CN101923678A - Data security protection method of enterprise management software - Google Patents
Data security protection method of enterprise management software Download PDFInfo
- Publication number
- CN101923678A CN101923678A CN2010102410267A CN201010241026A CN101923678A CN 101923678 A CN101923678 A CN 101923678A CN 2010102410267 A CN2010102410267 A CN 2010102410267A CN 201010241026 A CN201010241026 A CN 201010241026A CN 101923678 A CN101923678 A CN 101923678A
- Authority
- CN
- China
- Prior art keywords
- management software
- business management
- client
- file
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses an enterprise management software security protection method and belongs to the field of information security. The method provided by the invention can protect the data security of enterprise confidential information without any influences on the application flow of enterprise management software. In the method, a database file which stores enterprise core confidential data is subjected to storage encryption to prevent secret leakage caused by copying the database file; for preventing password secret leakage from leading to network attack, the access to a database server is controlled, so that only specific terminals are allowed to access the database server after verification; and an enterprise management software system client is protected completely and intelligently, the output files are encrypted, and content copying, printing, screen capturing and any other operation which may lead to secret leakage are strictly controlled in a management software application process.
Description
Technical field
The invention belongs to information security field, be specifically related to a kind of method that ensures business management software data security and confidentiality.
Technical background
At present, most enterprises and institutions all adopt security and the lower homemade management software of confidentiality to handle operation flows such as business finance, goods entry, stock and sales, occurrences in human life, wage, relate to the enterprise key confidential data.The main product of these management softwares adopts C/S (Client/Server, client/database server) framework, wherein, database server adopts general DBMS (Database Management System, relational database, as SQL-Server, Mysql, Oracle etc.), externally provide service (is 1433 ports as SQL-Server) by the Communications service port of database; Client then connects by standard ODBC (OpenDatabase Connectivity, Open Database Connection) engine and above-mentioned database server.
Above-mentioned business management software in use has serious potential safety hazard, and its main hidden danger is listed below:
One: the hidden danger of divulging a secret that the database server stored in clear causes
In the DBMS database server that above-mentioned business management software uses, all data files and journal file all with the clear-text way storage, comprise basic data, occurrences in human life information, financial information, customer information or the like.In case these clear data files and journal file are stolen, can install on the machine of DBMS database of the same type at other and imported easily, will directly cause leaking of enterprise key confidential information.
Two: the hidden danger of divulging a secret that client software causes
In using the business management software client process, each interface, each form all possess the data export function substantially, current form can be exported to forms such as self-defined report form, Excel, cause and divulge a secret; Basic all directly printouts of each form cause and divulge a secret; Even can directly current screen be preserved and send, thereby cause the enterprise key confidential information to divulge a secret by the screenshotss instrument.
Three: lose the network attack that causes because of password
Be having things stolen on the one hand because of the business management software user account.The authentication mode of management software client is simple user name, password authentification, in case common employee has stolen department manager's entry password, can on any one computing machine that the business management software client software is installed, login business management software, check classified information thereby go beyond one's commission, cause enterprise's confidential information to divulge a secret.
Be to the illegal invasion of DBMS data-base remote on the other hand.The DBMS database server that business management software uses provides service by acquiescence Communications service port to All hosts in netting, the super keeper of DBMS database even any password is not set.Computing machine can be directly connected to long-range DBMS database server as long as a DBMS database client ending tool of the same type is installed arbitrarily in same LAN (Local Area Network), backs up the clear data storehouse then, thereby causes enterprise's confidential information to divulge a secret.
In sum,, stop divulging a secret of final user enterprise confidential information, provide a kind of business management software data security protection method safe, highly versatile to have great and the urgent realistic meaning for strengthening the data security of enterprises and institutions' management software.
Summary of the invention
At above-mentioned several potential safety hazards, the object of the present invention is to provide a kind of business management software data security protection method of specialty, main target is:
1, data file and the journal file to the database server given instance carries out storage encryption, prevents to divulge a secret because of copy clear data library file causes, but do not influence the use of database normal function
2, the access control of fulfillment database.The computing machine that has only allowed to install the protection terminal just allows visit background data base server after authorizing, otherwise denial of service without exception, prevents to divulge a secret because of password to cause network attack
3, the computing machine that the business management software client has been installed is encrypted protection, all file destinations of deriving by client software will all be encrypted; In using the client software process, the operation that institute might divulge a secret as printing, screenshotss, content replication etc., will be subjected to strict the restriction.
Below adopt technical scheme with detailed process explanation the present invention:
One: the storage encryption of database file
The present invention mainly uses the storage encryption of virtual disk driver, filter Driver on FSD and file redirection technology fulfillment database file, and concrete steps are as follows:
Step 1: utilize virtual disk driver to create one and can hold the data file of specified database example and the virtual disk files of journal file, hide and be kept at any disk partition.
Step 2: the disk file of utilizing virtual disk driver installation steps 1 to create becomes a hiding virtual disk partition (the subregion drive is # in the present invention :), utilizes the process guard technology to prevent that unauthorized process from visiting this virtual disk partition (drive # :) simultaneously.
Step 3: stop the database service process, the data file of copy specified database example and journal file are encrypted original data file and journal file then to virtual disk partition (drive # :), or directly deletion;
Step 4: the load document filtration drive, this driving can be tackled the startup of all processes in the operating system;
Step 5: log-on data storehouse service processes, filter Driver on FSD is injected the file redirection function code to the database service process with the startup of data interception storehouse service processes at this moment;
Step 6: above-mentioned file redirection function code all is redirected to corresponding file in the virtual disk partition (drive # :) by the reading and writing operation of data interception storehouse service processes to data file and journal file, does not influence the use of database service fully;
Step 7: virtual disk driver when realizing preserving is encrypted the reading and writing operation of intercepted data storehouse service processes to virtual disk partition (drive # :) automatically, deciphers automatically when reading.
Above flow process can not influence under the database server normal operation, realizes that data file and journal file are stored in the virtual disk files with cipher mode.
Two: the access control of fulfillment database
The present invention is from database server side and business management software client two parts, in conjunction with LSP (Layered Service Provider, hierarchical service provides program, can surveillance network communication situation) network application layer filter and TDI (Transport Driver Interface, the transmission driving interface) network-driven layer filters, the access control of fulfillment database, concrete steps are as follows:
The server end access control:
Major function: realize the Communications service port of database server is monitored, only allow the IP of appointment to connect.
Step 1: at database server place computing machine LSP network application filtrator is installed, is monitored and tackle the all-network communication situation of current system;
Step 2: utilize the Communications service port of LSP network application filtrator monitored data storehouse server processes,, from this connects, analyze the IP and the port of client, enter step 3 in case find have Terminal Server Client to be connected to this port;
Step 3:LSP network application filtrator is according to right assignment table (authority list of which client ip accessing database of the permission of safeguarding in the method for the present invention), retrieve the authority of current connection client, if judge to allow to connect then this connection of letting pass that this moment, this client can normally be connected to database server; If judging does not have this authority, then disconnect this connection immediately, this moment, this client can't be connected to database server.
The client access control:
Major function: the network-driven layer based on TDI filters, and only allows the appointment process of authorized client to connect database server in the section at the appointed time.
Step 1: at business management software client place computing machine the TDI network-driven is installed, monitor and tackle current system all be connected to the network communication situation of the Communications service port of specified database server;
In a single day step 2:TDI network-driven listens to the communication of the Communications service port of attempting to be connected to database server, analyzes the current progress information that connects from this communication connects, and enters step 3;
Step 3:TDI network-driven is according to predefined right assignment table (authority list of which process accessing database of permission client of safeguarding in the method for the present invention), whether the retrieval current process has authority to be connected to database server, if judge to allow to connect then this connection of letting pass that this moment, this process can normally be connected to database server; If judging does not have this authority, then directly to return, this moment, this process prompting connected failed database server.
The network application layer of the LSP of above flow process by server end filters and the network-driven filtration of the TDI of client, the access control of fulfillment database server.
Three: realize the encryption protection of business management software client
The present invention mainly uses filter Driver on FSD and API HOOK (a kind of technology that is used to change the API execution result, Microsoft self has also used this technology in Windows operating system the inside, as the Windows compatibility mode etc.) technology realizes that the output file of business management software client is encrypted and application safety protects, concrete steps are as follows:
Step 1: at business management software client place computing machine installation file filtration drive and API HOOK.Filter Driver on FSD is responsible for the output file of business management software client is encrypted automatically, and API HOOK is responsible for filtering and the contingent behavior of divulging a secret of interception business management software client.
Step 2: can tackle the startup of all processes of current system after the load document filtration drive,, then enter transparent encryption and decryption flow process, the file of all derivation of business management software client is forced to encrypt in case intercept the startup of business management software client; When reading the file of having encrypted, the business management software client deciphers automatically.
Step 3: load the application protection that API HOOK realizes the business management software client, core A PI such as the content replication of initiating by the filter operation system, printing, screenshotss, judge whether to let pass according to delegated strategy (the client protection authority of safeguarding in the system of the present invention) then, if do not allow then directly return, these core A PI that may divulge a secret can not correct execution, reaches anti-printing, screenshotss, content replication etc. with this.
Preferably, described business management software is for using the business management software of C/S framework.
Preferably, the described database of described database is the DBMS database.
Above flow process can realize that the file of all outputs of business management software client all is performed pressure and encrypts, and content replication, report printing, screenshotss operations all in using the business management software client process will be subjected to strict the restriction, prevent to divulge a secret.
Description of drawings
Fig. 1 is a SQL-Server database server stores encryption technology schematic diagram
Fig. 2 is SQL-Server database server stores encryption flow figure
Fig. 3 is a SQL-Server database side LSP access control process flow diagram
Fig. 4 is a business management software client TDI access control process flow diagram
Fig. 5 forces encryption flow figure for the output of business management software client file
Fig. 6 is the business management software client protection process flow diagram of divulging a secret
Embodiment
Following the present invention is an example with the SQL-Server database server, in conjunction with the accompanying drawings technical scheme of the present invention is carried out clear, complete description.Wherein, the present invention also is applicable to the protection of DBMS databases such as MySql, Oracle.Based on the embodiment among the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that is obtained under the creative work prerequisite.
One: the SQL-Server database server stores is encrypted
SQL-Server database server stores encryption technology principle has been described as shown in Figure 1.The present invention has created a virtual disk files than large space at the SQL-Server server end, utilizes virtual disk driver that the virtual disk partition of hiding (the subregion drive is # in the present invention :) is installed then; All write hidden partition #: data will encrypt automatically and store virtual disk files into.Utilize the operation of the reading and writing data file of filter Driver on FSD interception SQL-Server server processes, be redirected to virtual disk partition (drive # :), in virtual disk files, and the normal function of SQL-Server database is unaffected with these whole encrypting storing of data file, journal file that realize all establishments of SQL-Server and preservation.
As shown in Figure 2, specifically described techniqueflow of the present invention:
A) when initialization is installed, create a virtual disk files than large space, utilize virtual disk driver that this disk file is installed and become a hiding virtual disk partition (the subregion drive is # in the present invention :); Stop the SQL-Server service processes then, copy data file to be protected and journal file to virtual disk partition (drive # :), processing is encrypted or deleted to raw data file and journal file
B) in the normal use, utilize the startup of all processes in the load document filtration drive interception operating system; After determining the startup of SQL-Server service processes, then inject the file redirection function code, with the reading and writing file operation of interception SQL-Server service processes
C) the reading and writing file operation of intercepting the SQL-Server service processes when the file redirection function all is redirected to corresponding file in the virtual disk partition (drive # :)
D) as shown in the figure, virtual disk driver will be intercepted and captured the reading and writing operation of SQL-Server service processes to virtual disk partition (drive # :), encrypt automatically when realizing preserving, and decipher automatically when reading.
In this flow process, the invention provides the process protection drives, the process that allows accesses virtual disk partition (drive # :) is filtered and tackled, prevent that the hacker from passing through CMD (Windows Command Prompt, Windows system of Microsoft is based on the command interpreter on the command.com) or the direct accesses virtual disk partition of specific purpose tool (drive # :).
Two: the access control of SQL-Server database
1. server end access control
The granted access of utilizing LSP network application layer filtrator realization assigned ip in the SQL-Server service end has been described as Fig. 3.Basic procedure is:
A) at SQL-Server server place computing machine LSP network application layer filtrator is installed, is monitored the communication that all Terminal Server Clients attempt to be connected to local SQL-Server server 1433 ports;
B) listened to Terminal Server Client when attempting to connect local SQL-Server server 1433 ports when LSP network application layer filtrator, then decompose IP and the port that connects, which judge whether to allow to connect according to predefined right assignment table (authority list of the permission of safeguarding in the system of the present invention client ip accessing database) then, if allow to connect then clearance, otherwise the refusal establishment connects.
In this flow process, the present invention can accomplish in the access control of SQL-Server service end based on the IP rule judgment, but whether be the process of authorizing be connected to SQL-Server server, cause enterprise's confidential information to be divulged a secret thereby may therefore cause being connected to the SQL-Server server in client by other hack tools if can't discern Terminal Server Client.
2. client access control
As shown in Figure 4, the validity of client connection process judges will have the TDI that is installed in business management software client place computing machine to drive and judge, remedies the leak of Fig. 3 with this.Basic procedure is:
A) at the business management software client computer TDI network filtering is installed and is driven, monitor the local communication of attempting to be connected to SQL-Server server 1433 ports that connects;
B) the TDI network filtering drives the incident of attempting to be connected to SQL-Server server 1433 ports of intercepting, then analyze the process of initiating connection, obtain process finger print information and predefined right assignment table (authority list of which process accessing database of permission client of safeguarding in the system of the present invention) and carry out verification, if verification succeeds then let pass, this process can normally be connected to the SQL-Server server; If failing, verification disconnects connection, then this process connection failure.
In this flow process, the present invention can accomplish in the access control of business management software client based on application program, has effectively remedied the defective of LSP network application filtrator.
Three: the encryption protection of business management software client
As shown in Figure 5 and Figure 6, the process of the output of business management software client being encrypted and used protection has been described.
As shown in Figure 5, the startup that mainly utilizes filter Driver on FSD interception process is encrypted in the output of business management software client, and realization is encrypted output file and read deciphering, and idiographic flow is:
A) filter Driver on FSD that is installed in the business management software client is tackled the startup of all processes, if judge it is legal client process, then starts transparent encryption and decryption flow process;
B) utilize transparent encryption and decryption flow process that the file of all derivation of business management software client is forced to encrypt; When reading the file of having encrypted, the business management software client deciphers automatically.
Business management software client application protection process has been described as shown in Figure 6.Startup by filter Driver on FSD interception business management software client, inject API HOOK to realize application safety protection to the business management software client, core A PI such as the content replication of initiating by filtering system, printing, screenshotss, judge whether to let pass according to delegated strategy (the client protection authority of safeguarding in the system of the present invention) then, if do not allow then directly return, these core A PI that may divulge a secret can not correct execution, reaches functions such as anti-printing, screenshotss, content replication with this.
Encrypting and use two kinds of means of protection by output combines, the present invention can accomplish that the All Files of business management software client output forces to encrypt automatically, divulge a secret even spread away also can not cause, the business management software client still can normally be used the file of having encrypted simultaneously; Use and normally to use content replication, report printing, screenshotss or the operation of record screen to cause enterprise's confidential information to divulge a secret when protection then can be implemented in use business management software client.
We illustrate feasibility of the present invention with a certain specific embodiment at last.
The cover financial software system that certain unit installs and uses is divided into SQL-Server database server and financial client two parts, has a series of potential safety hazards, presses for solution:
1. be example with the SQL-Server database,,, will directly cause and divulge a secret in case data file and journal file have been taken in hacker attacks or collusion from both within and without away owing to be stored in clear.
After the SQL-Server database server stores encryption method of having used the present invention to describe, to store in the virtual disk files all SQL-Server data of database files and journal file encryption at server end, original file will be encrypted and delete, and therefore can't obtain valuable data file and journal file.
2. from the access control of SQL-Server database, in case financial client password is stolen, perhaps the SA account password of SQL-Server database is lost, the ax-grinder will directly can login financial client in LAN (Local Area Network), the SQL-Server client perhaps directly is installed signs in in the SQL-Server database, thereby cause financial information to divulge a secret.
After the LSP network application layer filtration of using the present invention to describe and the driving of TDI network filtering; can carry out access control based on IP in the SQL-Server database server side; can carry out access control based on process in the financial software client, both effective combinations will make up complete SQ L-Server database server access control protection.
3. from the financial client approach of divulging a secret, having logined and can having derived financial information after the financial client is multiple statement form, can cause divulging a secret of current financial information by means such as content replication, printing, screenshotss or record screens simultaneously.
After the protection flow process is encrypted and used in the output of having used financial client described in the invention, the All Files of financial client output will be encrypted automatically; When using financial client, means such as content replication, printing, screenshotss or record screen will be carried out strictness control, exercise extreme caution of telling secrets.
The present invention also is applicable to other DBMS data management systems, as frequently-used data storehouse platforms such as ACESS, MySql, FoxPro, Sybase, Oracle to SQL-Server database file storage encryption and admission control function.
Claims (6)
1. the data security protection method of a business management software is handled by database and client to business management software, realizes the safeguard protection to the business management software data, is specially:
(1) the data library file is carried out storage encryption, prevent that database server from divulging a secret;
(2) database server is carried out access control, the computing machine that has only allowed to install the protection terminal just allows visit background data base server after authorizing, prevent unauthorized terminal invasion;
(3) protection is encrypted and used in the output of business management software client, promptly all file destinations of deriving by client software are encrypted, prevent to divulge a secret by client software.
2. the data security protection method of a kind of business management software according to claim 1 is characterized in that, described storage encryption concrete steps to the data library file are:
(2.1) create a virtual disk files, utilize virtual disk driver that this virtual disk files is installed and become a hiding virtual disk partition, stop the database service process then, copy data file to be protected and journal file to described virtual disk partition, processing is encrypted or deleted to raw data file and journal file;
(2.2) use filter Driver on FSD to tackle the startup of all processes in the operating system, after determining the database service process initiation, then inject the file redirection function code, with the reading and writing file operation of data interception storehouse service processes;
(2.3) utilize the file redirection data reading and writing operation that the database service process is all to be redirected in the described virtual disk partition, virtual disk driver is with the reading and writing operation of intercepted data storehouse service processes to described virtual disk partition, automatically encrypt when realizing preserving, decipher automatically when reading.
3. the data security protection method of a kind of business management software according to claim 1 and 2; it is characterized in that; described access control to database server is by from database server side and business management software client two parts; filter in conjunction with the network application layer filtration of LSP and the network-driven layer of TDI; the access control of fulfillment database, detailed process is:
(3.1) database server place computing machine by LSP the network application layer filtration monitoring and tackle all-network communication situation in the operating system, when intercepting Terminal Server Client and attempt to connect the Communications service port of database server, then decompose IP and the port that connects, judge whether to allow to connect according to predefined right assignment table then, if allow to connect then clearance, otherwise the refusal establishment connects;
(3.2) in the network-driven layer filtration drive of business management software client by TDI, monitor and tackle current system all be connected to the network communication situation of specified database server Communications service port, analyze the process of initiating connection, obtain the process finger print information and predefined right assignment table carries out verification, if allow then let pass, if do not allow then disconnect immediately.
4. according to the data security protection method of one of claim 1-3 described a kind of business management software; it is characterized in that; the output of described business management software client is encrypted and is used protection and is specially; at business management software client place computing machine installation file filtration drive and API Hook; described filter Driver on FSD is used for the output file of business management software client is encrypted automatically, and described API Hook is used to filter and tackle the execution of the core A PI that the business management software client may divulge a secret.
5. according to the data security protection method of one of claim 1-4 described a kind of business management software, it is characterized in that described business management software is for using the business management software of C/S framework.
6. according to the data security protection method of one of claim 1-5 described a kind of business management software, it is characterized in that described database is the DBMS database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102410267A CN101923678A (en) | 2010-07-30 | 2010-07-30 | Data security protection method of enterprise management software |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102410267A CN101923678A (en) | 2010-07-30 | 2010-07-30 | Data security protection method of enterprise management software |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101923678A true CN101923678A (en) | 2010-12-22 |
Family
ID=43338595
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102410267A Pending CN101923678A (en) | 2010-07-30 | 2010-07-30 | Data security protection method of enterprise management software |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101923678A (en) |
Cited By (33)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102591802A (en) * | 2011-01-05 | 2012-07-18 | 广州市国迈科技有限公司 | USB flash disk with stored files openable while irreproducible |
| CN102710452A (en) * | 2012-06-26 | 2012-10-03 | 深圳市华力特电气股份有限公司 | Method and device for managing visit of multiple clients |
| CN102708335A (en) * | 2012-05-05 | 2012-10-03 | 南京赛孚科技有限公司 | Confidential file protection method |
| CN102750483A (en) * | 2012-06-21 | 2012-10-24 | 无锡华御信息技术有限公司 | SQL (structured query language) injection attack protection method based on database |
| CN102761559A (en) * | 2012-08-02 | 2012-10-31 | 上海上讯信息技术有限公司 | Private data-based network security sharing method and communication terminal |
| CN102880539A (en) * | 2012-08-23 | 2013-01-16 | 福建升腾资讯有限公司 | Log redirecting method based on windows embedded standard (WES) system |
| CN103150270A (en) * | 2012-02-15 | 2013-06-12 | 林善红 | Security method for distributing data |
| CN103166977A (en) * | 2013-04-16 | 2013-06-19 | 福建伊时代信息科技股份有限公司 | Method, terminal, server and system for accessing website |
| CN103279717A (en) * | 2013-06-19 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Operation method and device for documents |
| CN103544286A (en) * | 2013-10-28 | 2014-01-29 | 中国软件与技术服务股份有限公司 | Database protection method |
| CN103679368A (en) * | 2013-12-13 | 2014-03-26 | 清华大学 | Wafer CMP processing information management system |
| CN104077244A (en) * | 2014-07-20 | 2014-10-01 | 湖南蓝途方鼎科技有限公司 | Process isolation and encryption mechanism based security disc model and generation method thereof |
| CN104580083A (en) * | 2013-10-17 | 2015-04-29 | 苏州慧盾信息安全科技有限公司 | System and method for providing safety protection for financial system |
| CN104636675A (en) * | 2013-11-08 | 2015-05-20 | 苏州慧盾信息安全科技有限公司 | System and method for providing safety protection for database |
| CN104732160A (en) * | 2015-02-03 | 2015-06-24 | 武汉风奥软件技术有限公司 | Control method for preventing database information from being leaked internally |
| CN104750428A (en) * | 2013-12-27 | 2015-07-01 | 纬创资通股份有限公司 | Block storage access and gateway module, storage system and method, and content delivery apparatus |
| CN104992123A (en) * | 2015-04-16 | 2015-10-21 | 中安比特(江苏)软件技术有限公司 | Database transparency encryption method |
| CN105488420A (en) * | 2014-10-10 | 2016-04-13 | 广州联奕信息科技有限公司 | Drive layer kernel-level code-based file encrypting method and device |
| CN105592027A (en) * | 2014-11-18 | 2016-05-18 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for preventing drag of DNS |
| CN106130983A (en) * | 2016-06-28 | 2016-11-16 | 安徽润谷网络科技有限公司 | A kind of firewall applications framework of business management software |
| CN106203106A (en) * | 2016-06-28 | 2016-12-07 | 安徽润谷网络科技有限公司 | A kind of firewall applications framework |
| CN106375282A (en) * | 2016-08-26 | 2017-02-01 | 安徽润谷网络科技有限公司 | Firewall network architecture |
| CN106406838A (en) * | 2015-07-31 | 2017-02-15 | 腾讯科技(深圳)有限公司 | Screen shot sharing method, apparatus, and system |
| CN107360250A (en) * | 2017-08-08 | 2017-11-17 | 郑空军 | A kind of service end system of business management software |
| CN107644174A (en) * | 2016-07-22 | 2018-01-30 | 株式会社日立解决方案 | Data leak prevention system and data leak prevention method |
| CN107734046A (en) * | 2017-10-26 | 2018-02-23 | 山东浪潮通软信息科技有限公司 | Method, service end, client and the system of remote operation database |
| CN108156124A (en) * | 2016-12-02 | 2018-06-12 | 航天星图科技(北京)有限公司 | A kind of secure data management system of layering |
| CN109858205A (en) * | 2018-12-29 | 2019-06-07 | 深圳市雁联移动科技有限公司 | A kind of safe Enhancement Method and device suitable for enterprise mobile working portal |
| CN109886034A (en) * | 2019-02-27 | 2019-06-14 | 北京智游网安科技有限公司 | A kind of APK data encryption processing method, intelligent terminal and storage medium |
| CN111339526A (en) * | 2020-02-18 | 2020-06-26 | 上海迅软信息科技有限公司 | USB disk encryption method for enterprise information security |
| CN112131533A (en) * | 2020-08-27 | 2020-12-25 | 北京云动智效网络科技有限公司 | Document protection method and system |
| CN112883422A (en) * | 2021-02-24 | 2021-06-01 | 江苏保旺达软件技术有限公司 | Database access control method and device based on protocol analysis and server |
| CN113836008A (en) * | 2021-09-13 | 2021-12-24 | 支付宝(杭州)信息技术有限公司 | Method and system for fuzz testing of virtual machine monitor |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1299103A (en) * | 1999-12-03 | 2001-06-13 | 朴宰佑 | User certification system and method performed by bio-information in network |
| CN1373424A (en) * | 2001-11-29 | 2002-10-09 | 上海格尔软件股份有限公司 | Virtual magnetic disk method under windows |
| US20040049677A1 (en) * | 2002-09-11 | 2004-03-11 | Chung-I Lee | Authorization and security management system and method |
| CN1540547A (en) * | 2003-10-27 | 2004-10-27 | �Ϻ���ŵ���簲ȫ������չ�ɷ����� | Controlling method for accessing networked games and method of charging |
| US7050589B2 (en) * | 2001-08-17 | 2006-05-23 | Sun Microsystems, Inc. | Client controlled data recovery management |
| CN1937495A (en) * | 2006-09-29 | 2007-03-28 | 清华大学深圳研究生院 | Digital copyright protection method and system for media network application |
| US20080066184A1 (en) * | 2006-09-13 | 2008-03-13 | Nice Systems Ltd. | Method and system for secure data collection and distribution |
| CN101266609A (en) * | 2008-04-30 | 2008-09-17 | 中山爱科数字科技有限公司 | Method for accomplishing medical data external inquiry for digital remote medical treatment |
-
2010
- 2010-07-30 CN CN2010102410267A patent/CN101923678A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1299103A (en) * | 1999-12-03 | 2001-06-13 | 朴宰佑 | User certification system and method performed by bio-information in network |
| US7050589B2 (en) * | 2001-08-17 | 2006-05-23 | Sun Microsystems, Inc. | Client controlled data recovery management |
| CN1373424A (en) * | 2001-11-29 | 2002-10-09 | 上海格尔软件股份有限公司 | Virtual magnetic disk method under windows |
| US20040049677A1 (en) * | 2002-09-11 | 2004-03-11 | Chung-I Lee | Authorization and security management system and method |
| CN1540547A (en) * | 2003-10-27 | 2004-10-27 | �Ϻ���ŵ���簲ȫ������չ�ɷ����� | Controlling method for accessing networked games and method of charging |
| US20080066184A1 (en) * | 2006-09-13 | 2008-03-13 | Nice Systems Ltd. | Method and system for secure data collection and distribution |
| CN1937495A (en) * | 2006-09-29 | 2007-03-28 | 清华大学深圳研究生院 | Digital copyright protection method and system for media network application |
| CN101266609A (en) * | 2008-04-30 | 2008-09-17 | 中山爱科数字科技有限公司 | Method for accomplishing medical data external inquiry for digital remote medical treatment |
Cited By (43)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102591802A (en) * | 2011-01-05 | 2012-07-18 | 广州市国迈科技有限公司 | USB flash disk with stored files openable while irreproducible |
| CN103150270A (en) * | 2012-02-15 | 2013-06-12 | 林善红 | Security method for distributing data |
| CN102708335A (en) * | 2012-05-05 | 2012-10-03 | 南京赛孚科技有限公司 | Confidential file protection method |
| CN102750483A (en) * | 2012-06-21 | 2012-10-24 | 无锡华御信息技术有限公司 | SQL (structured query language) injection attack protection method based on database |
| CN102710452A (en) * | 2012-06-26 | 2012-10-03 | 深圳市华力特电气股份有限公司 | Method and device for managing visit of multiple clients |
| CN102710452B (en) * | 2012-06-26 | 2014-12-17 | 深圳市华力特电气股份有限公司 | Method and device for managing visit of multiple clients |
| CN102761559A (en) * | 2012-08-02 | 2012-10-31 | 上海上讯信息技术有限公司 | Private data-based network security sharing method and communication terminal |
| CN102761559B (en) * | 2012-08-02 | 2016-02-17 | 上海上讯信息技术股份有限公司 | Network security based on private data shares method and communication terminal |
| CN102880539A (en) * | 2012-08-23 | 2013-01-16 | 福建升腾资讯有限公司 | Log redirecting method based on windows embedded standard (WES) system |
| CN103166977A (en) * | 2013-04-16 | 2013-06-19 | 福建伊时代信息科技股份有限公司 | Method, terminal, server and system for accessing website |
| CN103279717A (en) * | 2013-06-19 | 2013-09-04 | 福建伊时代信息科技股份有限公司 | Operation method and device for documents |
| CN104580083A (en) * | 2013-10-17 | 2015-04-29 | 苏州慧盾信息安全科技有限公司 | System and method for providing safety protection for financial system |
| CN103544286A (en) * | 2013-10-28 | 2014-01-29 | 中国软件与技术服务股份有限公司 | Database protection method |
| CN103544286B (en) * | 2013-10-28 | 2017-04-12 | 中国软件与技术服务股份有限公司 | Database protection method |
| CN104636675A (en) * | 2013-11-08 | 2015-05-20 | 苏州慧盾信息安全科技有限公司 | System and method for providing safety protection for database |
| CN103679368A (en) * | 2013-12-13 | 2014-03-26 | 清华大学 | Wafer CMP processing information management system |
| CN104750428A (en) * | 2013-12-27 | 2015-07-01 | 纬创资通股份有限公司 | Block storage access and gateway module, storage system and method, and content delivery apparatus |
| CN104750428B (en) * | 2013-12-27 | 2018-03-02 | 纬创资通股份有限公司 | Block storage access and gateway module, storage system and method, and content delivery apparatus |
| CN104077244A (en) * | 2014-07-20 | 2014-10-01 | 湖南蓝途方鼎科技有限公司 | Process isolation and encryption mechanism based security disc model and generation method thereof |
| CN105488420B (en) * | 2014-10-10 | 2018-08-28 | 广州联奕信息科技有限公司 | A kind of method and device of the file encryption based on driving layer kernel level code |
| CN105488420A (en) * | 2014-10-10 | 2016-04-13 | 广州联奕信息科技有限公司 | Drive layer kernel-level code-based file encrypting method and device |
| CN105592027A (en) * | 2014-11-18 | 2016-05-18 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for preventing drag of DNS |
| CN105592027B (en) * | 2014-11-18 | 2019-10-22 | 慧盾信息安全科技(苏州)股份有限公司 | A kind of security protection system and method for preventing dragging library for DNS |
| CN104732160A (en) * | 2015-02-03 | 2015-06-24 | 武汉风奥软件技术有限公司 | Control method for preventing database information from being leaked internally |
| CN104732160B (en) * | 2015-02-03 | 2018-04-13 | 武汉风奥软件技术有限公司 | A kind of control method for preventing from divulging a secret inside database information |
| CN104992123A (en) * | 2015-04-16 | 2015-10-21 | 中安比特(江苏)软件技术有限公司 | Database transparency encryption method |
| CN106406838A (en) * | 2015-07-31 | 2017-02-15 | 腾讯科技(深圳)有限公司 | Screen shot sharing method, apparatus, and system |
| CN106130983A (en) * | 2016-06-28 | 2016-11-16 | 安徽润谷网络科技有限公司 | A kind of firewall applications framework of business management software |
| CN106203106A (en) * | 2016-06-28 | 2016-12-07 | 安徽润谷网络科技有限公司 | A kind of firewall applications framework |
| CN107644174A (en) * | 2016-07-22 | 2018-01-30 | 株式会社日立解决方案 | Data leak prevention system and data leak prevention method |
| CN107644174B (en) * | 2016-07-22 | 2021-01-08 | 株式会社日立解决方案 | Data leakage prevention system and data leakage prevention method |
| CN106375282A (en) * | 2016-08-26 | 2017-02-01 | 安徽润谷网络科技有限公司 | Firewall network architecture |
| CN108156124B (en) * | 2016-12-02 | 2019-03-15 | 中科星图股份有限公司 | A kind of secure data management system of layering |
| CN108156124A (en) * | 2016-12-02 | 2018-06-12 | 航天星图科技(北京)有限公司 | A kind of secure data management system of layering |
| CN107360250A (en) * | 2017-08-08 | 2017-11-17 | 郑空军 | A kind of service end system of business management software |
| CN107734046A (en) * | 2017-10-26 | 2018-02-23 | 山东浪潮通软信息科技有限公司 | Method, service end, client and the system of remote operation database |
| CN109858205A (en) * | 2018-12-29 | 2019-06-07 | 深圳市雁联移动科技有限公司 | A kind of safe Enhancement Method and device suitable for enterprise mobile working portal |
| CN109886034A (en) * | 2019-02-27 | 2019-06-14 | 北京智游网安科技有限公司 | A kind of APK data encryption processing method, intelligent terminal and storage medium |
| CN111339526A (en) * | 2020-02-18 | 2020-06-26 | 上海迅软信息科技有限公司 | USB disk encryption method for enterprise information security |
| CN112131533A (en) * | 2020-08-27 | 2020-12-25 | 北京云动智效网络科技有限公司 | Document protection method and system |
| CN112883422A (en) * | 2021-02-24 | 2021-06-01 | 江苏保旺达软件技术有限公司 | Database access control method and device based on protocol analysis and server |
| CN113836008A (en) * | 2021-09-13 | 2021-12-24 | 支付宝(杭州)信息技术有限公司 | Method and system for fuzz testing of virtual machine monitor |
| CN113836008B (en) * | 2021-09-13 | 2023-10-27 | 支付宝(杭州)信息技术有限公司 | Method and system for performing fuzzy test on virtual machine monitor |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101923678A (en) | Data security protection method of enterprise management software | |
| CN101512490B (en) | Securing data in a networked environment | |
| Basharat et al. | Database security and encryption: A survey study | |
| CN102156844A (en) | Implementation method of electronic document on-line/off-line safety management system | |
| CN102999732B (en) | Multi-stage domain protection method and system based on information security level identifiers | |
| CN102043927B (en) | Data divulgence protection method for computer system | |
| CN104680079A (en) | Electronic document security management system and electronic document security management method | |
| CN102948114A (en) | Single-use authentication methods for accessing encrypted data | |
| CN102508792B (en) | Method for realizing secure access of data in hard disk | |
| CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN105740725A (en) | File protection method and system | |
| CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
| CN107563221A (en) | A kind of certification decoding security management system for encrypting database | |
| CN102299920A (en) | Electronic document safety management system | |
| CN101833620A (en) | Custom security JDBC driver-based database protective method | |
| CN101763225A (en) | System and method for protecting virtual disk files | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN104376270A (en) | File protection method and system | |
| CN109684866A (en) | A kind of safe USB disk system for supporting multi-user data to protect | |
| WO2019073720A1 (en) | File access monitoring method, program, and system | |
| CN102073598A (en) | Method and device for protecting disc data security | |
| Belmabrouk | Cyber Criminals and Data Privacy Measures | |
| CN107273725A (en) | A kind of data back up method and system for classified information | |
| CN108600178A (en) | A kind of method for protecting and system, reference platform of collage-credit data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101222 |