CN101894242A - System and method for protecting information safety of mobile electronic equipment - Google Patents

System and method for protecting information safety of mobile electronic equipment Download PDF

Info

Publication number
CN101894242A
CN101894242A CN2010102062856A CN201010206285A CN101894242A CN 101894242 A CN101894242 A CN 101894242A CN 2010102062856 A CN2010102062856 A CN 2010102062856A CN 201010206285 A CN201010206285 A CN 201010206285A CN 101894242 A CN101894242 A CN 101894242A
Authority
CN
China
Prior art keywords
file
user
mobile electronic
electronic device
described
Prior art date
Application number
CN2010102062856A
Other languages
Chinese (zh)
Other versions
CN101894242B (en
Inventor
耿振民
刘旭峰
Original Assignee
上海华御信息技术有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 上海华御信息技术有限公司 filed Critical 上海华御信息技术有限公司
Priority to CN2010102062856A priority Critical patent/CN101894242B/en
Publication of CN101894242A publication Critical patent/CN101894242A/en
Application granted granted Critical
Publication of CN101894242B publication Critical patent/CN101894242B/en

Links

Abstract

The invention discloses a system and a method for protecting information safety of mobile electronic equipment. The system comprises a management center, an encryption and authentication unit and an authentication tool, wherein the encryption and authentication unit is arranged in the mobile electronic equipment; the authentication tool is connected with the mobile electronic equipment when used; the authentication tool comprises identity information and permission information of a user; the management center is used for setting the permission of the authentication tool of each user and writing the permission into the corresponding authentication tool; the encryption and authentication unit comprises a file encryption module, a file decryption module and an internal authentication module; and the internal authentication module sends a request to the management center or the authentication tool, acquires commands, and allows the user having the permission to use an encrypted file. The system and the method for protecting the information safety of the mobile electronic equipment can be convenient for employees to normally do extra work under an intranet environment or without the intranet and to normally use notebook computers to deal with private affairs or enjoy entertainment functions under certain conditions.

Description

Information safety of mobile electronic equipment protection system and method

Technical field

The invention belongs to field of information security technology, relate to a kind of information safety protection system, relate in particular to a kind of information safety of mobile electronic equipment protection system; Simultaneously, the invention still further relates to a kind of information safety of mobile electronic equipment guard method.

Background technology

Along with the development of infotech, increasing enterprises and institutions adopt electronic technology to handle day-to-day work, increasing file existing in the electronic document mode.Adopt the electronic document mode to store data and have advantages such as efficient height, cost are low, convenient transfer.But simultaneously, use electronic document mode storage data to increase the risk that information is abused, for example employee's job-hopping, corporate espionage etc.

In the face of this type of risk, enterprises and institutions can manage desktop machine by technology or system means in Intranet, isolate, use that such as sealing USB port, intranet and extranet encryption software is forced to encrypt etc.Because easy to carry, the mobile office of notebook is characteristics easily, determined its necessity that exists in intra-company, management has brought the very aspect of inconvenience but this is also to Intranet:

If adopt the management method of similar desktop computer, do not exist the risk of information loss this moment, but greatly limited the functions of use of notebook computer, the necessity of having strangled notebook computer to exist;

Force to encrypt if at notebook computer encryption software adopt to be installed, the employee can only be used for handling company affair, and the amusement function of notebook has just been lost and the employee can not be used for handling the private matters so;

If notebook computer is installed encryption software and is forced encryption, if the user surpasses its Preset Time outside service time, the user can not normally use encrypt file so, can not normally obtain new mandate (must pass through third party's instrument etc.) this moment;

Encrypt and do not carry away and encrypt (by in the Intranet environment, realizing) if only adopt with the authentication of administrative center in intra-company, this moment again not the aspect employee use encrypt file, be not easy to the employee and work overtime in the company outside or operate.

Summary of the invention

Technical matters to be solved by this invention is: a kind of information safety of mobile electronic equipment protection system is provided; can make things convenient for employee's normal overtime in Intranet or disengaging Intranet environment, can normally use notebook computer to handle private matters or enjoyment amusement function simultaneously under certain condition again.

In addition; the present invention also provides a kind of information safety of mobile electronic equipment guard method; can make things convenient for employee's normal overtime in Intranet or disengaging Intranet environment, can normally use notebook computer to handle private matters or enjoyment amusement function simultaneously under certain condition again.

For solving the problems of the technologies described above, the present invention adopts following technical scheme:

A kind of information safety of mobile electronic equipment protection system, described system comprise administrative center, are arranged at the encrypting and authenticating unit in the described mobile electronic device, the authentication instrument that is connected with mobile electronic device when using;

Described authentication instrument comprises user's identity information, rights of using information;

Described administrative center is in order to setting the rights of using of each subscriber authentication instrument, and rights of using are write in the corresponding authentication instrument;

Described encrypting and authenticating unit comprises:

-file encryption module in order to execute the file encryption operation, is carried out encipherment protection at enactment document;

-file decryption module in order to automatically file decryption is arrived internal memory by the backstage, does not influence the encrypted state of file on disk;

-internal authentication module in order to send request and to obtain order to administrative center or authentication instrument, allows the user with rights of using to use encrypt file; If no rights of using then can't be used encrypt file, but can use non-encrypted file.

As a preferred embodiment of the present invention, when described mobile electronic device connects described administrative center, by the encrypting and authenticating unit of administrative center's control mobile electronic device;

When described mobile electronic device was not connected with described administrative center, described information safety protection system had judged whether that effective authentication instrument connects; If have,, allow respective user to use encrypt file then by the encrypting and authenticating unit of authentication instrument control mobile electronic device; If do not have, then can't use encrypt file, but can use non-encrypted file.

As a preferred embodiment of the present invention, described encrypting and authenticating unit further comprises logger module, is used for the file operation of recording user on this mobile electronic device, comprise newly-built, copy, move, rename and deletion action.

As a preferred embodiment of the present invention, described administrative center comprises:

User management module in order to carry out different settings at user or user group, makes things convenient for by centralized management that the keeper formulates in real time, the strategy of differentiation;

User identification module in order to the information by online collection user, is used for the identity of verified users and policy information is issued to the formulation user;

Authentication tool management module is provided with authentication instrument rights of using at the user, and described rights of using comprise service time, deciphering, and setting is exported as destination file;

Log query and administration module, searching and managing person's system's setting and user management operation, keeper's Authorized operation, and the user is to the file operation of mobile electronic device.

As a preferred embodiment of the present invention, described user rs authentication instrument comprises:

Identification module in order to judge according to the user's name of the inside embedding and the title of encrypting and authenticating unit client, is realized corresponding one by one;

The control of authority module, the use of controlling client in order to the cycle that writes according to the inside and control of authority.

The information safety protecting method of a kind of above-mentioned information safety protection system, described method comprises the steps:

The file encryption-decryption step: the file encryption module is executed the file encryption operation, carries out encipherment protection at enactment document; The file decryption module arrives internal memory with file decryption automatically by the backstage, does not influence the encrypted state of file on disk;

The authority setting step: described administrative center sets the rights of using of each subscriber authentication instrument, and rights of using are write in the corresponding authentication instrument;

When described mobile electronic device connects described administrative center, by the encrypting and authenticating unit of administrative center's control mobile electronic device;

When described mobile electronic device was not connected with described administrative center, described information safety protection system had judged whether that effective authentication instrument connects; If have,, allow respective user to use encrypt file then by the encrypting and authenticating unit of authentication instrument control mobile electronic device; If do not have, then can't use encrypt file, but can use non-encrypted file.

As a preferred embodiment of the present invention, when described mobile electronic device during, connect described administrative center in LAN (Local Area Network), can only carry out the pressure cryptographic operation, the setting classified papers that the user handles in setting LAN (Local Area Network) must be through forcing encryption; Described administrative center is arranged in the server; Its step is as follows:

Described mobile electronic device normally is linked into the setting LAN (Local Area Network) by legal means, guarantees normally to be communicated with server;

The encrypting and authenticating unit of described mobile electronic device is verified to server by sending authorization information to administrative center;

If mobile electronic device is by checking, can normally use the encrypt file of setting in the LAN (Local Area Network) this moment; If checking is not passed through, can not use the encrypt file of setting in the LAN (Local Area Network);

The user carries out normal running, the encrypted daily record that stays user's operation file in setting LAN (Local Area Network) simultaneously of file when preserving file.

As a preferred embodiment of the present invention, the user that the control desk at keeper's login management center is authorized needs authorizes, and its concrete steps are as follows:

Keeper's login management center, the correctness of system verification keeper identity and the opereating specification of its mandate;

The keeper chooses the user who needs mandate, sets its service time and operating right;

Whether system judges its user just at the use certificate instrument, if the authentication instrument is still not out of date then configuration information is exported as destination file; If the authentication instrument is expired or this user use certificate instrument not, then points out keeper's access identity verification tool and configuration information is written in the authentication instrument;

The keeper sends to the mobile electronic device user with destination file or authentication instrument and stays the detail record of mandate.

As a preferred embodiment of the present invention, when the user carried the mobile electronic device out using, its expection Action Target and open corresponding authority can be judged by system, and its concrete steps are as follows:

The user opens mobile electronic device and normally opens encryption software (encrypting and authenticating unit) client-side program;

Client judges whether the authentication of normal use instrument is arranged on the mobile electronic device, if any then reading corresponding information; Then do not allow the user to use encrypt file if having, and guarantee the not encrypted protection of file of its operation;

Client judges according to the authentication tool information that reads, and in allowed band, then run user normally reads and operate classified papers as its cycle and authority; If not in its scope, the prompting user upgrades to the keeper and authorizes and enter the pattern that can't use encrypt file;

After entering the pattern that can use encrypt file, program normal recordings user is to the operation of file, and file is carried out encipherment protection.

Beneficial effect of the present invention is: information safety of mobile electronic equipment protection system and method that the present invention proposes; can make things convenient for employee's normal overtime in Intranet or disengaging Intranet environment, can normally use notebook computer to handle private matters or enjoyment amusement function simultaneously under certain condition again.Surpass its predetermined period when the user uses the cycle of encryption software outside, the present invention can also provide the solution of new mandate.

Description of drawings

Fig. 1 is a notebook computer client workflow diagram in the LAN (Local Area Network).

Fig. 2 authorizes notebook out using process flow diagram for the keeper.

Fig. 3 uses the model selection process flow diagram outside for notebook.

Embodiment

Describe the preferred embodiments of the present invention in detail below in conjunction with accompanying drawing.

Embodiment one

See also Fig. 1, the present invention has disclosed a kind of information safety of mobile electronic equipment protection system, and described system comprises administrative center, is arranged at the encrypting and authenticating unit in the described mobile electronic device, the authentication instrument that is connected with mobile electronic device when using.Described mobile electronic device can be mobile notebook computer, also can be electronic equipments such as mobile phone, PDA.

When described mobile electronic device connects described administrative center, by the encrypting and authenticating unit of administrative center's control mobile electronic device.

When described mobile electronic device was not connected with described administrative center, described information safety protection system had judged whether that effective authentication instrument connects; If have,, allow respective user to use encrypt file then by the encrypting and authenticating unit of authentication instrument control mobile electronic device; If do not have, then can't use encrypt file, but can use non-encrypted file.

Below introduce the composition of each module of the present invention respectively.

[authentication instrument]

Described authentication instrument comprises user's identity information, rights of using information.In the present embodiment, described user rs authentication instrument comprises:

Identification module in order to judge according to the user's name of the inside embedding and the title of client, is realized corresponding one by one;

The control of authority module, the use of controlling client in order to the cycle that writes according to the inside and control of authority.

[administrative center]

Described administrative center is in order to setting the rights of using of each subscriber authentication instrument, and rights of using are write in the corresponding authentication instrument.

In the present embodiment, described administrative center comprises:

User management module in order to carry out different settings at user or user group, makes things convenient for by centralized management that the keeper formulates in real time, the strategy of differentiation;

User identification module in order to the information by online collection user, is used for the identity of verified users and policy information is issued to the formulation user;

Authentication tool management module is provided with authentication instrument rights of using at the user, and described rights of using comprise service time, deciphering, and setting is exported as destination file;

Log query and administration module, searching and managing person's system's setting and user management operation, keeper's Authorized operation, and the user is to the file operation of mobile electronic device.

[encrypting and authenticating unit]

Described encrypting and authenticating unit comprises:

-file encryption module in order to execute the file encryption operation, is carried out encipherment protection at enactment document;

-file decryption module in order to automatically file decryption is arrived internal memory by the backstage, does not influence the encrypted state of file on disk;

-internal authentication module in order to send request and to obtain order to administrative center or authentication instrument, allows the user with rights of using to use encrypt file; If no rights of using then can't be used encrypt file, but can use non-encrypted file.

-logger module is used for the file operation of recording user on this mobile electronic device, comprise newly-built, copy, move, rename and deletion action.

More than introduced information safety of mobile electronic equipment protection system of the present invention; the present invention is when disclosing above-mentioned information safety of mobile electronic equipment protection system; also disclose the information safety protecting method of above-mentioned information safety protection system, described method comprises the steps:

-file encryption-decryption step: the file encryption module is executed the file encryption operation, carries out encipherment protection at enactment document; The file decryption module arrives internal memory with file decryption automatically by the backstage, does not influence the encrypted state of file on disk;

-authority setting step: described administrative center sets the rights of using of each subscriber authentication instrument, and rights of using are write in the corresponding authentication instrument;

-when described mobile electronic device connects described administrative center, by the encrypting and authenticating unit of administrative center's control mobile electronic device;

-when described mobile electronic device was not connected with described administrative center, described information safety protection system had judged whether that effective authentication instrument connects; If have,, allow respective user to use encrypt file then by the encrypting and authenticating unit of authentication instrument control mobile electronic device; If do not have, then can't use encrypt file, but can use non-encrypted file.

When described mobile electronic device during in LAN (Local Area Network), connect described administrative center, can only carry out the pressure cryptographic operation, the setting classified papers that the user handles in setting LAN (Local Area Network) must be through forcing encryption; Described administrative center is arranged in the server; Its step is as follows:

-described mobile electronic device normally is linked into the setting LAN (Local Area Network) by legal means, guarantees normally to be communicated with server;

The encrypting and authenticating unit of-described mobile electronic device is verified to server by sending authorization information to administrative center;

If-mobile electronic device is by checking, can normally use the encrypt file of setting in the LAN (Local Area Network) this moment; If checking is not passed through, can not use the encrypt file of setting in the LAN (Local Area Network);

-user carries out normal running, the encrypted daily record that stays user's operation file in setting LAN (Local Area Network) simultaneously of file when preserving file.

Described method further comprises: the user that the control desk at keeper's login management center is authorized needs authorizes, and its concrete steps are as follows:

-keeper login management center, the correctness of system verification keeper identity and the opereating specification of its mandate;

-keeper chooses the user who needs mandate, sets its service time and operating right;

Whether-system judges its user just at the use certificate instrument, if the authentication instrument is still not out of date then configuration information is exported as destination file; If the authentication instrument is expired or this user use certificate instrument not, then points out keeper's access identity verification tool and configuration information is written in the authentication instrument;

-keeper sends to the mobile electronic device user with destination file or authentication instrument and stays the detail record of mandate.

When the user carried the mobile electronic device out using, its expection Action Target and open corresponding authority can be judged by system, and its concrete steps are as follows:

-user opens mobile electronic device and normally opens the encryption software client-side program;

-client judges whether the authentication of normal use instrument is arranged on the mobile electronic device, if any then reading corresponding information; Then do not allow the user to use encrypt file if having, and guarantee the not encrypted protection of file of its operation;

-client judges according to the authentication tool information that reads, and in allowed band, then run user normally reads and operate classified papers as its cycle and authority; If not in its scope, the prompting user upgrades to the keeper and authorizes and enter the pattern that can't use encrypt file;

-enter the pattern that can use encrypt file after, program normal recordings user is to the operation of file, and file is carried out encipherment protection.

In sum; information safety of mobile electronic equipment protection system and method that the present invention proposes; can make things convenient for employee's normal overtime in Intranet or disengaging Intranet environment, can normally use notebook computer to handle private matters or enjoyment amusement function simultaneously under certain condition again.Surpass its predetermined period when the user uses the cycle of encryption software outside, the present invention can also provide the solution of new mandate.

Embodiment two

In intra-company, the employee can not handle the private matters or use notebook to carry out amusement, can only carry out the pressure cryptographic operation this moment, the employee must prevent that the employee from letting out core document by the mode of initiatively divulging a secret through forcing encryption at the file that relates to company's vital strategic secrets that intra-company handles.Its step is as follows:

1) employee normally is linked into company Intranet the inside by legal means, guarantees normally to lead to server ping;

2) client on the notebook computer is verified to server by send authorization informations such as username and password to administrative center;

3) if notebook computer by checking, can normally use the encrypt file of enterprises at this moment; If checking is not passed through, can not use in-company agent-protected file;

4) employee normally operates, the encrypted daily record that stays the employee at intra-company's operation file simultaneously of file when preserving file.

The keeper can login personnel that control desk works overtime to needs and carry out authentication instrument (EKEY) and authorize, and its concrete steps are as follows:

1) keeper logins control center, the correctness of system verification keeper identity and the opereating specification of its mandate;

2) keeper chooses the user that need use EKEY outside, sets its service time and operating right;

3) system judges whether its user is using EKEY (time is not out of date), if EKEY is still not out of date then configuration information is exported as destination file; If EKEY is expired or this user does not use EKEY, then points out the keeper to insert EKEY and configuration information is written to EKEY the inside;

4) keeper sends to the notebook computer user with destination file or EKEY and stays the detail record of mandate.

When the user carried the notebook computer out using, its expection Action Target and open corresponding authority can be judged by system, and its concrete steps are as follows:

1) user opens computer and normally opens the encryption software client-side program;

2) client is judged the EKEY whether normal use is arranged on the notebook computer, if any then reading corresponding information; If do not have and then not carry out entertainment mode, do not allow the user to use encrypt file and guarantee the not encrypted protection of file of its operation;

3) client is judged according to the EKEY information that reads, and in allowed band, then run user normally reads and operate agent-protected file as its cycle and authority; If not in its scope, the prompting user upgrades to the keeper and authorizes and enter entertainment mode;

4) enter mode of operation after, program normal recordings user is to the operation of file, and file is carried out encipherment protection.

The present invention has also disclosed the information safety of mobile electronic equipment protection system when disclosing said method, this system comprises encryption software program, administrative center, user identity identification instrument (being the authentication instrument).Below disclose each ingredient respectively.

Wherein, the encryption software program comprises:

I, file encryption module: computer is executed the file encryption operation after encryption software is installed, and protects at in-company core document;

II, file decryption module: automatically file decryption is arrived internal memory by the backstage, do not influence user's use, do not influence the encrypted state of file on disk simultaneously;

III, internal authentication module: be used for the order etc. that sends request and obtain administrative center to administrative center or other authentication instruments (EKEY etc.);

IV, logger module: be used for the file operation of recording user on this computer (newly-built, copy, move, rename and operation such as deletion).

Wherein, administrative center comprises:

I, user management module: carry out different settings at user or group, make things convenient for by centralized management that the keeper formulates in real time, the strategy of differentiation;

II, user identification module:, be used for the identity of verified users and policy information is issued to the formulation user by online collection user's information;

III, EKEY administration module: can the EKEY rights of using be set at the user,, and setting can be exported as destination file as time, deciphering etc.;

IV, log query and administration module: searching and managing person's system's setting and user management operation, keeper EKEY Authorized operation, and the file operation of user customer notebook computer etc.

Wherein, the user identity identification instrument comprises:

I, identification module: can judge according to the user's name of the inside embedding and the title of client, realize corresponding one by one;

II, control of authority module: the use that client is controlled in cycle that can write according to the inside and control of authority.

Here description of the invention and application is illustrative, is not to want with scope restriction of the present invention in the above-described embodiments.Here the distortion of disclosed embodiment and change are possible, and the various parts of the replacement of embodiment and equivalence are known for those those of ordinary skill in the art.Those skilled in the art are noted that under the situation that does not break away from spirit of the present invention or essential characteristic, and the present invention can be with other form, structure, layout, ratio, and realize with other assembly, material and parts.Under the situation that does not break away from the scope of the invention and spirit, can carry out other distortion and change here to disclosed embodiment.

Claims (9)

1. information safety of mobile electronic equipment protection system is characterized in that: described system comprises administrative center, is arranged at the encrypting and authenticating unit in the described mobile electronic device, the authentication instrument that is connected with mobile electronic device when using;
Described authentication instrument comprises user's identity information, rights of using information;
Described administrative center is in order to setting the rights of using of each subscriber authentication instrument, and rights of using are write in the corresponding authentication instrument;
Described encrypting and authenticating unit comprises:
-file encryption module in order to execute the file encryption operation, is carried out encipherment protection at enactment document;
-file decryption module in order to automatically file decryption is arrived internal memory by the backstage, does not influence the encrypted state of file on disk;
-internal authentication module in order to send request and to obtain order to administrative center or authentication instrument, allows the user with rights of using to use encrypt file; If no rights of using then can't be used encrypt file, but can use non-encrypted file.
2. information safety of mobile electronic equipment protection system according to claim 1 is characterized in that:
When described mobile electronic device connects described administrative center, by the encrypting and authenticating unit of administrative center's control mobile electronic device;
When described mobile electronic device was not connected with described administrative center, described information safety protection system had judged whether that effective authentication instrument connects; If have,, allow respective user to use encrypt file then by the encrypting and authenticating unit of authentication instrument control mobile electronic device; If do not have, then can't use encrypt file, but can use non-encrypted file.
3. information safety of mobile electronic equipment protection system according to claim 1 is characterized in that:
Described encrypting and authenticating unit further comprises logger module, is used for the file operation of recording user on this mobile electronic device, comprise newly-built, copy, move, rename and deletion action.
4. information safety of mobile electronic equipment protection system according to claim 1 is characterized in that:
Described administrative center comprises:
User management module in order to carry out different settings at user or user group, makes things convenient for by centralized management that the keeper formulates in real time, the strategy of differentiation;
User identification module in order to the information by online collection user, is used for the identity of verified users and policy information is issued to the formulation user;
Authentication tool management module is provided with authentication instrument rights of using at the user, and described rights of using comprise service time, deciphering, and setting is exported as destination file;
Log query and administration module, searching and managing person's system's setting and user management operation, keeper's Authorized operation, and the user is to the file operation of mobile electronic device.
5. information safety of mobile electronic equipment protection system according to claim 1 is characterized in that:
Described user rs authentication instrument comprises:
Identification module in order to judge according to the user's name of the inside embedding and the title of encrypting and authenticating unit client, is realized corresponding one by one;
The control of authority module, the use of controlling client in order to the cycle that writes according to the inside and control of authority.
6. the information safety protecting method of the described information safety protection of one of claim 1 to 5 system is characterized in that, described method comprises the steps:
The file encryption-decryption step: the file encryption module is executed the file encryption operation, carries out encipherment protection at enactment document; The file decryption module arrives internal memory with file decryption automatically by the backstage, does not influence the encrypted state of file on disk;
The authority setting step: described administrative center sets the rights of using of each subscriber authentication instrument, and rights of using are write in the corresponding authentication instrument;
When described mobile electronic device connects described administrative center, by the encrypting and authenticating unit of administrative center's control mobile electronic device;
When described mobile electronic device was not connected with described administrative center, described information safety protection system had judged whether that effective authentication instrument connects; If have,, allow respective user to use encrypt file then by the encrypting and authenticating unit of authentication instrument control mobile electronic device; If do not have, then can't use encrypt file, but can use non-encrypted file.
7. information safety protecting method according to claim 6 is characterized in that:
When described mobile electronic device during in LAN (Local Area Network), connect described administrative center, can only carry out the pressure cryptographic operation, the setting classified papers that the user handles in setting LAN (Local Area Network) must be through forcing encryption; Described administrative center is arranged in the server; Its step is as follows:
Described mobile electronic device normally is linked into the setting LAN (Local Area Network) by legal means, guarantees normally to be communicated with server;
The encrypting and authenticating unit of described mobile electronic device is verified to server by sending authorization information to administrative center;
If mobile electronic device is by checking, can normally use the encrypt file of setting in the LAN (Local Area Network) this moment; If checking is not passed through, can not use the encrypt file of setting in the LAN (Local Area Network);
The user carries out normal running, the encrypted daily record that stays user's operation file in setting LAN (Local Area Network) simultaneously of file when preserving file.
8. information safety protecting method according to claim 6 is characterized in that:
The user that the control desk at keeper's login management center is authorized needs authorizes, and its concrete steps are as follows:
Keeper's login management center, the correctness of system verification keeper identity and the opereating specification of its mandate;
The keeper chooses the user who needs mandate, sets its service time and operating right;
Whether system judges its user just at the use certificate instrument, if the authentication instrument is still not out of date then configuration information is exported as destination file; If the authentication instrument is expired or this user use certificate instrument not, then points out keeper's access identity verification tool and configuration information is written in the authentication instrument;
The keeper sends to the mobile electronic device user with destination file or authentication instrument and stays the detail record of mandate.
9. information safety protecting method according to claim 6 is characterized in that:
When the user carried the mobile electronic device out using, its expection Action Target and open corresponding authority can be judged by system, and its concrete steps are as follows:
The user opens mobile electronic device and normally opens the encryption software client-side program;
Client judges whether the authentication of normal use instrument is arranged on the mobile electronic device, if any then reading corresponding information; Then do not allow the user to use encrypt file if having, and guarantee the not encrypted protection of file of its operation;
Client judges according to the authentication tool information that reads, and in allowed band, then run user normally reads and operate classified papers as its cycle and authority; If not in its scope, the prompting user upgrades to the keeper and authorizes and enter the pattern that can't use encrypt file;
After entering the pattern that can use encrypt file, program normal recordings user is to the operation of file, and file is carried out encipherment protection.
CN2010102062856A 2010-06-22 2010-06-22 System and method for protecting information safety of mobile electronic equipment CN101894242B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2010102062856A CN101894242B (en) 2010-06-22 2010-06-22 System and method for protecting information safety of mobile electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2010102062856A CN101894242B (en) 2010-06-22 2010-06-22 System and method for protecting information safety of mobile electronic equipment

Publications (2)

Publication Number Publication Date
CN101894242A true CN101894242A (en) 2010-11-24
CN101894242B CN101894242B (en) 2012-07-18

Family

ID=43103432

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2010102062856A CN101894242B (en) 2010-06-22 2010-06-22 System and method for protecting information safety of mobile electronic equipment

Country Status (1)

Country Link
CN (1) CN101894242B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034059A (en) * 2010-12-02 2011-04-27 东莞宇龙通信科技有限公司 Method and device for managing application program and terminal
CN102281281A (en) * 2011-05-27 2011-12-14 无锡华御信息技术有限公司 Intelligent device access and authority control method in wireless network environment
CN102789563A (en) * 2012-07-19 2012-11-21 无锡华御信息技术有限公司 Protecting system for information safety of website background program and protecting method thereof
CN103401864A (en) * 2013-07-30 2013-11-20 东莞宇龙通信科技有限公司 Terminal and safe login method
CN104125223A (en) * 2014-07-22 2014-10-29 浪潮电子信息产业股份有限公司 Security defending system for private data of mobile device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553349A (en) * 2003-05-29 2004-12-08 联想(北京)有限公司 Safety chip and information safety processor and processing method
CN101079090A (en) * 2007-07-02 2007-11-28 北京飞天诚信科技有限公司 Apparatus for reproducing personal application environment
CN101106455A (en) * 2007-08-20 2008-01-16 北京飞天诚信科技有限公司 Identity authentication method and intelligent secret key device
CN101159754A (en) * 2007-09-28 2008-04-09 李华 Internet application management system operating on intelligent mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1553349A (en) * 2003-05-29 2004-12-08 联想(北京)有限公司 Safety chip and information safety processor and processing method
CN101079090A (en) * 2007-07-02 2007-11-28 北京飞天诚信科技有限公司 Apparatus for reproducing personal application environment
CN101106455A (en) * 2007-08-20 2008-01-16 北京飞天诚信科技有限公司 Identity authentication method and intelligent secret key device
CN101159754A (en) * 2007-09-28 2008-04-09 李华 Internet application management system operating on intelligent mobile terminal

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102034059A (en) * 2010-12-02 2011-04-27 东莞宇龙通信科技有限公司 Method and device for managing application program and terminal
CN102281281A (en) * 2011-05-27 2011-12-14 无锡华御信息技术有限公司 Intelligent device access and authority control method in wireless network environment
CN102789563A (en) * 2012-07-19 2012-11-21 无锡华御信息技术有限公司 Protecting system for information safety of website background program and protecting method thereof
CN103401864A (en) * 2013-07-30 2013-11-20 东莞宇龙通信科技有限公司 Terminal and safe login method
CN104125223A (en) * 2014-07-22 2014-10-29 浪潮电子信息产业股份有限公司 Security defending system for private data of mobile device
CN104125223B (en) * 2014-07-22 2017-07-21 浪潮电子信息产业股份有限公司 A kind of security protection system of mobile device private data

Also Published As

Publication number Publication date
CN101894242B (en) 2012-07-18

Similar Documents

Publication Publication Date Title
US9141822B2 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
US10375039B2 (en) Method and system for digital rights management of documents
CN103605930B (en) A kind of dualized file based on HOOK and filtration drive prevents divulging a secret method and system
CN104662870B (en) Data safety management system
CN102761521B (en) Cloud security storage and sharing service platform
US8938625B2 (en) Systems and methods for securing cryptographic data using timestamps
WO2018032374A1 (en) Encrypted storage system for block chain and method using same
CN102948114B (en) Single for accessing enciphered data uses authentication method and system
US8015417B2 (en) Remote access system, gateway, client device, program, and storage medium
EP2438736B1 (en) Workgroup key wrapping for community of interest membership authentication
US5857021A (en) Security system for protecting information stored in portable storage media
Sandhu et al. Secure information sharing enabled by trusted computing and PEI models
US8806207B2 (en) System and method for securing data
EP2442204B1 (en) System and method for privilege delegation and control
CN101361076B (en) Mobile memory system for secure storage and delivery of media content
CN101853363B (en) File protection method and system
US20130133084A1 (en) Digital rights management of content when content is a future live event
US7698480B2 (en) Portable storage device with updatable access permission
US6550009B1 (en) Encryption system for distributing a common crypt key
KR20160048203A (en) System for accessing data from multiple devices
CN101710380B (en) Electronic document safety protection method
US8407806B2 (en) Digital data distribution detection, deterrence and disablement system and method
CN1223144C (en) Method for securing digital information and system thereof
Riedel et al. A Framework for Evaluating Storage System Security.
US8863305B2 (en) File-access control apparatus and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
LICC Enforcement, change and cancellation of record of contracts on the licence for exploitation of a patent or utility model
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20101124

Assignee: Wuxi Cinsec Information Technology Co., Ltd.

Assignor: Shanghai Cinsec Information Technology Co., Ltd.

Contract record no.: 2012320000967

Denomination of invention: System and method for protecting information safety of mobile electronic equipment

Granted publication date: 20120718

License type: Exclusive License

Record date: 20121009

TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20170908

Address after: 214125. -20-403, 58 embroidered Road, Binhu District, Binhu District, Jiangsu, Wuxi

Patentee after: JIANGSU CINSEC INFORMATION TECHNOLOGY CO., LTD.

Address before: 200433, room 1, building 335, No. 6006, National Road, Shanghai, Yangpu District

Patentee before: Shanghai Cinsec Information Technology Co., Ltd.