CN102404161A - Method and universal serial bus (USB) equipment for detecting secret leakage - Google Patents
Method and universal serial bus (USB) equipment for detecting secret leakage Download PDFInfo
- Publication number
- CN102404161A CN102404161A CN2010102819071A CN201010281907A CN102404161A CN 102404161 A CN102404161 A CN 102404161A CN 2010102819071 A CN2010102819071 A CN 2010102819071A CN 201010281907 A CN201010281907 A CN 201010281907A CN 102404161 A CN102404161 A CN 102404161A
- Authority
- CN
- China
- Prior art keywords
- client
- usb device
- supervisory programme
- corresponding supervisory
- outer net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 30
- 238000004891 communication Methods 0.000 claims description 16
- 238000001514 detection method Methods 0.000 claims description 14
- 230000002452 interceptive effect Effects 0.000 claims description 13
- 238000012545 processing Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 abstract description 7
- 230000009286 beneficial effect Effects 0.000 description 4
- 238000007789 sealing Methods 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 238000004519 manufacturing process Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- 238000012797 qualification Methods 0.000 description 3
- 230000006399 behavior Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000008901 benefit Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The method discloses a method and universal serial bus (USB) equipment for detecting secret leakage, which belongs to the field of information safety. The method comprises that when the USB equipment is connected to an internal network client, the USB equipment receives and is mounted with a corresponding monitoring program; when the USB equipment mounted with corresponding monitoring program is connected to any client, the corresponding monitoring program judges whether the any client is an external network client, if the any client is the external network client, corresponding treatment is performed. The equipment comprises a write-in module, a monitoring module and a sending module. By means of the method and USB equipment for detecting secret leakage, a secret leakage monitoring program is mounted on the internal network and run in real time, monitoring programs are written in the USB equipment connected with the internal network client, the USB equipment receives and is mounted with corresponding motoring programs, and when the USB equipment mounted with the monitoring programs is connected with the external network, the USB equipment is performed with monitoring in real time, thereby timely monitoring secret leakage accidents of the USB equipment.
Description
Technical field
The present invention relates to information security field, particularly a kind of the detection lost the method and the USB device of divulging a secret.
Background technology
Along with the development of technology, the application of network is more and more general.Traditionally, we call Intranet to the network with the Internet isolation, and it is the network of a sealing, and normally unit isolates from security consideration and with the Internet, to ensure leaking of sensitivity or even classified information.Correspondingly, we call outer net to the Internet.Along with development of science and technology; People to the use of memory devices such as portable hard drive and card reader more and more widely; These External memory equipments all are to carry out information interaction through USB (Universal Serial BUS, USB) mouthful, are referred to as USB device; These External memory equipments are used alternatingly between inner network and external network, are easy to cause the problem of divulging a secret of losing.
Cause mistake leakage of a state or party secret method and measure commonly used to be about preventing through USB interface at present:
Forbid that removable memory uses, forbid that the employee uses movable storage device, as: floppy disk, CD, flash memory device (USB dish, USB hard disk) etc.
Paste strip of paper used for sealing, make regular check on.On some Peripheral Interfaces, stick strip of paper used for sealing, and make regular check on, these equipment have USB interface, serial paralled interface, fire-wire interfaces etc.And send the special messenger to make regular check on the quality and the state of these strip of paper used for sealings.
These methods and measure all are artificial control, supervisory methods, and purpose is possibly lose the approach and the leak of divulging a secret in order to block.In realizing process of the present invention, the inventor finds that there is following problem at least in prior art:
At first, the effect of these passive solutions performance degree, dependence internal staff's sense of responsibility, conscience and consciousness can't automatically stop to lose the behavior of divulging a secret technically.
Secondly, these solutions itself are gone back imperfection, also have many hidden danger, can't stop employee's the mistake behavior of divulging a secret comprehensively, can't prevent to lose the generation of the leakage of a state or party secret.
At last, these solutions are brought a lot of inconvenience to real work, cause employee's operating efficiency to descend, and lose more than gain.For example be to isolate through the mode that physical means is sealed the USB mouth in some unit, but this mode need repeat work on every machine, when the unit network was bigger, workload was very huge.And physically-isolated mode is too dumb, because need of work sometimes also need use them.
Summary of the invention
Main purpose of the present invention is to detect sensitive network and causes the problem that outreaches through USB interface, provides a kind of the detection to lose the method and the USB device of divulging a secret.Said technical scheme is following:
A kind of detection lost the method for divulging a secret, and comprising:
When USB device was connected to the Intranet client, said USB device received and installs corresponding supervisory programme;
When the said USB device that corresponding supervisory programme is installed was connected to arbitrary client, corresponding supervisory programme judged whether said arbitrary client is the outer net client, if then handle accordingly.
Said when USB device is connected to the Intranet client, said USB device receives and corresponding supervisory programme is installed, and specifically comprises:
USB device receives the detection of Intranet client monitors program; Inquire about whether corresponding supervisory programme is arranged in the said USB device; If do not have; Then said USB device receives and corresponding supervisory programme is installed, and comprises the terminal iidentification and the USB device user number of the execution command of corresponding supervisory programme, said Intranet client in the corresponding supervisory programme.
Corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly and comprise:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that said monitor server returns, then said arbitrary client is the outer net client;
Corresponding supervisory programme sends warning message with said USB device locking or to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of said USB device in the said warning message.
Corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly and comprise:
If corresponding supervisory programme does not receive the information that said arbitrary client is sent; Then said arbitrary client is the outer net client; Corresponding supervisory programme is copied to said outer net client with said USB device locking or corresponding supervisory programme, keeps watch on said outer net client.
Corresponding supervisory programme is copied to said outer net client, keeps watch on said outer net client, specifically comprises:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that said monitor server returns; Then corresponding supervisory programme sends warning message to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of said USB device in the said warning message.
Said USB device receives and installs corresponding supervisory programme and also comprises afterwards:
The supervisory programme of said Intranet client sends to interior network server to said USB device connection event information, comprises the terminal iidentification of the information and the said Intranet client of said USB device in the said information.
A kind of detection lost the USB device of divulging a secret, and comprising:
Writing module: be used for when USB device is connected to the Intranet client, receiving and install corresponding supervisory programme;
Monitor module: be used for when the USB device of the corresponding supervisory programme of said installation is connected to arbitrary client, corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly.
The said write module specifically comprises:
Query unit: be used to receive the detection of Intranet client monitors program; Inquire about whether corresponding supervisory programme is arranged in the said USB device; If do not have; Then receive and install corresponding supervisory programme, comprise the terminal iidentification and the USB device user number of the execution command of corresponding supervisory programme, said Intranet client in the corresponding supervisory programme.
Said monitor module specifically comprises:
First judging unit: be used for sending the communication information to the outer net monitor server,, judge that then said arbitrary client is the outer net client if corresponding supervisory programme is received the information that said monitor server returns when corresponding supervisory programme;
First processing unit: be used for corresponding supervisory programme and send warning message with said USB device locking or to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of said USB device in the said warning message.
Said monitor module specifically comprises:
Second judging unit: do not receive the information that said arbitrary client is sent if be used for corresponding supervisory programme, judge that then said arbitrary client is the outer net client;
Second processing unit: be used for corresponding supervisory programme said USB device locking or corresponding supervisory programme are copied to said outer net client, keep watch on said outer net client.
Said equipment also comprises
Sending module is used for sending to interior network server to said Intranet client USB device connection event information, comprises the terminal iidentification of the information and the said Intranet client of said USB device in the said information.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Description of drawings
Fig. 1 is that a kind of detection that provides in the embodiment of the invention 1 lost the method flow diagram of divulging a secret;
Fig. 2 is Intranet and the outer net structural representation that provides in the embodiment of the invention 2;
Fig. 3 is a kind of structure chart that loses the USB device of divulging a secret that detects that provides in the embodiment of the invention 3.
Embodiment
For making the object of the invention, technical scheme and advantage clearer, will combine accompanying drawing that embodiment of the present invention is done to describe in detail further below.
Embodiment 1
Referring to Fig. 1, the embodiment of the invention provides a kind of the detection to lose the method for divulging a secret, and comprising:
Step 101: when USB device was connected to the Intranet client, USB device received and installs corresponding supervisory programme;
Step 102: when the USB device that corresponding supervisory programme is installed was connected to arbitrary client, corresponding supervisory programme judged whether arbitrary client is the outer net client, if then carry out mutually deserved processing.
Wherein, when the Intranet client detected the USB device connection, USB device received also corresponding supervisory programme is installed, and specifically comprises:
USB device receives the detection of Intranet client monitors program; In the inquiry USB device whether corresponding supervisory programme is arranged; If do not have; Then USB device receives and installs corresponding supervisory programme, and corresponding supervisory programme comprises the terminal iidentification of execution command, USB device user number and the Intranet client of corresponding supervisory programme.
In the present embodiment, corresponding supervisory programme judges whether arbitrary client is the outer net client, if then handle accordingly and comprise:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that monitor server returns, then arbitrary client is the outer net client;
Corresponding supervisory programme sends warning message with the USB device locking or to monitor server; Make monitor server that warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of USB device in the warning message.
Wherein, corresponding supervisory programme is copied to said outer net client, keeps watch on the outer net client, specifically comprises:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that monitor server returns; Then corresponding supervisory programme sends warning message to monitor server; Make monitor server that warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of USB device in the warning message.
In the present embodiment, corresponding supervisory programme judges whether arbitrary client is the outer net client, if then handle accordingly and comprise:
If corresponding supervisory programme does not receive the information that arbitrary client is sent, then arbitrary client is the outer net client, and corresponding supervisory programme locks USB device or be used for corresponding supervisory programme and is copied to the outer net client, keeps watch on the outer net client.
In the present embodiment, USB device receives and installs corresponding supervisory programme and also comprises afterwards:
The supervisory programme of Intranet client sends to interior network server to USB device connection event information, comprises the terminal iidentification of the information and the Intranet client of USB device in the information.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Embodiment 2
Referring to Fig. 2, Intranet refers to the network of A unit in the embodiment of the invention, is made up of Intranet client, interior network server, particular server.Interior network server in the Intranet links to each other with each Intranet client, writes down the usage log of each Intranet client.Outer net is meant the Internet that links to each other with monitor server, and monitor server is controlled by the third party, links to each other with the particular server of Intranet, is used for receiving the information that supervisory programme sends in the USB device, and information is returned to the particular server of Intranet.The outer net client is with respect to the Intranet client, can be the client of the Internet that is connected with monitor server, also can be client independently, neither links to each other with the Intranet of A unit, also do not link to each other with outer net.
The embodiment of the invention provides a kind of method of divulging a secret of losing that detects; Each Intranet client is all installed and is lost the supervisory programme (being monitor) of divulging a secret, and when the Intranet client was moved, supervisory programme will move all the time; Each Intranet client all has corresponding supervisory programme; When USB device connected, the supervisory programme of Intranet client write corresponding supervisory programme in the USB device, is specially:
Step 201:USB equipment is connected to the Intranet client, and the supervisory programme of Intranet client has detected USB device and inserted.
Step 202: whether this USB device of supervisory programme inquiry of Intranet client has corresponding supervisory programme.
Wherein, the supervisory programme of Intranet client sends Query Information to USB device, the file in the inquiry USB device; If find the file about supervisory programme, then Intranet client monitors program is sent to USB device and is accessed instruction, and wherein supervisory programme file is accessed; It is carried out Hash operation, obtain first numerical value, the more corresponding supervisory programme file that has in the client that this USB device connected is carried out Hash operation; Obtain second numerical value, first numerical value and second numerical value are compared, if equate; Show that then this USB device had connected this Intranet client, had write corresponding supervisory programme; If unequal, then show in this USB device also the not corresponding supervisory programme of this Intranet client, need write corresponding supervisory programme.
Step 203: if the supervisory programme of Intranet client finds the corresponding supervisory programme in the USB device, then execution in step 205.
Step 204: if there is not corresponding supervisory programme, the supervisory programme of Intranet client writes corresponding supervisory programme in the USB device.
Wherein corresponding supervisory programme comprises the execution command of corresponding supervisory programme, the terminal iidentification and the USB device user number of this Intranet client; Wherein user number can be a predefined; Also can be characteristics such as trading company of factory, production number, sequence number according to USB device generate, or produce that purpose is to write in the USB device through other method; A sign as USB device; Seldom do qualification in this embodiment of the invention, terminal iidentification can be these terminal information of one or more unique identifications such as machine name, IP (Internet Protocol, the interconnection protocol between the network) address, MAC (media interviews control) address.
Step 205: Intranet client monitors program is obtained the terminal iidentification of USB device, and (terminal iidentification of USB can be identifier that is made up of trading company of factory, production number, sequence number etc.; It also can be the ID that A unit distributes to USB device; The embodiment of the invention is not done qualification to this), send to interior network server to USB connection event information.
Wherein, the information such as terminal iidentification that comprise the Intranet client that the information of USB is connected with USB device in this information.The information of USB device comprises the terminal iidentification of USB device, and USB user number, USB device insert a series of information such as time of Intranet client.
Interior network server has a detailed daily record to the USB device that each is connected to client, and log content can have: the terminal iidentification of USB device, USB device inserts the time of Intranet client, the Intranet client terminal sign that USB device connects etc.According to these log content, the operating position that interior network server can the real time monitoring USB device, and can in time find unregistered USB device is convenient to the tracing of USB device, audit etc.
Through step 201-204; The supervisory programme of Intranet client has write corresponding supervisory programme in the USB device that is connected; USB device receives and installs corresponding supervisory programme; When the USB device that corresponding supervisory programme is installed was connected to arbitrary client, the supervisory programme in the USB device played function for monitoring, is specially:
Step 206: when the USB device that corresponding supervisory programme is installed was connected to arbitrary client, the supervisory programme among the USB moved immediately, sent the communication information to the monitor server of outer net.
Wherein monitor server can be one and also can be many; Here we select two, if purpose is to avoid wherein that a monitor server breaks down, and supervisory programme return information that can not be in USB device; Thereby influence the correct judgement of supervisory programme in the USB device; If send information to two monitor servers, monitor of another normal operation is the normal supervisory programme return information in USB device still, can not influence the correct judgement of supervisory programme among the USB.
Step 207: if the supervisory programme in the USB device receives the communication information that monitor server returns, communicate by letter successfully, can judge that then this USB device links to each other with internet client, execution in step 208; If the supervisory programme in the USB device does not receive the communication information that monitor server returns, communication is not succeedd, and can judge that then this USB device does not link to each other with internet client.If the supervisory programme in the USB device receives the information of the transmission of client monitors program; This information can be that Query Information also can be to access instruction; What the USB device connection was described is the client that supervisory programme is arranged, and then execution in step 201, if the supervisory programme in the USB device does not receive any information; Explain that then USB device is to be connected with the separate customer end, then execution in step 210.
Supervisory programme in the step 208:USB equipment obtains outer net client terminal sign and interactive information.
Wherein the outer net terminal iidentification can be one or more host informations such as IP address, MAC Address, user name at terminal; Interactive information refers to the URL information of USB device user institute access websites, the IP address of institute's communication counterpart, the contact person's of institute mailbox message etc., and here we are not giving unnecessary details.
Supervisory programme in the step 209:USB equipment sends warning message to the outer net monitor server.
This information comprises the Intranet client terminal sign in outer net client terminal sign that USB device connects, interactive information, the supervisory programme, the information of USB device etc.The information of USB device comprises the terminal iidentification of USB device, and USB user number, USB device insert a series of information such as time of Intranet client.
Supervisory programme in the step 210:USB equipment locks USB device, make its can not with the client communication that is connected.
No matter what USB device connected is internet client or separate customer end, information leakage has been avoided in the USB device locking, protected the safety of Intranet information.Wherein locking means can be that supervisory programme in the USB device covers existing file, also can format USB device, and this present invention is not done concrete qualification.
Step 210 is except locking USB device in the present embodiment; Can also carry out by following operation replacement: the corresponding supervisory programme in USB device can copy to separate customer end, the operating position of keeping watch on this separate customer end together automatically with the information of USB device.Wherein, the information of USB device comprises the terminal iidentification of USB device, and USB user number, USB device insert a series of information such as time of Intranet client.The operation of separate customer end; The just operation of corresponding supervisory programme; Ceaselessly send the communication information, when communicating by letter successfully, show that the separate customer end is connected with outer net that (the separate customer end is independently not link to each other with outer net in theory to the outer net monitor server; Here linking to each other with outer net can be that the user of separate customer end is inserted into the outer net netting twine); Corresponding supervisory programme sends to the outer net monitor with the information of the terminal iidentification of separate customer end, interactive information, Intranet client terminal sign, USB device, and the outer net monitor server sends to the particular server of A unit with this information, and particular server is reported to the police.
Through step 206-210; Monitor server in the outer net has detected the information that the USB device that supervisory programme is installed connects the outer net client; The third party can through with Intranet user's agreement; Optionally the warning message that receives is sent to the Intranet particular server, the Intranet particular server is reported to the police after receiving the information that monitor server sends at once, so that make the staff can in time find to lose the leakage of a state or party secret.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Embodiment 3
Referring to Fig. 3, the embodiment of the invention provides a kind of the detection to lose the USB device of divulging a secret, and in a kind of system, uses, and this system is made up of Intranet and outer net.Intranet is made up of Intranet client, interior network server, particular server.Interior network server in the Intranet links to each other with each Intranet client, writes down the usage log of each Intranet client.Outer net is meant the Internet that links to each other with monitor server, and monitor server is controlled by the third party, links to each other with the particular server of Intranet, is used for receiving the information that device sends of divulging a secret, and information is returned to the particular server of Intranet.The outer net client is with respect to the Intranet client, can be the client of the Internet that is connected with monitor server, also can be client independently, neither links to each other with Intranet, also do not link to each other with outer net.
In the embodiment of the invention, equipment specifically comprises: writing module 301, monitor module 302.
Writing module 301: be used for when USB device is connected to the Intranet client, receiving and install corresponding supervisory programme;
Monitor module 302: be used for when the USB device that corresponding supervisory programme is installed is connected to arbitrary client, corresponding supervisory programme judges whether arbitrary client is the outer net client, if then handle accordingly.
Wherein, writing module 301 specifically comprises:
Query unit: be used to receive the detection of the supervisory programme of Intranet client; In the inquiry USB device whether corresponding supervisory programme is arranged; If do not have; Then receive and install corresponding supervisory programme, comprise the terminal iidentification of execution command, USB device user number and the Intranet client of corresponding supervisory programme in the corresponding supervisory programme.
In the present embodiment, monitor module 302 specifically comprises:
First judging unit: be used for sending the communication information to the outer net monitor server,, judge that then arbitrary client is the outer net client if corresponding supervisory programme is received the information that monitor server returns when corresponding supervisory programme;
First processing unit: be used for corresponding supervisory programme and send warning message with the USB device locking or to monitor server; Make monitor server that said warning message is sent to the Intranet particular server, warning message comprises the terminal iidentification of outer net client terminal sign, interactive information, Intranet client and the information of USB device.
In the present embodiment, monitor module 302 specifically also comprises:
Second judging unit: do not receive the information that arbitrary client is sent if be used for corresponding supervisory programme, judge that then arbitrary client is the outer net client;
Second processing unit: be used for corresponding supervisory programme with USB device locking or be used for corresponding supervisory programme and be copied to said outer net client, keep watch on said outer net client.
Further, detect losing the USB device of divulging a secret also comprises:
Sending module is used for sending to interior network server to Intranet client USB device connection event information, comprises in the information that the terminal iidentification of USB device, USB device insert the time of Intranet client and the terminal iidentification of said Intranet client.
The beneficial effect that the technical scheme that the embodiment of the invention provides is brought is: real time execution loses the supervisory programme of divulging a secret through installing also in the Intranet client; In the USB device that is connected to the Intranet client, write supervisory programme; USB device receives and installs corresponding supervisory programme; When the USB device that supervisory programme is installed connects outer net, this USB device is carried out supervision, in time detect the mistake leakage of a state or party secret of USB device.
Need to prove at last; One of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method; Be to instruct relevant hardware to accomplish through computer program; Described program can be stored in the computer read/write memory medium, and this program can comprise the flow process like the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (ROM) or stores memory body (RAM) etc. at random.
Each functional unit in the embodiment of the invention can be integrated in the processing module, also can be that the independent physics in each unit exists, and also can be integrated in the module two or more unit.Above-mentioned integrated module both can adopt the form of hardware to realize, also can adopt the form of software function module to realize.If said integrated module realizes with the form of software function module and during as independently production marketing or use, also can be stored in the computer read/write memory medium.The above-mentioned storage medium of mentioning can be a read-only memory, disk or CD etc.Above-mentioned USB device can be carried out the method among the correlation method embodiment.
The above is merely preferred embodiment of the present invention, and is in order to restriction the present invention, not all within spirit of the present invention and principle, any modification of being done, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (11)
1. one kind is detected the method that mistake is divulged a secret, and it is characterized in that said method comprises:
When USB device was connected to the Intranet client, said USB device received and installs corresponding supervisory programme;
When the said USB device that corresponding supervisory programme is installed was connected to arbitrary client, corresponding supervisory programme judged whether said arbitrary client is the outer net client, if then handle accordingly.
2. method according to claim 1 is characterized in that, and is said when USB device is connected to the Intranet client, and said USB device receives and corresponding supervisory programme is installed, and specifically comprises:
USB device receives the detection of Intranet client monitors program; Inquire about whether corresponding supervisory programme is arranged in the said USB device; If do not have; Then said USB device receives and corresponding supervisory programme is installed, and comprises the terminal iidentification and the USB device user number of the execution command of corresponding supervisory programme, said Intranet client in the corresponding supervisory programme.
3. method according to claim 1 is characterized in that, corresponding supervisory programme judges whether said arbitrary client is the outer net client, if, then handle accordingly, specifically comprise:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that said monitor server returns, then said arbitrary client is the outer net client;
Corresponding supervisory programme sends warning message with said USB device locking or to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of said USB device in the said warning message.
4. method according to claim 1 is characterized in that, corresponding supervisory programme judges whether said arbitrary client is the outer net client, if, then handle accordingly, specifically comprise:
If corresponding supervisory programme does not receive the information that said arbitrary client is sent; Then said arbitrary client is the outer net client; Corresponding supervisory programme is copied to said outer net client with said USB device locking or corresponding supervisory programme, keeps watch on said outer net client.
5. method according to claim 4 is characterized in that, corresponding supervisory programme is copied to said outer net client, keeps watch on said outer net client, specifically comprises:
Corresponding supervisory programme sends the communication information to the outer net monitor server;
If corresponding supervisory programme is received the information that said monitor server returns; Then corresponding supervisory programme sends warning message to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, said warning message comprises the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of said USB device.
6. method according to claim 1 is characterized in that, said USB device receives and installs corresponding supervisory programme and also comprises afterwards:
The supervisory programme of said Intranet client sends to interior network server to said USB device connection event information, comprises the terminal iidentification of the information and the said Intranet client of said USB device in the said information.
7. one kind is detected the USB device that mistake is divulged a secret, and it is characterized in that said equipment comprises:
Writing module is used for when USB device is connected to the Intranet client, receiving and install corresponding supervisory programme;
Monitor module is used for when the said USB device that corresponding supervisory programme is installed is connected to arbitrary client, and corresponding supervisory programme judges whether said arbitrary client is the outer net client, if then handle accordingly.
8. equipment according to claim 7 is characterized in that, the said write module specifically comprises:
Query unit; Be used to receive the detection of the supervisory programme of Intranet client; Inquire about whether corresponding supervisory programme is arranged in the said USB device; If no, then receive and install corresponding supervisory programme, comprise the terminal iidentification and the USB device user number of the execution command of corresponding supervisory programme, said Intranet client in the corresponding supervisory programme.
9. equipment according to claim 7 is characterized in that, said monitor module specifically comprises:
First judging unit is used for sending the communication information when corresponding supervisory programme to the outer net monitor server, if corresponding supervisory programme is received the information that said monitor server returns, judges that then said arbitrary client is the outer net client;
First processing unit; Be used for corresponding supervisory programme and send warning message with said USB device locking or to said monitor server; Make said monitor server that said warning message is sent to the Intranet particular server, comprise the terminal iidentification of outer net client terminal sign, interactive information, Intranet client, the information of said USB device in the said warning message.
10. equipment according to claim 7 is characterized in that, said monitor module specifically comprises:
Second judging unit does not receive the information that said arbitrary client is sent if be used for corresponding supervisory programme, judges that then said arbitrary client is the outer net client;
Second processing unit is used for corresponding supervisory programme with the locking of said USB device or be used for corresponding supervisory programme and be copied to said outer net client, keeps watch on said outer net client.
11. equipment according to claim 7 is characterized in that, said equipment also comprises:
Sending module is used for sending to interior network server to said Intranet client USB device connection event information, comprises the terminal iidentification of the information and the said Intranet client of said USB device in the said information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010281907.1A CN102404161B (en) | 2010-09-14 | 2010-09-14 | Method and universal serial bus (USB) equipment for detecting secret leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010281907.1A CN102404161B (en) | 2010-09-14 | 2010-09-14 | Method and universal serial bus (USB) equipment for detecting secret leakage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102404161A true CN102404161A (en) | 2012-04-04 |
| CN102404161B CN102404161B (en) | 2015-05-20 |
Family
ID=45885976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010281907.1A Active CN102404161B (en) | 2010-09-14 | 2010-09-14 | Method and universal serial bus (USB) equipment for detecting secret leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102404161B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105243336A (en) * | 2015-09-30 | 2016-01-13 | 北京奇虎科技有限公司 | Data protection method and apparatus |
| CN112069489A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Detection method for cross use of internal network and external network of mobile storage medium |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060059572A1 (en) * | 2004-09-10 | 2006-03-16 | Microsoft Corporation | Hardware-based software authenticator |
| CN101017525A (en) * | 2007-03-05 | 2007-08-15 | 北京邮电大学 | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology |
| CN101051292A (en) * | 2007-01-08 | 2007-10-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
| CN101141245A (en) * | 2007-08-29 | 2008-03-12 | 深圳市同强信息技术有限责任公司 | Movable medium external connection monitoring system and method |
| CN101364986A (en) * | 2008-09-19 | 2009-02-11 | 广东南方信息安全产业基地有限公司 | Credible equipment authentication method under network environment |
| CN101504711A (en) * | 2009-03-26 | 2009-08-12 | 北京鼎普科技股份有限公司 | Movable storage device and method for controlling computer data downloading |
| CN201509204U (en) * | 2009-09-07 | 2010-06-16 | 北京鼎普科技股份有限公司 | Computer illegal external link monitoring device and system thereof |
-
2010
- 2010-09-14 CN CN201010281907.1A patent/CN102404161B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060059572A1 (en) * | 2004-09-10 | 2006-03-16 | Microsoft Corporation | Hardware-based software authenticator |
| CN101051292A (en) * | 2007-01-08 | 2007-10-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
| CN101017525A (en) * | 2007-03-05 | 2007-08-15 | 北京邮电大学 | Divulging secrets prevention system of USB storage device date based on certificate and transparent encryption technology |
| CN101141245A (en) * | 2007-08-29 | 2008-03-12 | 深圳市同强信息技术有限责任公司 | Movable medium external connection monitoring system and method |
| CN101364986A (en) * | 2008-09-19 | 2009-02-11 | 广东南方信息安全产业基地有限公司 | Credible equipment authentication method under network environment |
| CN101504711A (en) * | 2009-03-26 | 2009-08-12 | 北京鼎普科技股份有限公司 | Movable storage device and method for controlling computer data downloading |
| CN201509204U (en) * | 2009-09-07 | 2010-06-16 | 北京鼎普科技股份有限公司 | Computer illegal external link monitoring device and system thereof |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105243336A (en) * | 2015-09-30 | 2016-01-13 | 北京奇虎科技有限公司 | Data protection method and apparatus |
| CN112069489A (en) * | 2020-08-13 | 2020-12-11 | 中国电子科技集团公司第三十研究所 | Detection method for cross use of internal network and external network of mobile storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102404161B (en) | 2015-05-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103294950A (en) | High-power secret information stealing malicious code detection method and system based on backward tracing | |
| CN104753936A (en) | Opc security gateway system | |
| CN103077345B (en) | Based on software authorization method and the system of virtual machine | |
| US10652255B2 (en) | Forensic analysis | |
| Karlsson et al. | Android anti-forensics: Modifying cyanogenmod | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| CN110313147A (en) | Data processing method, device and system | |
| CN104281808A (en) | Universal detection method for malicious act of Android system | |
| CN107590368A (en) | The method of embedded device program anti-copy | |
| CN107944307B (en) | Computer safety protection management system | |
| CN101458667B (en) | Electronic apparatus with electronic security level identification, information exchange flow control system based on electronic security level identification, method and mobile memory | |
| CN108229162B (en) | Method for realizing integrity check of cloud platform virtual machine | |
| CN110365525A (en) | A kind of alarm method based on management agreement, equipment and storage medium | |
| CN106982141A (en) | Weblogic examples monitoring method and device | |
| CN102404161A (en) | Method and universal serial bus (USB) equipment for detecting secret leakage | |
| CN111259382A (en) | Malicious behavior identification method, device and system and storage medium | |
| CN104104666B (en) | Method of detecting abnormal cloud service and device | |
| CN110825542B (en) | Method, device and system for detecting fault disc in distributed system | |
| CN202050425U (en) | Illegal external connection monitoring system for internal network equipment | |
| CN111212055A (en) | Non-invasive website remote detection system and detection method | |
| CN103297480A (en) | System and method for automatically detecting application service | |
| CN103197981B (en) | Storage space method for early warning and system | |
| CN106502665A (en) | A kind of restorative procedure of application program and device | |
| CN211089674U (en) | Computer network safety early warning device | |
| CN100547599C (en) | The method of back-up device and mobile memory apparatus bound and back-up device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20200616 Address after: 570100 301, floor 3, building A09, Hainan Ecological Software Park, hi tech industry demonstration zone, Laocheng, Haikou, Hainan Patentee after: Zhongdian Jizhi (Hainan) Information Technology Co.,Ltd. Address before: 100097, Beijing, Haidian District, 1 Jin Yuan Road shopping center, 6 A069 Patentee before: BEIJING HARBIN INSTITUTE OF TECHNOLOGY COMPUTER NETWORK AND INFORMATION SECURITY TECHNOLOGY RESEARCH CENTER |
|
| TR01 | Transfer of patent right | ||
| CP03 | Change of name, title or address |
Address after: 571924 301, floor 3, building A09, Hainan Ecological Software Park, high tech industry demonstration zone, Laocheng, Hainan Province Patentee after: Jizhi (Hainan) Information Technology Co.,Ltd. Country or region after: China Address before: Room 301, 3rd Floor, Building A09, Hainan Ecological Software Park, Laocheng High tech Industrial Demonstration Zone, Haikou City, Hainan Province, 570100 Patentee before: Zhongdian Jizhi (Hainan) Information Technology Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address |