Summary of the invention
Main purpose of the present invention is to detect sensitive network and causes the problem that outreaches through USB interface, provides a kind of the detection to lose the method and the USB device of divulging a secret.Said technical scheme is following:
A kind of detection lost the method for divulging a secret, and comprising:
When USB device was connected to the Intranet client, said USB device received and installs corresponding supervisory programme;
When the said USB device that corresponding supervisory programme is installed was connected to arbitrary client, corresponding supervisory programme judged whether said arbitrary client is the outer net client, if then handle accordingly.
Said when USB device is connected to the Intranet client, said USB device receives and corresponding supervisory programme is installed, and specifically comprises:
USB device receives the detection of Intranet client monitors program; Inquire about whether corresponding supervisory programme is arranged in the said USB device; If do not have; Then said USB device receives and corresponding supervisory programme is installed, and comprises the terminal iidentification and the USB device user number of the execution command of corresponding supervisory programme, said Intranet client in the corresponding supervisory programme.
Corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly and comprise:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that said monitor server returns, then said arbitrary client is the outer net client;
Corresponding supervisory programme sends warning message with said USB device locking or to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of said USB device in the said warning message.
Corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly and comprise:
If corresponding supervisory programme does not receive the information that said arbitrary client is sent; Then said arbitrary client is the outer net client; Corresponding supervisory programme is copied to said outer net client with said USB device locking or corresponding supervisory programme, keeps watch on said outer net client.
Corresponding supervisory programme is copied to said outer net client, keeps watch on said outer net client, specifically comprises:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that said monitor server returns; Then corresponding supervisory programme sends warning message to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of said USB device in the said warning message.
Said USB device receives and installs corresponding supervisory programme and also comprises afterwards:
The supervisory programme of said Intranet client sends to interior network server to said USB device connection event information, comprises the terminal iidentification of the information and the said Intranet client of said USB device in the said information.
A kind of detection lost the USB device of divulging a secret, and comprising:
Writing module: be used for when USB device is connected to the Intranet client, receiving and install corresponding supervisory programme;
Monitor module: be used for when the USB device of the corresponding supervisory programme of said installation is connected to arbitrary client, corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly.
The said write module specifically comprises:
Query unit: be used to receive the detection of Intranet client monitors program; Inquire about whether corresponding supervisory programme is arranged in the said USB device; If do not have; Then receive and install corresponding supervisory programme, comprise the terminal iidentification and the USB device user number of the execution command of corresponding supervisory programme, said Intranet client in the corresponding supervisory programme.
Said monitor module specifically comprises:
First judging unit: be used for sending the communication information to the outer net monitor server,, judge that then said arbitrary client is the outer net client if corresponding supervisory programme is received the information that said monitor server returns when corresponding supervisory programme;
First processing unit: be used for corresponding supervisory programme and send warning message with said USB device locking or to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of said USB device in the said warning message.
Said monitor module specifically comprises:
Second judging unit: do not receive the information that said arbitrary client is sent if be used for corresponding supervisory programme, judge that then said arbitrary client is the outer net client;
Second processing unit: be used for corresponding supervisory programme said USB device locking or corresponding supervisory programme are copied to said outer net client, keep watch on said outer net client.
Said equipment also comprises
Sending module is used for sending to interior network server to said Intranet client USB device connection event information, comprises the terminal iidentification of the information and the said Intranet client of said USB device in the said information.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing that embodiment of the present invention is done to describe in detail further below.
Embodiment 1
Referring to Fig. 1, the embodiment of the invention provides a kind of the detection to lose the method for divulging a secret, and comprising:
Step 101: when USB device was connected to the Intranet client, USB device received and installs corresponding supervisory programme;
Step 102: when the USB device that corresponding supervisory programme is installed was connected to arbitrary client, corresponding supervisory programme judged whether arbitrary client is the outer net client, if then carry out mutually deserved processing.
Wherein, when the Intranet client detected the USB device connection, USB device received also corresponding supervisory programme is installed, and specifically comprises:
USB device receives the detection of Intranet client monitors program; In the inquiry USB device whether corresponding supervisory programme is arranged; If do not have; Then USB device receives and installs corresponding supervisory programme, and corresponding supervisory programme comprises the terminal iidentification of execution command, USB device user number and the Intranet client of corresponding supervisory programme.
In the present embodiment, corresponding supervisory programme judges whether arbitrary client is the outer net client, if then handle accordingly and comprise:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that monitor server returns, then arbitrary client is the outer net client;
Corresponding supervisory programme sends warning message with the USB device locking or to monitor server; Make monitor server that warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of USB device in the warning message.
Wherein, corresponding supervisory programme is copied to said outer net client, keeps watch on the outer net client, specifically comprises:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that monitor server returns; Then corresponding supervisory programme sends warning message to monitor server; Make monitor server that warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of USB device in the warning message.
In the present embodiment, corresponding supervisory programme judges whether arbitrary client is the outer net client, if then handle accordingly and comprise:
If corresponding supervisory programme does not receive the information that arbitrary client is sent, then arbitrary client is the outer net client, and corresponding supervisory programme locks USB device or be used for corresponding supervisory programme and is copied to the outer net client, keeps watch on the outer net client.
In the present embodiment, USB device receives and installs corresponding supervisory programme and also comprises afterwards:
The supervisory programme of Intranet client sends to interior network server to USB device connection event information, comprises the terminal iidentification of the information and the Intranet client of USB device in the information.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Embodiment 2
Referring to Fig. 2, Intranet refers to the network of A unit in the embodiment of the invention, is made up of Intranet client, interior network server, particular server.Interior network server in the Intranet links to each other with each Intranet client, writes down the usage log of each Intranet client.Outer net is meant the Internet that links to each other with monitor server, and monitor server is controlled by the third party, links to each other with the particular server of Intranet, is used for receiving the information that supervisory programme sends in the USB device, and information is returned to the particular server of Intranet.The outer net client is with respect to the Intranet client, can be the client of the Internet that is connected with monitor server, also can be client independently, neither links to each other with the Intranet of A unit, also do not link to each other with outer net.
The embodiment of the invention provides a kind of method of divulging a secret of losing that detects; Each Intranet client is all installed and is lost the supervisory programme (being monitor) of divulging a secret, and when the Intranet client was moved, supervisory programme will move all the time; Each Intranet client all has corresponding supervisory programme; When USB device connected, the supervisory programme of Intranet client write corresponding supervisory programme in the USB device, is specially:
Step 201:USB equipment is connected to the Intranet client, and the supervisory programme of Intranet client has detected USB device and inserted.
Step 202: whether this USB device of supervisory programme inquiry of Intranet client has corresponding supervisory programme.
Wherein, the supervisory programme of Intranet client sends Query Information to USB device, the file in the inquiry USB device; If find the file about supervisory programme, then Intranet client monitors program is sent to USB device and is accessed instruction, and wherein supervisory programme file is accessed; It is carried out Hash operation, obtain first numerical value, the more corresponding supervisory programme file that has in the client that this USB device connected is carried out Hash operation; Obtain second numerical value, first numerical value and second numerical value are compared, if equate; Show that then this USB device had connected this Intranet client, had write corresponding supervisory programme; If unequal, then show in this USB device also the not corresponding supervisory programme of this Intranet client, need write corresponding supervisory programme.
Step 203: if the supervisory programme of Intranet client finds the corresponding supervisory programme in the USB device, then execution in step 205.
Step 204: if there is not corresponding supervisory programme, the supervisory programme of Intranet client writes corresponding supervisory programme in the USB device.
Wherein corresponding supervisory programme comprises the execution command of corresponding supervisory programme, the terminal iidentification and the USB device user number of this Intranet client; Wherein user number can be a predefined; Also can be characteristics such as trading company of factory, production number, sequence number according to USB device generate, or produce that purpose is to write in the USB device through other method; A sign as USB device; Seldom do qualification in this embodiment of the invention, terminal iidentification can be these terminal information of one or more unique identifications such as machine name, IP (Internet Protocol, the interconnection protocol between the network) address, MAC (media interviews control) address.
Step 205: Intranet client monitors program is obtained the terminal iidentification of USB device, and (terminal iidentification of USB can be identifier that is made up of trading company of factory, production number, sequence number etc.; It also can be the ID that A unit distributes to USB device; The embodiment of the invention is not done qualification to this), send to interior network server to USB connection event information.
Wherein, the information such as terminal iidentification that comprise the Intranet client that the information of USB is connected with USB device in this information.The information of USB device comprises the terminal iidentification of USB device, and USB user number, USB device insert a series of information such as time of Intranet client.
Interior network server has a detailed daily record to the USB device that each is connected to client, and log content can have: the terminal iidentification of USB device, USB device inserts the time of Intranet client, the Intranet client terminal sign that USB device connects etc.According to these log content, the operating position that interior network server can the real time monitoring USB device, and can in time find unregistered USB device is convenient to the tracing of USB device, audit etc.
Through step 201-204; The supervisory programme of Intranet client has write corresponding supervisory programme in the USB device that is connected; USB device receives and installs corresponding supervisory programme; When the USB device that corresponding supervisory programme is installed was connected to arbitrary client, the supervisory programme in the USB device played function for monitoring, is specially:
Step 206: when the USB device that corresponding supervisory programme is installed was connected to arbitrary client, the supervisory programme among the USB moved immediately, sent the communication information to the monitor server of outer net.
Wherein monitor server can be one and also can be many; Here we select two, if purpose is to avoid wherein that a monitor server breaks down, and supervisory programme return information that can not be in USB device; Thereby influence the correct judgement of supervisory programme in the USB device; If send information to two monitor servers, monitor of another normal operation is the normal supervisory programme return information in USB device still, can not influence the correct judgement of supervisory programme among the USB.
Step 207: if the supervisory programme in the USB device receives the communication information that monitor server returns, communicate by letter successfully, can judge that then this USB device links to each other with internet client, execution in step 208; If the supervisory programme in the USB device does not receive the communication information that monitor server returns, communication is not succeedd, and can judge that then this USB device does not link to each other with internet client.If the supervisory programme in the USB device receives the information of the transmission of client monitors program; This information can be that Query Information also can be to access instruction; What the USB device connection was described is the client that supervisory programme is arranged, and then execution in step 201, if the supervisory programme in the USB device does not receive any information; Explain that then USB device is to be connected with the separate customer end, then execution in step 210.
Supervisory programme in the step 208:USB equipment obtains outer net client terminal sign and interactive information.
Wherein the outer net terminal iidentification can be one or more host informations such as IP address, MAC Address, user name at terminal; Interactive information refers to the URL information of USB device user institute access websites, the IP address of institute's communication counterpart, the contact person's of institute mailbox message etc., and here we are not giving unnecessary details.
Supervisory programme in the step 209:USB equipment sends warning message to the outer net monitor server.
This information comprises the Intranet client terminal sign in outer net client terminal sign that USB device connects, interactive information, the supervisory programme, the information of USB device etc.The information of USB device comprises the terminal iidentification of USB device, and USB user number, USB device insert a series of information such as time of Intranet client.
Supervisory programme in the step 210:USB equipment locks USB device, make its can not with the client communication that is connected.
No matter what USB device connected is internet client or separate customer end, information leakage has been avoided in the USB device locking, protected the safety of Intranet information.Wherein locking means can be that supervisory programme in the USB device covers existing file, also can format USB device, and this present invention is not done concrete qualification.
Step 210 is except locking USB device in the present embodiment; Can also carry out by following operation replacement: the corresponding supervisory programme in USB device can copy to separate customer end, the operating position of keeping watch on this separate customer end together automatically with the information of USB device.Wherein, the information of USB device comprises the terminal iidentification of USB device, and USB user number, USB device insert a series of information such as time of Intranet client.The operation of separate customer end; The just operation of corresponding supervisory programme; Ceaselessly send the communication information, when communicating by letter successfully, show that the separate customer end is connected with outer net that (the separate customer end is independently not link to each other with outer net in theory to the outer net monitor server; Here linking to each other with outer net can be that the user of separate customer end is inserted into the outer net netting twine); Corresponding supervisory programme sends to the outer net monitor with the information of the terminal iidentification of separate customer end, interactive information, Intranet client terminal sign, USB device, and the outer net monitor server sends to the particular server of A unit with this information, and particular server is reported to the police.
Through step 206-210; Monitor server in the outer net has detected the information that the USB device that supervisory programme is installed connects the outer net client; The third party can through with Intranet user's agreement; Optionally the warning message that receives is sent to the Intranet particular server, the Intranet particular server is reported to the police after receiving the information that monitor server sends at once, so that make the staff can in time find to lose the leakage of a state or party secret.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Embodiment 3
Referring to Fig. 3, the embodiment of the invention provides a kind of the detection to lose the USB device of divulging a secret, and in a kind of system, uses, and this system is made up of Intranet and outer net.Intranet is made up of Intranet client, interior network server, particular server.Interior network server in the Intranet links to each other with each Intranet client, writes down the usage log of each Intranet client.Outer net is meant the Internet that links to each other with monitor server, and monitor server is controlled by the third party, links to each other with the particular server of Intranet, is used for receiving the information that device sends of divulging a secret, and information is returned to the particular server of Intranet.The outer net client is with respect to the Intranet client, can be the client of the Internet that is connected with monitor server, also can be client independently, neither links to each other with Intranet, also do not link to each other with outer net.
In the embodiment of the invention, equipment specifically comprises: writing module 301, monitor module 302.
Writing module 301: be used for when USB device is connected to the Intranet client, receiving and install corresponding supervisory programme;
Monitor module 302: be used for when the USB device that corresponding supervisory programme is installed is connected to arbitrary client, corresponding supervisory programme judges whether arbitrary client is the outer net client, if then handle accordingly.
Wherein, writing module 301 specifically comprises:
Query unit: be used to receive the detection of the supervisory programme of Intranet client; In the inquiry USB device whether corresponding supervisory programme is arranged; If do not have; Then receive and install corresponding supervisory programme, comprise the terminal iidentification of execution command, USB device user number and the Intranet client of corresponding supervisory programme in the corresponding supervisory programme.
In the present embodiment, monitor module 302 specifically comprises:
First judging unit: be used for sending the communication information to the outer net monitor server,, judge that then arbitrary client is the outer net client if corresponding supervisory programme is received the information that monitor server returns when corresponding supervisory programme;
First processing unit: be used for corresponding supervisory programme and send warning message with the USB device locking or to monitor server; Make monitor server that said warning message is sent to the Intranet particular server, warning message comprises the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of USB device.
In the present embodiment, monitor module 302 specifically also comprises:
Second judging unit: do not receive the information that arbitrary client is sent if be used for corresponding supervisory programme, judge that then arbitrary client is the outer net client;
Second processing unit: be used for corresponding supervisory programme with USB device locking or be used for corresponding supervisory programme and be copied to said outer net client, keep watch on said outer net client.
Further, detect losing the USB device of divulging a secret also comprises:
Sending module is used for sending to interior network server to Intranet client USB device connection event information, comprises in the information that the terminal iidentification of USB device, USB device insert the time of Intranet client and the terminal iidentification of said Intranet client.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Need to prove at last; One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium, and this program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (ROM) or stores memory body (RAM) etc. at random.
Each functional unit in the embodiment of the invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If said integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.Above-mentioned USB device can be carried out the method among the correlation method embodiment.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.