CN103065104B - Movable storage device and the supervisory system formed thereof - Google Patents

Movable storage device and the supervisory system formed thereof Download PDF

Info

Publication number
CN103065104B
CN103065104B CN201210571845.7A CN201210571845A CN103065104B CN 103065104 B CN103065104 B CN 103065104B CN 201210571845 A CN201210571845 A CN 201210571845A CN 103065104 B CN103065104 B CN 103065104B
Authority
CN
China
Prior art keywords
module
client
storage device
management
interface
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201210571845.7A
Other languages
Chinese (zh)
Other versions
CN103065104A (en
Inventor
黄德俊
肖建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Changhong Electric Co Ltd
Original Assignee
Sichuan Changhong Electric Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Changhong Electric Co Ltd filed Critical Sichuan Changhong Electric Co Ltd
Priority to CN201210571845.7A priority Critical patent/CN103065104B/en
Publication of CN103065104A publication Critical patent/CN103065104A/en
Application granted granted Critical
Publication of CN103065104B publication Critical patent/CN103065104B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The supervisory system that the invention discloses a kind of movable storage device and form, movable storage device is primarily of realizing layer and interface layer two parts formation; Described realization layer is primarily of client registers module, client manager module, Client Policy execution module, authentication module, basic management module, control list management module and control list distribution module formation; Described interface layer is primarily of client-side management interface, basic management interface and control list management interface formation.The present invention can carry out unified management to the move media in native system, can make up the deficiency of current techniques, realizes that mobile storage is safe and reliable to be used and manage.Can effectively prevent company or intramural sensitive information or trade secret from leaking by this monitor supervision platform system, be the safe and reliable information environment that unit or company create.

Description

Movable storage device and the supervisory system formed thereof
Technical field
The present invention relates to a kind of movable storage device and form supervisory system thus, the supervisory system particularly relating to a kind of movable storage device and form.
Background technology
Mobile memory medium is as the carrier of information; owing to having flexibly, the advantage such as convenience; popularized rapidly in society; increasing sensitive information, secret data and archives material are stored in mobile storage medium, in a large amount of secret papers and the mobile memory medium of data storage under unprotect state.
But, also do not have the movable storage device supervisory systems of complete set can carry out the management of the overall situation to mobile device on the market.The safety protection facility such as antivirus software system, firewall system common does not on the market have due authentication function yet.And mainly contain following two schemes for the authentication means of mobile device at present:
Scheme one: forbidding USB, the program has discarded computing machine USB flash disk copies data function.
Realize effect: forbid all mobile devices connected by USB interface, make computing machine lose USB and to be correlated with all functions.
Advantage: fundamentally can stop the possibility of being divulged a secret by mobile devices such as USB flash disks.
Shortcoming: discarded important information interaction means, brings inconvenience to more or less the work of our unit worker.
Scheme two: allot the use of mobile device from specification mobile device source by unit is unified.
Realize effect: unit allots mobile device for employee, the equipment that our unit employee can be allowed to allot in interior online use carries out copy and the transmission of information.
Advantage: the source of specification mobile device.
Shortcoming: there is no software systems on the market or supervisory system can use the behavior of mobile device to exercise supervision to employee, in unit, employee's mobile device whether applying unit is allotted is difficult to control.
Summary of the invention
The object of the invention is to the weak point overcoming prior art existence, the supervisory system providing a kind of movable storage device and form, unified management is carried out to various move media, the deficiency of current techniques can be made up, realize that mobile storage is safe and reliable to be used and manage.
Object of the present invention is achieved through the following technical solutions:
A kind of movable storage device, movable storage device is primarily of realizing layer and interface layer two parts formation; Below for realizing the concrete inner structure scheme of layer and interface layer:
Described realization layer is primarily of client registers module, client manager module, Client Policy execution module, authentication module, basic management module, control list management module and control list distribution module formation;
Described interface layer is primarily of client-side management interface, basic management interface and control list management interface formation;
Interface layer with realize layer concrete be connected as follows: the control list management interface of described interface layer is connected with the control list management module corresponding circuits realizing layer, the basic management interface of described interface layer is connected with the basic management module corresponding circuits realizing layer, and the client-side management interface of described interface layer is connected with the client manager module corresponding circuits realizing layer.
This mobile storage can be only the memory disc that has storage space, and its inner all software module technical schemes containing above-mentioned realization layer and interface layer; Also can more supporting Added Management hardware devices, its particular hardware equipment and annexation as follows: described movable storage device also includes and controls list external module, basic management external module and client-side management external module, described control list external module respectively with control list management module, control list distribution module circuit and be connected, described basic management external module is connected with basic management modular circuit.
The supervisory system be made up of movable storage device, described movable storage device connects or/and the mode that data line connects is connected with several clients respectively by network.
The concrete annexation that the invention provides between a kind of client and mobile storage device management software is, described client by the client-side management interface of interface layer respectively with client registers module, client manager module, Client Policy execution module, authentication module, the basic management module of described realization layer, control list management module and control list distribution module circuit to be connected.
Further technical scheme is, described client also can be mated and be provided with client registers module, client manager module, Client Policy execution module and authentication module.
The present invention comparatively prior art compares, and has the following advantages and beneficial effect:
The present invention can carry out unified management to the move media in native system, can make up the deficiency of current techniques, realizes that mobile storage is safe and reliable to be used and manage.Can effectively prevent company or intramural sensitive information or trade secret from leaking by this monitor supervision platform system, be the safe and reliable information environment that unit or company create.
Accompanying drawing explanation
Fig. 1 is the supervisory system structural representation that this movable storage device is formed;
Fig. 2 is the theory structure block diagram of the supervisory system that this movable storage device is formed.
Wherein, the name corresponding to the Reference numeral in accompanying drawing is called:
1-movable storage device, 2-client.
Embodiment
Below in conjunction with embodiment, the present invention is described in further detail:
Embodiment
As shown in Fig. 1 ~ Fig. 2, a kind of movable storage device and the supervisory system formed thereof, movable storage device of the present invention can for carrying the movable storage device 1 of server; Also can have server by optional equipment, the server of optional equipment, its server and movable storage device 1 include all inner structures realizing layer and interface layer as follows jointly.Because the principle of two kinds of modes, structure are all identical, the present embodiment is just introduced for the movable storage device carrying server, and the movable storage device carrying server is primarily of realizing layer and interface layer two parts are formed.
Realize layer to form primarily of client registers module, client manager module, Client Policy execution module, authentication module, basic management module, control list management module and control list distribution module.
Client registers module Main Function assists client 2 to complete ID registration, controls list distribution module and be responsible for the ID distribute work of client 2 and the division of movable storage device inner space.The storage mode of movable storage device 1 can be the following two kinds mode:
First kind of way: movable storage device 1 can have the storage space of a public use and respective independently storage space, after distributing an ID, an ID has oneself independently storage space in movable storage device 1, the storage space of public use stores common material or all departments' data of company, common material can not arrange authority, when entering all departments' data, can verifying authorization be set, can data be placed in the storage space that each ID is corresponding, can from common material or divisional divisionalized data duplicate copy data.
The second way: movable storage device 1 does not divide several independently storage spaces, the data be stored in movable storage device 1 can not be moved, after client 2 registers an ID, have and check authority, carry out link to the various data that can check to check, duplicate copy just can not checked.
The data that the control list management module realizing layer is mainly used in storing all registration ID form ID storehouse, and constantly update this ID storehouse, the change data of the information such as the password of each ID also stores synchronized in ID storehouse.
The basic management module major function realizing layer has been the various basic management operations of movable storage device 1, the display etc. of such as software interface.
The client manager module realizing layer is mainly used in the management to client, also can synchronously be installed in client 2, realizes the resource information synchronous effect of movable storage device 1 and client 2.
The authentication module realizing layer is mainly used in user when client 2 inputs ID and information, and the information in the ID of input and information and ID storehouse compared, comparison correctly just can enter storage system, and comparison False Rejects enters storage system; When entering divisional divisionalized data in movable storage device 1, also will verify, also this authorization information and the information being stored in ID storehouse can be compared, comparison correctly just has permission and checks this divisional divisionalized data, and this divisional divisionalized data is checked in comparison False Rejects.Like this, by ID verification mode, do not have the personnel of ID authority cannot enter in this movable storage device 1, more cannot check the data in movable storage device 1 yet.
Interface layer is primarily of client-side management interface, basic management interface and control list management interface formation.
Client-side management interface is port and the indentification protocol connecting interface of client 2, can ensure the convenience that this movable storage device is checked with security and the data of the supervisory system formed.
Basic management interface is port and the indentification protocol connecting interface of basic management, can ensure that data and checking of each client are successfully carried out.
Controlling list management interface is ID input validation interface and ID storehouse checking interface, can report guarantee to verify legal, carry out fast, in an orderly manner.
For ensureing that the coordination of this movable storage device is carried out, interface layer with realize layer concrete be connected as follows: the control list management interface of interface layer is connected with the control list management module corresponding circuits realizing layer, the basic management interface of interface layer is connected with the basic management module corresponding circuits realizing layer, and the client-side management interface of interface layer is connected with the client manager module corresponding circuits realizing layer.
This movable storage device can be only the memory disc that has storage space, and its inner all software modules containing above-mentioned realization layer and interface layer; Also can more supporting Added Management hardware devices, its particular hardware equipment and annexation as follows: movable storage device 1 also includes and controls list external module, basic management external module and client-side management external module, control list external module respectively with control list management module, control list distribution module circuit and be connected, basic management external module is connected with basic management modular circuit.
The supervisory system be made up of movable storage device, this supervisory system also includes some clients 2.Its internal system annexation is: movable storage device 1(is the movable storage device carrying server) connect or/and the mode of data connecting line is connected with several clients 2 respectively by network.Each client 2 can respectively by above-mentioned connected mode and movable storage device 1 data cube computation, internetwork connection mode can be wired connection (cable-network transmission line: telephone wire, netting twine etc.), also can be wireless connections (including GPRS wireless connections, the mobile link based on GSM).The movable storage device 1 of this supervisory system can without server, optional equipment is just needed to have server, the server of optional equipment, its server and movable storage device 1 include all inner structures realizing layer and interface layer as follows jointly, common this supervisory system of communication.Because the principle of two kinds of modes, structure are all identical, the supervisory system that the present embodiment is just formed for the movable storage device carrying server is introduced.
Client 2 by the client-side management interface of interface layer respectively with realize layer client registers module, client manager module, Client Policy execution module, authentication module, basic management module, control list management module and control list distribution module circuit to be connected.Like this, what can ensure client and movable storage device connects into a total system, monitoring principle of the present invention can be realized according to the logic rules of whole supervisory system, both facilitated the checking of the user being positioned at client and checked, having facilitated again the monitoring management and basic setup management etc. of management end.This supervisory system completes client validation by these modules and enters, checks the function such as data, authority judgement, and the mobile copy that also can realize data information very easily under the automatic monitoring of this supervisory system waits operation.This supervisory system also can be arranged on this intrasystem any data all cannot copy out native system, can only check reading in native system, prevents leaking of company or intramural sensitive information or trade secret.
The client 2 of this supervisory system also can be mated and be provided with client registers module, client manager module, Client Policy execution module and authentication module.Relevant information simultaneously match in client 2 on authorization information and managing control information and movable storage device 1, like this, can enter native system more easily by client 2, it will be more quick for using.
This supervisory system provides following concrete aufbauprinciple and pattern: movable storage device supervising platform (supervisory system be namely made up of movable storage device) adopt C/S model to combine with single cpu mode basic scheme.In general, the basic ideas of the program are: server end (i.e. the movable storage device end of the present embodiment), provide the interface of keeper's supervision and configuration.By service end interface, keeper can register legal movable storage device ID.After completing new registration movable storage device ID, ID can be distributed to each controlled client 2 by server end in a secured manner.After client 2 receives new registration ID, the ID storehouse of modules composition in client 2 can be upgraded.Like this, the distribution of legal movable storage device ID is just completed.When there being user to use movable storage device 1 in client 2, client 2 first can the ID of this movable storage device 1 of automatic acquisition; Then search in the ID storehouse of client 2, to judge whether this device id is present in local ident storehouse; If exist, then allow user to use this movable storage device 1, otherwise prohibit the use, and report Misuse situation to server end.
Obviously, such scheme can meet two primary demands of this patent: namely can only use registered movable storage device 1 at internal network, and can not use external equipment; Registered movable storage device 1, can use in external network.
As shown in Figure 1, the management in movable storage device (i.e. server end) the primary responsibility legal movable storage device ID storehouse at center, distribute work is positioned at; Also to complete the registration of client 2, the realization of administrator configurations audit interface simultaneously.Whether, in client, its primary responsibility specifically performs monitor strategy, namely allow user to use movable storage device 1, and the maintenance work in local device (client) ID storehouse.
The foregoing is only preferred embodiment of the present invention, not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.

Claims (4)

1. a movable storage device, is characterized in that: movable storage device (1) is primarily of realizing layer and interface layer two parts formation;
Described realization layer is made up of client registers module, client manager module, Client Policy execution module, authentication module, basic management module, control list management module and control list distribution module;
Described interface layer is made up of client-side management interface, basic management interface and control list management interface;
The control list management interface of described interface layer is connected with the control list management module corresponding circuits realizing layer, the basic management interface of described interface layer is connected with the basic management module corresponding circuits realizing layer, and the client-side management interface of described interface layer is connected with the client manager module corresponding circuits realizing layer; Described movable storage device (1) also includes and controls list external module, basic management external module and client-side management external module, described control list external module respectively with control list management module, control list distribution module circuit and be connected, described basic management external module is connected with basic management modular circuit.
2. the supervisory system be made up of movable storage device according to claim 1, is characterized in that: described movable storage device (1) connects or/and the mode that data line connects is connected with several clients (2) respectively by network.
3., according to supervisory system according to claim 2, it is characterized in that: described client (2) by the client-side management interface of interface layer respectively with client registers module, client manager module, Client Policy execution module, authentication module, the basic management module of described realization layer, control list management module and control list distribution module circuit to be connected.
4. according to supervisory system according to claim 3, it is characterized in that: in described client (2), also coupling is provided with client registers module, client manager module, Client Policy execution module and authentication module.
CN201210571845.7A 2012-12-26 2012-12-26 Movable storage device and the supervisory system formed thereof Active CN103065104B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201210571845.7A CN103065104B (en) 2012-12-26 2012-12-26 Movable storage device and the supervisory system formed thereof

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201210571845.7A CN103065104B (en) 2012-12-26 2012-12-26 Movable storage device and the supervisory system formed thereof

Publications (2)

Publication Number Publication Date
CN103065104A CN103065104A (en) 2013-04-24
CN103065104B true CN103065104B (en) 2015-12-23

Family

ID=48107731

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201210571845.7A Active CN103065104B (en) 2012-12-26 2012-12-26 Movable storage device and the supervisory system formed thereof

Country Status (1)

Country Link
CN (1) CN103065104B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI626554B (en) * 2017-08-02 2018-06-11 Dual interface hard disk case with data security system

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104104682A (en) * 2014-07-22 2014-10-15 江苏威盾网络科技有限公司 Collaborative office USB flash disk system and collaborative office method
CN104307121A (en) * 2014-10-23 2015-01-28 代尔塔(中国)安全防护有限公司 Safety protection equipment ecological system based on NFC technology and application method of safety protection equipment ecological system
CN108352022B (en) * 2015-08-27 2023-02-17 万事达卡国际股份有限公司 System and method for monitoring computer authentication programs
CN109828793B (en) * 2019-01-28 2022-06-28 超越科技股份有限公司 USB (Universal Serial bus) control method and system based on domestic operating system

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534293A (en) * 2008-08-07 2009-09-16 北京广信科发科技有限公司 Method and system for unidirectionally transmitting data
CN101901315A (en) * 2010-07-12 2010-12-01 浪潮齐鲁软件产业有限公司 Security isolation and monitoring management method of USB mobile storage media

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006012014A2 (en) * 2004-06-28 2006-02-02 Jen-Wei Kuo Security protection apparatus and methods for endpoint computing systems

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101534293A (en) * 2008-08-07 2009-09-16 北京广信科发科技有限公司 Method and system for unidirectionally transmitting data
CN101901315A (en) * 2010-07-12 2010-12-01 浪潮齐鲁软件产业有限公司 Security isolation and monitoring management method of USB mobile storage media

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI626554B (en) * 2017-08-02 2018-06-11 Dual interface hard disk case with data security system

Also Published As

Publication number Publication date
CN103065104A (en) 2013-04-24

Similar Documents

Publication Publication Date Title
CN106534362B (en) Software resource sharing method and device based on cloud platform
CN103065104B (en) Movable storage device and the supervisory system formed thereof
CN105139139B (en) Data processing method and device and system for O&M audit
CN107241360A (en) A kind of data safety shares exchange method and data safety shares switching plane system
CN110197058A (en) Unified internal control method for managing security, system, medium and electronic equipment
CN109379369A (en) Single-point logging method, device, server and storage medium
CN104247486B (en) The method and computing device of connection are established between the enterprise security circumference of equipment and enterprise
CN103442354B (en) A kind of movable police terminal security managing and control system
CN106330575A (en) Safety service platform and safety service deployment method
CN104168333A (en) Working method of PROXZONE service platform
CN104239814A (en) Mobile office safety method and mobile office safety system
CN103441864A (en) Method for monitoring illegal external connection of terminal equipment
CN102307114A (en) Management method of network
CN104320389A (en) Fusion identify protection system and fusion identify protection method based on cloud computing
CN109302404A (en) A kind of remote maintenance authenticating operation method of wide area operational system
CN106600231A (en) Dynamic management system for infrastructure projects
CN103997502A (en) Safety enhanced model designing method based on cloud computing data center
CN114357490A (en) Data sharing method, device and system based on block chain
CN108966216A (en) A kind of method of mobile communication and device applied to power distribution network
CN114866346B (en) Password service platform based on decentralization
CN106487770B (en) Method for authenticating and authentication device
CN201491036U (en) Host monitoring and auditing system
CN103297266B (en) A kind of system access management method based on utility integration bus
CN108809930B (en) User authority management method and device
CN106934300A (en) The safety control and method of a kind of data handling system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant