET language;
(8) C# language;
(9) C/C++ language;
(10) the executable any script of machine.
Described computing machine is meant any one in the following listed computing equipment:
(1) personal computer;
(2) server;
(3) gateway;
(4) router;
(5) network switching;
(6) personal digital assistant;
(7) communication apparatus;
(8) server terminal.
Described digital certificate comprises some monitored entities; Described monitored entity then is made of some computing machines or some computer users; Described method further comprises:
(1) checking the title of described computing machine or described computer user's title;
(2) if judging the title of described computing machine or described computer user's title be not included in the register of described monitored entity, mentioned digital signature just is rejected.
Described digital certificate contains a valid period, and described method further comprises:
(1) current time and described valid period are checked mutually;
(2), will refuse described digital certificate if the term of validity surpasses.
The cover handling procedure that a kind of computer activity monitoring and recording system is included in a cover logging program that moves on certain computing machine and moves on another computing machine: described logging program has a digital certificate, comprise some policy clauses in the certificate, and described logging program comprises:
(1) certification authentication module is used for digital certificate is verified, accepts or refusal with decision;
(2) logging modles are used to carry out a cover action, wherein comprise the record activity, produce some described those movable recording data blocks that comprise, and a described cover moves and comprises that the record activity is by above-mentioned policy clause defined;
Described handling procedure comprises a processing module, is used for handling the described activity of writing down at described those recording data blocks.
Described digital certificate contains a PKI; Described logging program also comprises
(1) encrypting module, described encrypting module utilize described PKI that described recording data blocks is encrypted to a data stream, comprise some pieces of ciphered data in this data stream; And
Described handling procedure further comprises:
(2) deciphering modules, the private key of described deciphering module utilization and the pairing of described PKI is decrypted one group of encrypted data block, makes it to revert to described those record data modules.
Described data stream any one in the following manner is sent to described handling procedure:
(1) sends by computer network;
(2) send by communication network;
(3) send by storage medium.
Described digital certificate has comprised a digital signature, and described certification authentication module comprises a signature verification module, and described signature verification module is verified described signature.
Described logging program also comprises a certificate and accepts module, and described certificate is accepted the interior tolerant computer user of module display digit certificate and made judgement, accept or refuse this digital certificate to judge.
A described cover action is selected from following set:
(1) record keystroke action situation;
(2) the record mouse tunks and motion conditions;
(3) log file visit situation;
(4) database of record visit situation;
(5) the logging program activity time;
(6) record network chart communication situation;
(7) headphone signal intelligence;
(8) recording voice input and output situation;
(9) recording of video input and output situation;
(10) write down the website of being visited;
(11) recording messages;
(12) recorded electronic mail;
(13) recording picture;
(14) record screen snap image;
(15) logger computer resource operating position;
(16) attribute of logging program;
(17) attribute of setting program;
(18) configuration mode of setting program;
(19) registration scenarios of system is set;
(20) open file;
(21) send message;
(22) receive message;
(23) display message.
Public key encryption and digital certificate be a kind ofly can openly obtain, well-known ready-made outstanding technology.Used the pair of secret keys relevant in the public key encryption process: PKI and private key with relevant entity.Utilize the data of public key encryption to be deciphered by corresponding private key.Vice versa, utilizes the data of encrypted private key to be deciphered by corresponding public key.Digital certificate then is an e-file of having been signed name by a certain certification authority trusty (Certificate Authority-CA) with digital form.A digital certificate may comprise a certain individual, or a certain company, the perhaps identification name of arbitrary authentic entity (identity), and a PKI also has some information relevant with this entity, and by digital signature that CA trusty signed.Digital signature by CA signature trusty has guaranteed that this entity was identified, and the authenticity of this certificate can be verified.The production process of digital signature is: at first, to once unidirectional " hash (the hash) " functional operation of this e-file operation, producing a data sequence, and then the encrypted private key that this data sequence is possessed with CA.One-Way Hash Function has the character of a uniqueness, and promptly when two different e-files were handled with same hash function, the data sequence that is produced was always mutually different.So, it has just guaranteed all can produce different data sequences to any change that original e-file is done.Then this data sequence has just been produced digital signature with the further encryption of private key that CA possesses.The a pair of PKI of CA is disclosed, normally is placed in the another one digital certificate relevant with CA.Have only the PKI of pairing can be successfully to the signature deciphering, this is just then proved that this signature once encrypted (signature just) by CA.The people of the PKI of any CA of knowing can verify the authenticity of this digital signature, and process is: at first the e-file in the certificate is handled with same hash function, to produce a data sequence; Then it is compared with the signature after the deciphering.If both are the same, sign by CA with regard to the signature that has proved this certificate, and this certificate is not distorted by the people.Digital certificate has been widely used in issuing PKI by the online service device and with in this PKI and the activity that this online service device is associated.After a certain web browser had been received a digital certificate there from a certain online service device, it just verified the authenticity of this certificate.If this certificate has been approved that browser is just encrypted the data of planning to be sent to server with the PKI that is provided in this certificate.Data after these are encrypted has only corresponding server to understand, because have only it just to possess corresponding private key.
In the present invention, computer monitoring and register system are made up of two computer programs: one is logging program, and another is a handling procedure.Logging program moves in computing machine, is used for carrying out comprising the operation of writing down various computer activity.Handling procedure then is used for handling or showing the data that the former notes.
According to the present invention, at first should set up as the digital certificate that the policy certificate is treated by a certain supervision department, sign thereon by a reliable CA then.Supervision department is the administrative authority of computer monitoring and register system, and he can be the someone, perhaps company, perhaps any relevant entity.The title that contains supervision department in the policy certificate, a PKI, and a whole set of policy.The signature that a reliable CA is arranged on this certificate, he can be a supervision department itself, also can be other notary offices (public trusted entity).That PKI in the policy certificate is furnished with is corresponding with it, transfer to the private key that supervision department administers.All the policy of putting down in writing in certificate illustrated that those computer activity are monitored and record.Each policy can be specified a series of computer entity and relevant multiple activity with recording interval to monitoring.For example, policy can be stipulated in addition record of a keystroke situation relevant with certain computer program; Another policy may be stipulated in addition record of relevant with certain a computer program keystroke and file access situation; And another policy may be stipulated the record in addition of the communication situation between all computer programs; Some policy may not write in the certificate yet, and be considered to (self-explantory) of " silent approvement ", and just logging program has an instinct for and knows.The policy certificate is loaded in the logging program.Logging program verifies at first whether the CA to certificate signature can trust, and whether this certificate was not altered by other people.Logging program can show the content of policy certificate, comprising the title of monitoring entity, and all monitoring policy, and provide selection to allow the computer user that the policy certificate is accepted or refused.In some other application, logging program can also remove to consult a certain database that contains one group of acceptable monitoring entity, and whether belongs to a member in this group monitoring entity and automatically determine to receive or refuse this policy certificate according to the monitoring entity of certificate.After the policy certificate is accepted in decision, logging program is just operated, comprise according to the policy in the policy certificate record is carried out in the activity of computing machine, utilize the PKI that provides in the policy certificate that the record result is encrypted, data encrypted is sent to handling procedure, and utilizes private key to be decrypted by monitoring entity.The processed then program of data after the deciphering is handled or is shown.Decrypting process can be finished by program separately and exclusively, also can be integrated among the handling procedure.
Because the policy certificate has been ratified by reliable CA, the computer user, perhaps the computing machine that is recorded of its activity just can be assert the real maker of this policy relievedly, and the record that carries out can be limited within the scope of policy defined, because logging program is acted according to policy.Computer user or computing machine and monitoring entity can assert relievedly that the data of noting can not be used to illegal purpose, because except monitoring entity, do not have other people to know being used for the private key of data decryption is what.And monitoring entity can assert relievedly also that the data of noting can be held private key any go into distort.Therefore, system and method described in the present invention provides the mutual trust between computer user or computing machine and the monitoring entity.
Computer user or computing machine can also come further to be confirmed by the way of the data of noting being made digital signature.Digital signature to the data noted can be carried out before data are encrypted or afterwards.This digital signature is the encrypted private key possessed with computer user or computing machine.And be disclosed issue with the corresponding PKI of private key, preferably contain the title of computer user or computing machine and the digital certificate of PKI (being commonly called " user certificate ") is announced by one." user certificate " links together the title of PKI and computer user or computing machine.Had after the client public key, monitoring entity can utilize traditional signature verification technique that the user's signature of record data is verified, thereby can confirm obtaining from the computer user of appointment or computing machine really of these data there.
In the present invention, the policy certificate can also further comprise a plurality of " monitored entities "." monitored entity " refer to the monitoring policy that comprised in the policy certificate can to some computer users or the computing machine or the combination in any between them of execution.Logging program can be checked local computer and computer user's title, if they are not comprised among the register of " monitored entity " in the policy certificate, will refuse this certificate.For example, may contain a user name inventory in the monitored group of entities, illustrate that the monitoring policy can implement them, and for example fruit local computer user's name is not included in this inventory, and logging program will be refused this policy certificate.
In the present invention, data encrypted can be sent to handling procedure by computer network in real time, also can be kept in any storage medium, is read from this medium by handling procedure then.
A specific embodiment of the present invention;
Content of the present invention is the method for reliable computer activity monitoring and recording system and realization thereof.Native system and employed method are to be used for the relation of breaking the wall of mistrust between its movable computer user of should be monitored and writing down or computing machine (below be referred to as " monitored entity ") and supervisor (below be referred to as " monitoring entity ").This system makes " monitored entity " to be sure of being provided by relevant " monitoring entity " really of record policy that they are implemented with employed method, and the scope of record is limited in the scope of record policy defined.And the data of noting can not seen by other outsiders or be utilized.This system and method can guarantee that recorded data can not distorted to " monitoring entity ", and is to write down from alleged " monitored entity " really.
In the implementation of being recommended as Fig. 1 and Fig. 2 demonstration, computer monitoring and register system are made up of two computer programs: logging program 102 among Fig. 1 and the handling procedure 122 among Fig. 2.Logging program 102 operates in its movable computing machine 100 that should be monitored.Handling procedure 122 operates in the employed computing machine 120 of monitoring entity, and the data of noting are handled and shown.
Encrypting module 108 among Fig. 1 is used for producing encrypted data stream 118.Data encrypted stream is sent to the out connector 102 of logging program among Fig. 1 so that transmit, and is received by the input connector 124 of the handling procedure among Fig. 2 122.Data can be transmitted in real time by computer network, and out connector 110 is the interface that links to each other with computer network with 124 of input connectors.Data also can be kept at the storage medium of any kind of, and out connector 110 is the interface that links to each other with storage medium with 124 of input connectors.
In the present invention, the digital certificate of " policy certificate " of being known as at first utilizes digital authentication technology to set up.The detailed description of relevant digital authentication technology can find in ready-made technical press.Policy certificate 112 among Fig. 1 is loaded in the core buffer of computing machine 110 so that the asking for of logging program 102.Policy certificate 112 is verified to distinguish and is accepted or refuse by certification authentication module 104.Comprised many policies in the policy certificate 112, they stipulated logging modle 106 in the logging program 102 action and the recording interval that should carry out.Also include a PKI in the policy certificate 112, the usefulness that supplies 108 pairs of data of noting of encrypting module to encrypt.Show that as Fig. 3 policy certificate 102 preferably contains following various element;
A) title 202 of monitoring entity;
B) PKI 204;
C) some policy clauses 206;
D) title 208 of monitored entity;
E) valid period 210;
F) certificate serial number 212;
G) signature of certification authority.
Wherein the title 202 of monitoring entity refers to supvr (a certain individual, certain company, perhaps arbitrary entity that " computer monitoring register system " controlled and managed.) PKI 204 is used for data are encrypted; Policy 206 has been stipulated the concrete action and the scope of record; The title 208 of monitored entity refers to the object (computing machine, computer user, the perhaps combination in any between them) that policy 206 can be implemented; Valid period refers to the valid period of policy certificate 112; 212 of certificate serial numbers are unique numbers that is used for censuring policy certificate 112; 214 of the signatures of certification authority are the digital signatures of certification authority 112.Certification authority is certain reliable authoritative department, is responsible for the identity of checking monitoring entity 202 and is included in relevant information in the policy certificate 112.The signature 214 of certification authority allows third party software to verify the authenticity of the policy certificate 112 of the authenticity that comprises monitoring entity.
The policy clause 206 that is included in the policy certificate 112 has stipulated which computer activity will be recorded, and logging program or computer user can carry out other what actions.Article one, policy can be defined in some actions of carrying out on the sets of computer entity, the some actions that perhaps allow the computer user to carry out.Fig. 4 has represented the example of five policies.Policy A 300 has stipulated should be to the record in addition of the keyboard keystroke situation on the computer program of " Word " by name; Policy B 302 has stipulated should be to the content of the keyboard keystroke situation relevant with the computer program of " Visual Studio " the by name file that be opened with all relevant with it record in addition; Policy C 304 has stipulated at " InternetExplorer ", " Netscape Navigator ", and the network communication activity of carrying out on these three programs of and " Outlook " is record in addition; Policy D 306 has stipulated that the computer user can at any time suspend or the work of recovery record module; Policy E 306 has stipulated to allow the computer user to check the working time of the program that arbitrary activity.The policy 206 that Fig. 2 shows also can contain some computer-executable code to carry out required action.For example, policy 206 can contain a Java small routine carries out some action, carries out this Java small routine and contain a Java engine (not illustrating at Figure 1A) at the logging program 102 of Figure 1A.Also can not comprise the policy part in the policy certificate, this situation means the policy of one group of acquiescence that the executive logging program is known in advance.
Fig. 5 is a process flow diagram 400 of the module in the logging program of realizing among Fig. 1 102.Referring to Fig. 5, in step 402, the confidence level of the certification authority in the policy certificate 112 is verified that please if certification authority is rejected, then certificate 112 will be rejected in step 418.In step 404, the confidence level of the digital signature of 112 li in certificate is verified that if this signature is rejected, then certificate 112 will be rejected in step 418.In step 406, computing machine and computer user's title is tested, if their title is not comprised among the register of the monitored entity that indicates in the certificate 112, certificate 112 will be rejected in step 408.In step 408, the valid period of certificate is checked, if passed through the term of validity, certificate 112 will be rejected in step 418.In step 410, check computer user or database and accept or refuse certificate 112 to judge.When the computer user was checked, the content of certificate 112 can be shown (not representing this point in Fig. 5) and see to the computer user, and allowed the computer user to accept or refusal certificate 112.When checking database, can decide acceptance still to refuse certificate 112 (this point is not presented among Fig. 4) according to rule set in the database, for example, if the title of the monitoring entity of regulation has been included in the database interior " acceptable monitoring entity register " in the certificate 112, certificate 112 is acceptables so.Accepted after the certificate 112, in step 412, just from certificate 112, found out the policy clause, subsequently in step 414 just according to policy clause executive logging and other activities.Record activity in the step 414 will produce a series of recording data blocks.Then in step 416, the public key encryption that the data block certificate of utility of noting 112 is provided.The encryption method of using in the step 416 can be any well-known key encrypt method.The data stream 118 that ciphering process in the step 416 produces has comprised the data encrypted piece.As shown in Figure 1, data encrypted stream 118 is handed to out connector 110.
Form by encrypting module among Fig. 1 108 and the data encrypted that produced in the step 416 of Fig. 5 stream 118 preferably adopts form shown in Figure 6.Referring to Fig. 6, first data block of encrypting back data stream 118 is " format header " 520, wherein contains relevant for the format information of encrypting the back data stream.Second data block is the sequence number of policy certificate 212, and it is policy certificate 112 in the marked graph 2 uniquely.Data block subsequently then is a data encrypted piece 524,526,528.Contain sequence number and recorded data piece in each data encrypted piece.As shown in Figure 6, data encrypted piece 524 contains the data block 504 of sequence number 502 and record.Sequence number (502,506,510) increases progressively, and has or not omission thereby allow handling procedure 122 among Fig. 2 to find recording data blocks.
Data encrypted stream 118 is fed to handling procedure 122 by input connector 124, as shown in Figure 2.Fig. 7 is one a process flow diagram 600 of the module in the handling procedure of realizing among Fig. 2 122.Referring to Fig. 7, in step 602, from encrypted data stream 118, obtain certificate serial number shown in Figure 6 212.Certificate serial number 212 has identified policy certificate 112 uniquely, the unique again nothing of this certificate two ground and be used for that encrypted data 118 is decrypted employed private key 130 and be associated, as shown in Figure 2.Private key 130 takes out in step 604.In step 130, data encrypted piece 524,526,528th among Fig. 6 utilizes private key 130 to decipher.In step 608, can be with the method that satisfies the man-machine interaction requirement to being included in computer activity in the block of unencrypted data and handling or showing.
In another realizing method of being recommended, utilize the way of the digital signature of adding the computer user to come recorded data is authenticated.In this method of being recommended, as Fig. 8 and shown in Figure 9, a user's signature generation module is added in the logging program 700 of Fig. 8, again a user's signature authentication module is added in the handling procedure 712 of Fig. 9.Other modules among Fig. 8 and Fig. 9, i.e. certification authentication module 104, logging modle 106, encrypting module 108, deciphering module 126, processing module 128 are that the module identical with numbering among Fig. 1 and Fig. 2 is the same.
User's signature generation module 702 among Fig. 8 is preferably realized according to the process flow diagram among Figure 10 800.Please referring to Figure 10, wherein each encrypted data block is produced a user's signature, the method of using is, in step 804, at first each encrypted data block is implemented an One-Way Hash Function computing to produce a data sequence, the private key that utilizes computing machine or computer user then in step 806 is to the data block encryption, and the ciphered data sequence is exactly a user's signature, and it is merely able to be deciphered by " with the PKI 714 of private key 704 pairings ".In step 808, user's digital signature is attached to the back of encrypted data block.
712 pairs of user's signature authentication modules are verified with each each user's signature that encrypting module is relevant in Fig. 9.User's signature authentication module 712 is preferably realized according to the process flow diagram shown in Figure 11 810.In Figure 11, in the step 814 each to encrypted data block and number thereof signature, utilize (with step 806 among Fig. 8 li with private key 704 pairings) PKI 714 is the deciphering of number signature; In step 816, be used to encrypted data block is handled with employed identical One-Way Hash Function in Figure 10 step 804, to obtain a data sequence; Then resulting this data sequence is compared with the signature of decrypted user in the step 818.If the data sequence that is produced is consistent with the user's signature of having deciphered, this has just proved that encrypted data block signed by computer user or computing machine really, so the deciphering module 126 that it is passed among Fig. 9 is for further processing.If the data sequence that is produced and the user's signature of having encrypted are inconsistent, this has just proved that encrypted data block do not signed by computer user or computing machine, is perhaps distorted, thereby is rejected in step 820.Employed PKI can obtain with any method in Figure 11 step 814.A kind of method preferably is that PKI is embedded in the digital certificate of being issued by reliable certification authority (being referred to as " user certificate " usually).User certificate connects the title of PKI and computing machine (or computer user or both).The hash function that is used for encrypted data block is produced data sequence in Figure 10 step 804 and Figure 11 step 816 can be any hash function that everybody is commonly used to produce digital signature.
Adding digital signature in encrypted data block can make monitoring entity believe the computing machine that is derived from appointment really or the computer user of these data blocks.
Under the condition that does not deviate from mentioned spirit of this patent or central idea, the present invention also can realize with other form.Therefore, the whole specific embodiment of being showed here should be considered to schematic explanation, rather than the restriction of having a mind to apply.
Claims (18)
1. computer activity monitoring record method, it is characterized in that described method monitors its activity on the computing machine that has a digital policy certificate, described digital policy certificate comprises at least one policy clause, described policy clause comprises at least one operational order and relevant computer entity title, described operational order and computer entity title are with the readable character calligraph of user, and described method comprises:
Verification step is verified described digital policy certificate, to determine acceptance or to refuse described digital policy certificate;
Step display shows described policy clause;
Execution in step is carried out described policy clause on this computing machine;
Described method allows the user be sure of the authenticity of described digital policy certificate and the scope of monitoring record.
2. computer activity monitoring record method according to claim 1 is characterized in that described digital policy certificate includes supervisor's title of formulating this certificate, and described step display further comprises:
Show described supervisor's title, and the option that can allow the user refuse described digital policy certificate is provided.
3. computer activity monitoring record method according to claim 1, it is characterized in that containing a PKI in the described digital policy certificate, described execution in step further comprises the result of at least one data block of generation with the described policy clause of record execution, and described method further comprises:
Encrypting step utilizes described PKI with described encryption of blocks of data, and the data of described encrypted data block are utilized on an other computing machine with the private key of PKI pairing and deciphered;
Described method allows the supervisor of the digital policy certificate of formulation be sure of monitoring record result's authenticity and reliability.
4. computer activity monitoring record method according to claim 3 is characterized in that the data of described encrypted data block are gone by any being sent in the described other computing machine in following three kinds of methods:
1) sends by computer network;
2) send by communication network;
3) send by storage medium.
5. computer activity monitoring record method according to claim 3 is characterized in that described meter
The calculation machine has a certain user's private key, also comprises in the described encrypting step:
Signature step, utilizing described private key is that described encrypted data block produces a digital signature, described digital signature and described encrypted data block will be utilized on a described other computing machine with the PKI of described private key for user pairing and verify.
6. computer activity monitoring record method according to claim 1 is characterized in that described digital policy certificate contains a digital signature, and described verification step has comprised the checking to described digital signature.
7. computer activity monitoring record method according to claim 1 is characterized in that described relevant computer entity is selected from following any one:
1) program file;
2) executive routine;
3) e-mail program;
4) clear olive device of webpage;
5) digital document;
6) network channel;
7) database;
8) annotate the plan storehouse for one;
9) website;
10) image;
11) sheet photo;
12) page or leaf of throwing the net;
13) any digital entity that is present on the described computing machine.
8. computer activity monitoring record method according to claim 1 is characterized in that described operational order is selected from any one following operation:
1) record keystroke situation;
2) kowtowing of mouse of record hit and situation of movement;
3) the visit situation of log file;
4) the visit situation of database of record;
5) working time of logging program;
6) time of recording user operation keyboard;
7) time of recording user operation mouse;
8) record network communication situation;
9) headphone communication situation;
10) recording voice input and output situation;
11) recording of video input and output situation;
12) record website visiting situation;
13) recording messages transmitting-receiving situation;
14) recorded electronic mail situation;
15) document image;
16) record screen snap image;
17) logger computer resource operating position;
18) attribute of logging program;
19) attribute of setting program;
20) configuring condition of setting program;
21) registration entries of system is set;
22) open file;
23) send message;
24) receive message;
25) show to be message;
26) stop a system operation.
9. computer activity monitoring record method according to claim 1 is characterized in that described policy clause comprises computer-executable code and is used for carrying out described operational order, and described execution in step comprises the described computer-executable code of execution; Described computer-executable code can be to write with in the following programming language any one:
1) Java language;
2) Pearl language;
3) Tcl language;
4) Visual BASIC;
5) Active X language;
6) COM language;
7) .NET language;
8) C# language;
9) C/C++ language;
10) the executable any script of machine.
10. computer activity monitoring record method according to claim 1 is characterized in that described computing machine is meant any one in the following listed computing equipment:
1) personal computer;
2) server;
3) gateway;
4) router;
5) network switching;
6) personal digital assistant;
7) communication apparatus;
8) server terminal.
11. computer activity monitoring record method according to claim 1 is characterized in that described digital policy certificate comprises a monitored entity register, described monitored entity register comprises at least one computer user's name, and described method further comprises:
User's checking step is checked current computer user's title, has not been included in the register of described monitored entity if refuse the described current computer user's of described digital policy certificate title.
12. computer activity monitoring record method according to claim 1 is characterized in that described digital policy certificate includes a valid period, described method further comprises:
The time limit checking step is checked current time and described valid period mutually, if the term of validity surpasses, refuses described digital policy certificate.
13. computer activity monitoring and recording system, this system comprises at least one processor and is used for the combine digital program, at least one storer is used for store digital program and data block or digital document, at least one user operates input sink and is used to receive the operation of user on keyboard or mouse or miscellaneous equipment, at least one screen display is used for video data, described system is included in a cover monitoring facilities that moves on the processor, a digital policy certificate that is stored on the described storer, described digital policy certificate comprises at least one policy clause, described policy clause comprises at least one operational order and relevant computer digit entity title, described operational order and computer digit entity title are with the readable character calligraph of user, and described monitoring facilities comprises:
A certification authentication module is used for described digital policy certificate is verified, accepts or refusal with decision;
A display module is used to show described digital policy clause;
An execution module is used to carry out described policy clause, and produces at least one data block with the record execution result.
14. a kind of computer activity monitoring and recording system according to claim 13, it is characterized in that described digital policy certificate comprises supervisor's title of formulating this certificate, described display module further shows described supervisor's title, and described monitoring facilities also further comprises:
A certificate is accepted module, and the option that can allow the user accept or refuse described digital policy certificate is provided, be used to allow the user that described digital policy certificate content is judged after, accept or refuse described digital policy certificate to judge.
15. a kind of computer activity monitoring and recording system according to claim 13 is characterized in that described digital certificate contains a PKI, described monitoring facilities also comprises:
An encrypting module is used to utilize described PKI with described record data block encryption.
16. a kind of computer activity monitoring and recording system according to claim 13 is characterized in that during described recording data blocks is in the following manner any one is sent to described handling procedure:
Send by computer network;
Send by communication network;
Send by storage medium.
17. a kind of computer activity monitoring and recording system according to claim 13 is characterized in that described digital policy certificate has comprised a digital signature, described certification authentication module comprises to be verified described digital signature.
18. a kind of computer activity monitoring and recording system according to claim 13 is characterized in that described operational order is selected from following any one:
Record keystroke action situation;
Tunking and motion conditions of record mouse;
Log file visit situation;
Database of record visit situation;
The logging program activity time;
Record network chart communication situation;
The headphone signal intelligence;
Recording voice input and output situation;
Recording of video input and output situation;
The website that record is visited;
Recording messages;
The recorded electronic mail;
Recording picture;
Record screen snap image;
Logger computer resource operating position;
The attribute of logging program;
The attribute of setting program;
The configuration mode of setting program;
The registration scenarios of system is set;
Open file;
Send message;
Receive message;
Display message;
Stop a system operation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031293522A CN100476750C (en) | 2003-06-19 | 2003-06-19 | System and method for monitoring and registering computer activity |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031293522A CN100476750C (en) | 2003-06-19 | 2003-06-19 | System and method for monitoring and registering computer activity |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1567221A CN1567221A (en) | 2005-01-19 |
| CN100476750C true CN100476750C (en) | 2009-04-08 |
Family
ID=34469298
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031293522A Expired - Fee Related CN100476750C (en) | 2003-06-19 | 2003-06-19 | System and method for monitoring and registering computer activity |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100476750C (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102768845B (en) * | 2011-05-03 | 2015-03-11 | 中国移动通信集团公司 | Video index method and system |
| CN103207967A (en) * | 2012-01-12 | 2013-07-17 | 精品科技股份有限公司 | Data collecting method, information security management method and information security management host |
| US9608881B2 (en) | 2012-04-13 | 2017-03-28 | International Business Machines Corporation | Service compliance enforcement using user activity monitoring and work request verification |
| CN103488793A (en) * | 2013-10-09 | 2014-01-01 | 韩金倡 | User behavior monitoring method based on information retrieval |
| US20200387627A1 (en) * | 2019-06-04 | 2020-12-10 | Digital Asset Holdings, LLC | Multi-user database system and method |
-
2003
- 2003-06-19 CN CNB031293522A patent/CN100476750C/en not_active Expired - Fee Related
Non-Patent Citations (2)
| Title |
|---|
| 企业安全电子邮件体系的构建. 钟元生.机电工程,第18卷第2期. 2001 |
| 企业安全电子邮件体系的构建. 钟元生.机电工程,第18卷第2期. 2001 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1567221A (en) | 2005-01-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP6542962B2 (en) | Delayed data access | |
| CN112217807B (en) | Cone block chain key generation method, authentication method and system | |
| TWI247516B (en) | Method, apparatus and computer programs for generating and/or using conditional electronic signatures and/or for reporting status changes | |
| Todorov | Mechanics of user identification and authentication: Fundamentals of identity management | |
| Obaidat et al. | Security of E-systems and Computer Networks | |
| CN102932136B (en) | Systems and methods for managing cryptographic keys | |
| US20060041760A1 (en) | Trusted computer activity monitoring and recording system and method | |
| CN109583219A (en) | A kind of data signature, encryption and preservation method, apparatus and equipment | |
| CN106104562A (en) | Safety of secret data stores and recovery system and method | |
| US20090271627A1 (en) | Secure Data Transmission | |
| JP2016508643A (en) | Data security service | |
| CN101674304A (en) | Network identity authentication system and method | |
| CN102055685B (en) | Method for encrypting webmail information | |
| Singh | Network Security and Management | |
| CN106533693A (en) | Access method and device of railway vehicle monitoring and maintenance system | |
| Panwar et al. | Sampl: Scalable auditability of monitoring processes using public ledgers | |
| CN113938281B (en) | Quantum security identity issuing system, issuing method and using method | |
| CN100476750C (en) | System and method for monitoring and registering computer activity | |
| CN201717885U (en) | Code providing equipment and code identification system | |
| Joseph et al. | Protecting information stored inside the cloud with A new CCA-EBO protocol designed on hive technology | |
| CN101826964A (en) | Outgoing document security management system supporting collaboration | |
| JP4140617B2 (en) | Authentication system using authentication recording medium and method of creating authentication recording medium | |
| Patel et al. | The study of digital signature authentication process | |
| Nestås | Building trust in remote internet voting | |
| Krutz et al. | The CISM prep Guide: Mastering the five Domains of Information security management |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090408 Termination date: 20100619 |