CN102609367A - USB (Universal Serial Bus) flash disc system with safety control and audit - Google Patents
USB (Universal Serial Bus) flash disc system with safety control and audit Download PDFInfo
- Publication number
- CN102609367A CN102609367A CN2011103798734A CN201110379873A CN102609367A CN 102609367 A CN102609367 A CN 102609367A CN 2011103798734 A CN2011103798734 A CN 2011103798734A CN 201110379873 A CN201110379873 A CN 201110379873A CN 102609367 A CN102609367 A CN 102609367A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- audit
- control
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a USB (Universal Serial Bus) flash disc system with safety control and audit. The system comprises a user identity management system, a file security control system and a log record audit system. According to the USB flash disc system with safety control and audit, provided by the invention, out-ported files carried by the USB flash disc are encrypted and set with an effective permission and a validity period; when a user uses a built-in software system to use the files normally, the system performs the time and authority control on the files in the USB flash disc automatically, thereby preventing the files carried out by the USB flash disc from being used illegally; when an abnormal situation happens, the system triggers a destroying mechanism automatically so as to prevent the files from being stolen illegally through an illegal operation; and an audit system built in the system records the operation of the user so as to facilitate the later backtracking.
Description
Technical field
The invention belongs to the computer information safety technique field, relate in particular to a kind of USB flash disk system with security control and audit.
Background technology
Along with the fast development of infotech, the electronization operation is widely used in each field, and computer-readable storage medium replaces paper document to become the main carrier of information gradually.In the circulation of information; Has the mode of high-tech content with network, removable medium etc. because have that expense is low, transmission is convenient, use and simple etc. accepted by more and more users; The thing followed; The importance of its safety problem more and more highlights, especially for the higher government of demand for security, army, national secret unit etc.
Current, be that main transmission mode has contained a whole set of solutions such as comprising fire wall, antivirus software, data encryption with the network.But for removable medium, especially the USB flash disk system does not also set up a cover total solution.Mainly comprise for the preventing mechanism of USB flash disk on the market at present: password authentication, file encryption, read-write control, log record etc.Mode with password authentication has the defective that safe class is not high, crack easily, adopts the mode of file encryption then can't avoid file by situation such as illegal deletions.Adopt the mode of access limit control can avoid file, but it fail to solve the safety problem of file, adopts the mode of daily record audit then can only follow the trail of afterwards, fails to play the effect of advance preventing by illegal deletion.
Summary of the invention
The purpose of this invention is to provide a kind of USB flash disk system, solve the safety problem of being brought when use USB flash disks such as enterprises and institutions, government bodies, army and national secret unit transmit information with security control and audit.
To achieve these goals, the present invention adopts following technical scheme:
A kind of USB flash disk system with security control and audit, wherein, said system comprises user identity management system, file security control system and log record auditing system;
The user identity management system is used for user identity management, control of authority and safety precautions;
The file security control system is used to carry out the protection of user to file operation, built-in control of authority system and periodic Control system;
The operation that daily record record of the audit system is used to write down all users, the situation that while detail record file is used supplies the keeper to audit used in the future.
Further, said user identity management system comprises the user identity management module, user right control module and user security protection module;
Said user identity management module comprises elemental user management such as user's establishment, Password Management, user type, user log off, comprises the management of user cipher length simultaneously, and administrative mechanisms such as user profile encryption mechanism satisfy the basic demand of user management;
The user right control module comprises user identity grade, system operation authority, file operation control of authority, effective life cycle, and the mode of user right control is provided for the keeper;
The user security protection module is contained Authentication mechanism, illegal act controlling mechanism, auto-destruct mechanism etc., is used for the safety problem of resolution system user system.
Further, said file security control system comprises that secure file manufacturing module, secure file use control module and secure file to destroy module:
The secure file manufacturing module is used for the keeper and creates secure file, comprises in the module that the secure file authority writes, write effective period, secure file is encrypted;
When secure file used control module to be control and management person or user file safe in utilization, attributes such as the identity through differentiating the user and the authority of matching files and cycle satisfied the needs of user's file safe in utilization under the situation of assurance safety of files;
Secure file is destroyed module when solving file and running into illegal operation and the auto-destruct mechanism that surpasses life cycle, has also comprised the operations such as deletion of keeper's login system to file simultaneously.
Further, said log record auditing system comprises system operation logging modle, file operation logging modle and abnormal conditions logging modle:
The base attribute of system operation logging modle register system and keeper or user are to the operational circumstances of system; Comprise keeper's operation behavior record; User operation records etc., its main form comprises: operator, date of operation, operational motion, concrete operations explanation;
Said file operation logging modle comprises records such as file permission attribute, file cyclic attributes, file operating position; Encompasses users is to the concrete operations record of file simultaneously, and record format comprises: file name, file size, date of operation, operator, operation, operation instructions;
The abnormal conditions logging modle is used for register system and illegal operation that file ran into, comprises illegal operation that system runs into and process result, the abnormal operation the when user uses file, warning message.
A kind of USB flash disk system provided by the invention with security control and audit; Effective rights and effective period are encrypted and set to outer outfile to carrying through USB flash disk; When the built-in software systems of the normal use of user are used file; System carries out time and control of authority to the file in the USB flash disk automatically, can be good at protecting the file that carries away through USB flash disk not by illegal use like this; When running under the abnormal conditions, system can trigger the mechanism of destruction automatically, guarantees that file can not be stolen through illegal operation.The built-in auditing system of system will be given record to user's operation, and convenience is follow-up to be recalled.
Description of drawings
Fig. 1 is a system architecture synoptic diagram provided by the invention;
Fig. 2 is a user identity management system architecture synoptic diagram provided by the invention;
Fig. 3 is a file security control system structural representation provided by the invention;
Fig. 4 is a daily record record of the audit system architecture synoptic diagram provided by the invention;
Fig. 5 is the operational process synoptic diagram of user identity management provided by the invention system;
Fig. 6 is the operational process synoptic diagram of file security control system provided by the invention;
Fig. 7 is the use synoptic diagram of secure file provided by the invention.
Embodiment
Specify the present invention below in conjunction with accompanying drawing, it explains principle of the present invention as the part of this instructions through embodiment, other aspects of the present invention, and characteristic and advantage thereof will become very clear through this detailed description.
Like Fig. 1,2,3, shown in 4, a kind of USB flash disk system provided by the invention with security control and audit, wherein, said system comprises user identity management system, file security control system and log record auditing system;
The user identity management system is used for user identity management, control of authority and safety precautions;
The file security control system is used to carry out the protection of user to file operation, built-in control of authority system and periodic Control system;
The operation that daily record record of the audit system is used to write down all users, the situation that while detail record file is used supplies the keeper to audit used in the future.
Further, said user identity management system comprises the user identity management module, user right control module and user security protection module;
Said user identity management module comprises elemental user management such as user's establishment, Password Management, user type, user log off, comprises the management of user cipher length simultaneously, and administrative mechanisms such as user profile encryption mechanism satisfy the basic demand of user management;
The user right control module comprises user identity grade, system operation authority, file operation control of authority, effective life cycle, and the mode of user right control is provided for the keeper;
The user security protection module is contained Authentication mechanism, illegal act controlling mechanism, auto-destruct mechanism etc., is used for the safety problem of resolution system user system.
Further, said file security control system comprises that secure file manufacturing module, secure file use control module and secure file to destroy module:
The secure file manufacturing module is used for the keeper and creates secure file, comprises in the module that the secure file authority writes, write effective period, secure file is encrypted;
When secure file used control module to be control and management person or user file safe in utilization, attributes such as the identity through differentiating the user and the authority of matching files and cycle satisfied the needs of user's file safe in utilization under the situation of assurance safety of files;
Secure file is destroyed module when solving file and running into illegal operation and the auto-destruct mechanism that surpasses life cycle, has also comprised the operations such as deletion of keeper's login system to file simultaneously.
Further, said log record auditing system comprises system operation logging modle, file operation logging modle and abnormal conditions logging modle:
The base attribute of system operation logging modle register system and keeper or user are to the operational circumstances of system; Comprise keeper's operation behavior record; User operation records etc., its main form comprises: operator, date of operation, operational motion, concrete operations explanation etc.;
Said file operation logging modle comprises records such as file permission attribute, file cyclic attributes, file operating position; Encompasses users is to the concrete operations record of file simultaneously, and record format comprises: file name, file size, date of operation, operator, operation, operation instructions;
The abnormal conditions logging modle is used for register system and illegal operation that file ran into, comprises illegal operation that system runs into and process result, the abnormal operation the when user uses file, warning message.
As shown in Figure 5, when logging in system by user, if keeper's identity of user is identified; Then system can allow the keeper to carry out the operation of user management aspect; When system's number of the account still has when vacant, the keeper can create the user, and information will encryptedly be retained in the safety zone of presetting; If number of the account is deleted, then the relative recording in the safety zone will be deleted.
As shown in Figure 6; The secure file manufacturing system is mainly used in the constructive process of secure file, and its main process comprises: the authentic administrator identity is provided with the authority of different user; The life cycle of file is set; File is carried out cryptographic operation, file is placed into the file security zone, the record associative operation.
As shown in Figure 7, secure file uses and is mainly used in the process that track user is used file, and it mainly comprises: differentiate user identity; Read the authority information of user to file; Read the life cycle information of user, trigger controlling mechanism and open file record associative operation record file.
A kind of USB flash disk system provided by the invention with security control and audit; Effective rights and effective period are encrypted and set to outer outfile to carrying through USB flash disk; When the built-in software systems of the normal use of user are used file; System carries out time and control of authority to the file in the USB flash disk automatically, can be good at protecting the file that carries away through USB flash disk not by illegal use like this; When running under the abnormal conditions, system can trigger the mechanism of destruction automatically, guarantees that file can not be stolen through illegal operation.The built-in auditing system of system will be given record to user's operation, and convenience is follow-up to be recalled.
The above disclosed the preferred embodiments of the present invention that are merely can not limit the present invention's interest field certainly with this, so according to the equivalent variations that claim of the present invention is done, still belong to the scope that the present invention is contained.
Claims (4)
1. USB flash disk system with security control and audit, wherein, said system comprises user identity management system, file security control system and log record auditing system;
The user identity management system is used for user identity management, control of authority and safety precautions;
The file security control system is used to carry out the protection of user to file operation, built-in control of authority system and periodic Control system;
The operation that daily record record of the audit system is used to write down all users, the situation that while detail record file is used supplies the keeper to audit used in the future.
2. the USB flash disk system of band security control as claimed in claim 1 and audit is characterized in that, said user identity management system comprises the user identity management module, user right control module and user security protection module;
Said user identity management module comprises elemental user management such as user's establishment, Password Management, user type, user log off, comprises the management of user cipher length simultaneously, and administrative mechanisms such as user profile encryption mechanism satisfy the basic demand of user management;
The user right control module comprises user identity grade, system operation authority, file operation control of authority, effective life cycle, and the mode of user right control is provided for the keeper;
The user security protection module is contained Authentication mechanism, illegal act controlling mechanism, auto-destruct mechanism etc., is used for the safety problem of resolution system user system.
3. the USB flash disk system of band security control as claimed in claim 1 and audit is characterized in that, said file security control system comprises that secure file manufacturing module, secure file use control module and secure file to destroy module:
The secure file manufacturing module is used for the keeper and creates secure file, comprises in the module that the secure file authority writes, write effective period, secure file is encrypted;
When secure file used control module to be control and management person or user file safe in utilization, attributes such as the identity through differentiating the user and the authority of matching files and cycle satisfied the needs of user's file safe in utilization under the situation of assurance safety of files;
Secure file is destroyed module when solving file and running into illegal operation and the auto-destruct mechanism that surpasses life cycle, has also comprised the operations such as deletion of keeper's login system to file simultaneously.
4. the USB flash disk system of band security control as claimed in claim 1 and audit is characterized in that, said log record auditing system comprises system operation logging modle, file operation logging modle and abnormal conditions logging modle:
The base attribute of system operation logging modle register system and keeper or user are to the operational circumstances of system; Comprise keeper's operation behavior record; User operation records, its main form comprises: operator, date of operation, operational motion, concrete operations explanation;
Said file operation logging modle comprises records such as file permission attribute, file cyclic attributes, file operating position; Encompasses users is to the concrete operations record of file simultaneously, and record format comprises: file name, file size, date of operation, operator, operation, operation instructions;
The abnormal conditions logging modle is used for register system and illegal operation that file ran into, comprises illegal operation that system runs into and process result, the abnormal operation the when user uses file, warning message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103798734A CN102609367A (en) | 2011-11-25 | 2011-11-25 | USB (Universal Serial Bus) flash disc system with safety control and audit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011103798734A CN102609367A (en) | 2011-11-25 | 2011-11-25 | USB (Universal Serial Bus) flash disc system with safety control and audit |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102609367A true CN102609367A (en) | 2012-07-25 |
Family
ID=46526757
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011103798734A Pending CN102609367A (en) | 2011-11-25 | 2011-11-25 | USB (Universal Serial Bus) flash disc system with safety control and audit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102609367A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831350A (en) * | 2012-08-30 | 2012-12-19 | 北京立思辰计算机技术有限公司 | Self-service compact disk recording whole life cycle monitoring and auditing method |
| CN103268458A (en) * | 2013-06-08 | 2013-08-28 | 福建伊时代信息科技股份有限公司 | Take-away equipment as well as processing method, device and system thereof |
| CN103927271A (en) * | 2013-01-14 | 2014-07-16 | 上海康舟控制系统有限公司 | Solid-state device self-destruction system |
| CN105787377A (en) * | 2014-12-23 | 2016-07-20 | 南京理工大学常熟研究院有限公司 | Portable data storage device |
| CN106874802A (en) * | 2017-01-19 | 2017-06-20 | 湖北航天技术研究院总体设计所 | A kind of industrial control equipment virus protection system based on drive control |
| CN109684866A (en) * | 2018-11-19 | 2019-04-26 | 北京计算机技术及应用研究所 | A kind of safe USB disk system for supporting multi-user data to protect |
| CN111832057A (en) * | 2020-08-20 | 2020-10-27 | 杭州银核存储区块链有限公司 | Self-destruction method for U disk file |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060085596A1 (en) * | 2004-10-18 | 2006-04-20 | Chi-Tung Chang | Portable data storage device and method of accessing data thereof |
| CN1952914A (en) * | 2006-10-13 | 2007-04-25 | 冯浩然 | A encryption U disk system with journal and audits |
| CN101051292A (en) * | 2007-01-08 | 2007-10-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
| CN101349998A (en) * | 2008-07-25 | 2009-01-21 | 杜桦葳 | USB memory apparatus |
-
2011
- 2011-11-25 CN CN2011103798734A patent/CN102609367A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060085596A1 (en) * | 2004-10-18 | 2006-04-20 | Chi-Tung Chang | Portable data storage device and method of accessing data thereof |
| CN1952914A (en) * | 2006-10-13 | 2007-04-25 | 冯浩然 | A encryption U disk system with journal and audits |
| CN101051292A (en) * | 2007-01-08 | 2007-10-10 | 中国信息安全产品测评认证中心 | Reliable U disc, method for realizing reliable U disc safety and its data communication with computer |
| CN101349998A (en) * | 2008-07-25 | 2009-01-21 | 杜桦葳 | USB memory apparatus |
Non-Patent Citations (1)
| Title |
|---|
| 耿振民: "防信息泄密技术的发展与最新动态", 《信息安全与通信保密》 * |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831350A (en) * | 2012-08-30 | 2012-12-19 | 北京立思辰计算机技术有限公司 | Self-service compact disk recording whole life cycle monitoring and auditing method |
| CN102831350B (en) * | 2012-08-30 | 2015-05-20 | 北京立思辰计算机技术有限公司 | Self-service compact disk recording whole life cycle monitoring and auditing method |
| CN103927271A (en) * | 2013-01-14 | 2014-07-16 | 上海康舟控制系统有限公司 | Solid-state device self-destruction system |
| CN103268458A (en) * | 2013-06-08 | 2013-08-28 | 福建伊时代信息科技股份有限公司 | Take-away equipment as well as processing method, device and system thereof |
| CN105787377A (en) * | 2014-12-23 | 2016-07-20 | 南京理工大学常熟研究院有限公司 | Portable data storage device |
| CN106874802A (en) * | 2017-01-19 | 2017-06-20 | 湖北航天技术研究院总体设计所 | A kind of industrial control equipment virus protection system based on drive control |
| CN106874802B (en) * | 2017-01-19 | 2020-02-04 | 湖北航天技术研究院总体设计所 | Industrial control equipment virus protection system based on drive control |
| CN109684866A (en) * | 2018-11-19 | 2019-04-26 | 北京计算机技术及应用研究所 | A kind of safe USB disk system for supporting multi-user data to protect |
| CN109684866B (en) * | 2018-11-19 | 2021-03-23 | 北京计算机技术及应用研究所 | Safe USB flash disk system supporting multi-user data protection |
| CN111832057A (en) * | 2020-08-20 | 2020-10-27 | 杭州银核存储区块链有限公司 | Self-destruction method for U disk file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102609367A (en) | USB (Universal Serial Bus) flash disc system with safety control and audit | |
| US8281388B1 (en) | Hardware secured portable storage | |
| Basharat et al. | Database security and encryption: A survey study | |
| CN101853363B (en) | File protection method and system | |
| CN103065102A (en) | Data encryption mobile storage management method based on virtual disk | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| CN102948114A (en) | Single-use authentication methods for accessing encrypted data | |
| CN106022154A (en) | Method for encrypting database and database server | |
| CN102110201B (en) | System for monitoring and auditing compact disc burning | |
| CN102567233A (en) | Data protection method of USB storage device based on magnetic disc virtual technology | |
| CN102609667A (en) | Automatic file encryption and decryption system and automatic file encryption and decryption method based on filter drive program | |
| CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
| CN103336746A (en) | Safety encrypted USB (Universal Serial Bus) flash disk and data encryption method thereof | |
| CN109214204B (en) | Data processing method and storage device | |
| CN104239812A (en) | Local area network data safety protection method and system | |
| CN106682521A (en) | File transparent encryption and decryption system and method based on driver layer | |
| CN102073597A (en) | Full disk encryption method of operating system disk based on user identity authentication | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN107808676A (en) | The auditing system and method for CD burning | |
| CN111539042A (en) | Safe operation method based on trusted storage of core data files | |
| KR20090128818A (en) | The management system and management method of a secure area | |
| CN102034040A (en) | Log implementation method in encryption card | |
| CN105162803A (en) | Safe information output method and safe information output system of secret-relating network | |
| CN106650492B (en) | A kind of multiple device file guard method and device based on security catalog | |
| CN105205405A (en) | Novel electronic file safe management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120725 |