CN101997672A - Information security transmission method and system - Google Patents
Information security transmission method and system Download PDFInfo
- Publication number
- CN101997672A CN101997672A CN2009100911935A CN200910091193A CN101997672A CN 101997672 A CN101997672 A CN 101997672A CN 2009100911935 A CN2009100911935 A CN 2009100911935A CN 200910091193 A CN200910091193 A CN 200910091193A CN 101997672 A CN101997672 A CN 101997672A
- Authority
- CN
- China
- Prior art keywords
- memory device
- usb memory
- information
- computer
- machine
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention discloses information security transmission method and system, which belong to the technical field of information security. In the invention, an independent intermediate computer and a computer connected with the internal network are connected through a KVM switcher. The independent intermediate computer and the computer connected with the internal network share a display, a lockable and unlockable USB memory device and a keyboard. By using the USB memory device as an intermediate medium, the independent intermediate computer and the computer connected with the internal network are integrated by means of the lockable and unlockable USB memory device controlled by information transmission flow and the KVM switcher, thereby information release can be avoided and Trojan virus can be prevented effectively so that the security coefficient of information transmission is higher and the whole process of information transmission can be monitored. Mutual combination of software and hardware makes information transmission more convenient, specified and efficient.
Description
Technical field
The invention belongs to information security technology, be specifically related to a kind of information secure transmission method and system.
Background technology
For information is isolated from the outside, prevent that relevant information from leaking, a stand-alone computer (machine in the middle of being called for short) of not being reappointed or reelected consecutively what external network is set usually, if the user need carry out external information and Intranet when mutual, must be at first by middle machine with information transfer to intermediate medium with " read-only character ", carry out the information transfer second time by intermediate medium again, to reach the purpose of stopping information leakage.Wherein, intermediate medium is necessary for " read-only ", otherwise can't take precautions against " ferry-boat " function of extraordinary trojan horse, as shown in Figure 1.
At present, middle machine commonly used is a stand-alone computer that has CD writer that does not connect Intranet, as shown in Figure 2.The user need imprint CDs on middle machine with extraneous information interaction, finishes one-way transmission by read-only optical disc.For example: the user enters Intranet with the information reproduction in other unit's flash disk if desired, then need just to finish external information and be directed into Intranet by a series of operational chain, be specially: machine in the middle of earlier other unit's flash disk being inserted, by middle machine virus killing back imprinting is read-only optical disc, CD is inserted the CD-ROM drive of inner net computer again.There is following shortcoming in machine in the middle of above-mentioned in practical operation:
(1) operating difficulties: the operation of middle machine requires the user must be familiar with imprinting software, can independently carry out the imprinting of CD, but in the real work, be limited to the user's computer operant level, and most of users can not operate CD burning.
(2) waste resource: information is mutual each time, all needs CD of extra imprinting, causes a large amount of wastes of resource.In addition, owing to frequently imprint CDs, the CD writer loss is huge.
(3) efficient is low: because the time of CD burning is longer, need consume the long time usually even the user is transmitted a document, according to statistics, the inside and outside interactive data information amount more than 95% is all about the 1M byte.
(4) can't effectively take precautions against trojan horse: middle machine only relies on antivirus software for the protection of trojan horse, and on the market the antivirus software attack that can not protect extraordinary wooden horse fully at present.Though use the CD burning mode can prevent trojan horse " ferry-boat ", can't prevent that Intranet is infected, so still there is bigger protection leak in the CD burning mode.
(5) be difficult to inquire about firsthand information: if in many CDs, be difficult to search content, transmission time, user profile of certain a file etc.
Summary of the invention
The present invention has overcome deficiency of the prior art, and a kind of method and system of safe transmission information are provided, information transmission security coefficient height.
Technical scheme of the present invention is:
A kind of information secure transmission method, its step comprises:
1) the middle machine that a platform independent is set is connected the computer of Intranet with one, is connected by the KVM switch between the two, above-mentioned independent in the middle of machine and be connected inner net computer shared a display, a USB memory device and a keyboard;
2) but above-mentioned USB memory device is set at the reading and writing state, by middle machine or connect the operation of inner net computer, information is imported in the above-mentioned USB memory device;
3) after the user confirms information all to be imported above-mentioned USB memory device, lock for above-mentioned USB memory device, and be set at a read states;
4) by the KVM switch, the user operates another computer, and the message transmission in the USB memory device is arrived assigned address.
In the described step 3), the information that imports in the above-mentioned USB memory device is checked, judged whether trojan horse.
A kind of information transmission system, comprise that the middle machine of a platform independent is connected the computer of Intranet with one, it is characterized in that, be connected by the KVM switch between the two, above-mentioned independent in the middle of machine and be connected a USB memory device and the keyboard that the shared display, of inner net computer can add release.
Further, the operating system installation of described middle machine is on the large-capacity memory card of a band hardware lock.
Further, the operating system installation of described connection inner net computer is on the large-capacity memory card of a band hardware lock.
Also comprise a monitoring module, be used for monitoring the stored information of USB memory device, and in corresponding database the user of current operating time of record, current register system, and input, export and be kept at the stored information in the USB memory device.
Also comprise a wooden horse identification module, be used for judging whether the stored information of USB memory device has trojan horse.
Compared with prior art, the invention has the beneficial effects as follows:
The present invention adopts the USB memory device that can add release as intermediate medium on hardware, add release according to information transmission process control USB memory device, and by the KVM switch, middle machine and the computer that links Intranet are integrated, can stop information leakage, effectively take precautions against trojan horse, make the coefficient of safety of message transmission higher, but and the whole process of monitor message transmission; By mutually combining of soft, hardware, make more convenient, the standard and more effective more of message transmission operation.
Description of drawings
Fig. 1 is that non-" read-only " intermediate medium is by the flow chart of extraordinary trojan horse " ferry-boat " file;
Fig. 2 is the existing message transmission schematic diagram that has the middle machine of CD writer;
Fig. 3 imports the Intranet schematic diagram for external information of the present invention;
Fig. 4 derives schematic diagram for Intranet information security of the present invention;
Fig. 5 imports the flow chart of Intranet for external information of the present invention;
The flow chart that Fig. 6 derives for Intranet information security of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments the present invention is described in further detail:
With reference to figure 3, Fig. 4, transmission system of the present invention comprises that a middle machine is connected the computer of Intranet with one, and this centre machine is connected with the KVM switch respectively with the computer that is connected Intranet, these two computer utility one displays, a USB memory device and a keyboard.
Wherein, the control signal that the KVM switch sends according to the switching controls module is operated for the user selects suitable computer (machine or connection inner net computer in the middle of independent), and detailed process is:
When information enters Intranet by the outside, the user is at the enterprising line operate of middle machine, after the data of importing needs into Intranet copy to the USB memory device, middle machine sends a signal by the switching controls module to the KVM switch, after the KVM switch is received signal, for the computer that the user selects to connect Intranet is operated, and wait for that the user arrives the user appointed place with the information in the USB memory device by network copy.
When information outputs to the outside by Intranet, the user is at the enterprising line operate of computer that connects Intranet, need copy to the USB memory device from the data of Intranet output, the computer that connects Intranet sends a signal by the switching controls module to the KVM switch, after the KVM switch is received signal, for the user select in the middle of machine operate, and wait for the user with the information reproduction in the USB memory device in external storage medium.
When each KVM switches, but separate lock module the USB memory device is set at a read states or reading and writing state respectively by adding.The USB memory device all can be connected with the computer of the current operation of user, and disconnect the connection of NOT-AND operation computer, finish the automatic transfer of intermediate medium.
Middle machine, for common PC computer fittings assemble, all hardware function is consistent with common PC computer, but the memory device of installing operating system is not a hard disk, but the large-capacity memory card of band hardware lock.Behind the software of keeper installing operating system and application in computer module, storage card is adjusted into a read states, prevents infringement and the attack of trojan horse computer operating system.
Connect inner net computer, for common PC computer fittings assemble, all hardware function is consistent with common PC computer, but the memory device of installing operating system is not a hard disk, but the large-capacity memory card of band hardware lock.Behind the software of keeper installing operating system and application in computer module, storage card is adjusted into a read states, prevents infringement and the attack of trojan horse computer operating system.
Further, also comprise a monitoring module, be used to write down audit log.Automatically analyze canned data in the present USB memory device, and in corresponding database current operating time of record, current register system user, user institute as operation be information import into Intranet or information from Intranet spread out of and the USB memory device canned data (electronic information or file that the user need be imported Intranet into or be exported from Intranet).
As shown in Figure 5, when the user will be transferred to Intranet with external information, concrete steps were as follows:
1) whether machine was mode of operation in the middle of system was at first judged, was not mode of operation as machine in the middle of present, and system sends switching signal to the KVM switch, for the user selects middle machine operation.
2) but system is set at the reading and writing state with the USB memory device, empty All Files in the USB memory device simultaneously, be in and wait for user's mode of operation;
3) user copies external information in the USB memory device, and confirms to finish;
4) system sends the information of locking USB memory device, and the USB memory device is a read states;
5) system judges whether may be injected into trojan horse in the USB memory device (according to whether containing AUTORUN file and corresponding WINDOWS executable file in the USB memory device),, then give a warning to the user as finding;
6) system sends switching signal by middle machine to the KVM switch, switches to the computer operation that connects Intranet, and the login Intranet is transferred to assigned address with external information;
7) the software supervision module is moved automatically, and all relevant informations of this operation are carried out record.
8) after the user finished using, the computer that connects Intranet sent switching signal to the KVM switch, and machine operation state in the middle of switching to repeats the operation awaits next bit user operation in second step automatically.
With reference to figure 6, the user is as follows with the concrete operations that Intranet information derives:
1) system judges at first whether the connection inner net computer is mode of operation, is not mode of operation as present connection inner net computer, and system sends switching signal to the KVM switch, for the user selects to connect the inner net computer operation;
2) but system is set at the reading and writing state with the USB memory device, empty All Files in the USB memory device simultaneously, be in and wait for user's mode of operation;
3) after the user logins and connects inner net computer, Intranet information is copied in the USB memory device, and confirmed to finish;
4) system sends the information of locking USB memory device, and the USB memory device is a read states;
5) the software supervision module is moved automatically, and all relevant informations of this operation are carried out record.
6) system sends switching signal by the computer that connects Intranet to the KVM switch, switch to independent middle machine operation, machine in the middle of the user inserts external medium again, information is derived, even external medium contains trojan horse, machine and current USB memory device with read only attribute in the middle of also can't infecting more can't infect the computer that connects Intranet, have directly ensured the safety of user's Intranet;
7) after the user finished using, system sent switching signal by middle machine to the KVM switch, switched to the computer operation state that connects Intranet, repeated the operation awaits next bit user operation in second step automatically.
Although disclose specific implementation method of the present invention and accompanying drawing for the purpose of illustration, its purpose is to help to understand content of the present invention and implement according to this, but it will be appreciated by those skilled in the art that: without departing from the spirit and scope of the invention and the appended claims, various replacements, variation and modification all are possible.The present invention should not be limited to this specification and the disclosed content of accompanying drawing, and the scope of protection of present invention is as the criterion with the scope that claims define.
Claims (7)
1. information secure transmission method, its step comprises:
1) the middle machine that a platform independent is set is connected the computer of Intranet with one, is connected by the KVM switch between the two, above-mentioned independent in the middle of machine and be connected inner net computer shared a display, a USB memory device and a keyboard;
2) but above-mentioned USB memory device is set at the reading and writing state, by middle machine or connect the operation of inner net computer, information is imported in the above-mentioned USB memory device;
3) after the user confirms information all to be imported above-mentioned USB memory device, lock for above-mentioned USB memory device, and be set at a read states;
4) by the KVM switch, the user operates another computer, and the message transmission in the USB memory device is arrived assigned address.
2. the method for claim 1 is characterized in that, in the described step 3), the information that imports in the above-mentioned USB memory device is checked, has judged whether trojan horse.
3. information transmission system, comprise that the middle machine of a platform independent is connected the computer of Intranet with one, it is characterized in that, be connected by the KVM switch between the two, above-mentioned independent in the middle of machine and be connected a USB memory device and the keyboard that the shared display, of inner net computer can add release.
4. the information transmission system as claimed in claim 3 is characterized in that, the operating system installation of described middle machine is on the large-capacity memory card of a band hardware lock.
5. as the claim 3 or the 4 described information transmission systems, it is characterized in that the operating system installation of described connection inner net computer is on the large-capacity memory card of a band hardware lock.
6. the information transmission system as claimed in claim 3, it is characterized in that, also comprise a monitoring module, be used for monitoring the stored information of USB memory device, and in corresponding database the user of current operating time of record, current register system, and input, export and be kept at the stored information in the USB memory device.
7. the information transmission system as claimed in claim 3 is characterized in that, also comprises a wooden horse identification module, is used for judging whether the stored information of USB memory device has trojan horse.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100911935A CN101997672A (en) | 2009-08-14 | 2009-08-14 | Information security transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2009100911935A CN101997672A (en) | 2009-08-14 | 2009-08-14 | Information security transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101997672A true CN101997672A (en) | 2011-03-30 |
Family
ID=43787322
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2009100911935A Pending CN101997672A (en) | 2009-08-14 | 2009-08-14 | Information security transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101997672A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051593A (en) * | 2011-10-12 | 2013-04-17 | 国民技术股份有限公司 | Method and system for secure data ferry |
| CN103455161A (en) * | 2012-06-01 | 2013-12-18 | 南京神易网络科技有限公司 | Secure KVM switcher |
| CN110096236A (en) * | 2019-04-30 | 2019-08-06 | 广州长图量传电子科技有限公司 | A kind of kvm system USB flash disk remote on-hook switching method |
-
2009
- 2009-08-14 CN CN2009100911935A patent/CN101997672A/en active Pending
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103051593A (en) * | 2011-10-12 | 2013-04-17 | 国民技术股份有限公司 | Method and system for secure data ferry |
| CN103051593B (en) * | 2011-10-12 | 2016-09-14 | 国民技术股份有限公司 | A kind of method and system of ferrying data safely |
| CN103455161A (en) * | 2012-06-01 | 2013-12-18 | 南京神易网络科技有限公司 | Secure KVM switcher |
| CN110096236A (en) * | 2019-04-30 | 2019-08-06 | 广州长图量传电子科技有限公司 | A kind of kvm system USB flash disk remote on-hook switching method |
| CN110096236B (en) * | 2019-04-30 | 2022-05-31 | 广州长图量传电子科技有限公司 | Remote on-hook switching method for U disk of KVM system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| AU2008203454B2 (en) | Systems & Methods for Preventing Unauthorized Use of Digital Content | |
| TWI395113B (en) | File conversion in restricted process | |
| KR101012222B1 (en) | Electronic computer data management method, and storing medium storing the program for the method | |
| CN101795261B (en) | Information protection system and method based on mobile data safety | |
| CN101809566A (en) | File hash identifier calculates efficiently | |
| US20120099219A1 (en) | Secure data storage device | |
| CN102385671B (en) | Software enciphering method and system | |
| CN103049695B (en) | A kind of method for supervising of computer virus and device | |
| CN105718825A (en) | Method and device for detecting malicious USB equipment | |
| CN100419620C (en) | Method for command interaction and two-way data transmission on USB mass storage equipment by program and USB mass storage equipment | |
| CN102591802A (en) | USB flash disk with stored files openable while irreproducible | |
| CN101997672A (en) | Information security transmission method and system | |
| JP2014517376A (en) | Secure data storage method and device | |
| CN104598401A (en) | Domestic platform peripheral equipment management and control system and management and control method thereof | |
| US7529980B2 (en) | Method and apparatus for injecting errors into SAS domains through SAS expanders | |
| CN102214279A (en) | Method and device for controlling host user rights by using external memory equipment | |
| CN101408919A (en) | Method and system for monitoring computer espionage behavior | |
| CN110851880A (en) | Computer data safety control system | |
| CN103051608B (en) | A kind of method and apparatus of movable equipment access monitoring | |
| CN101211392A (en) | Method and system for treating electronic document, method and system for recording cipher key, and document storing system | |
| CN216053036U (en) | Mobile storage device with virus self-checking and killing function | |
| KR20090062199A (en) | Usb memory management system | |
| CN201191510Y (en) | Anti-ferry U disc memory | |
| KR20050084364A (en) | Digital rights conversion system | |
| Thomas et al. | An investigation into the development of an anti-forensic tool to obscure USB flash drive device information on a windows XP platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C53 | Correction of patent for invention or patent application | ||
| CB02 | Change of applicant information |
Address after: 100854 Yongding Road, Beijing, No. 52, No. Applicant after: Beijing Aerospace Xinfeng Machinery Equipment Co., Ltd. Address before: 100854 Yongding Road, Beijing, No. 52, No. Applicant before: Beijing Xinfeng Machinery Factory |
|
| COR | Change of bibliographic data |
Free format text: CORRECT: APPLICANT; FROM: BEIJING XINFENG MACHINERY FACTORY TO: BEIJING AEROSPACE XINFENG MACHINERYEQUIPMENT CO., LTD. |
|
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20110330 |