CN104239765A - Security management device and system for universal management medium - Google Patents
Security management device and system for universal management medium Download PDFInfo
- Publication number
- CN104239765A CN104239765A CN201310234401.9A CN201310234401A CN104239765A CN 104239765 A CN104239765 A CN 104239765A CN 201310234401 A CN201310234401 A CN 201310234401A CN 104239765 A CN104239765 A CN 104239765A
- Authority
- CN
- China
- Prior art keywords
- security control
- interface module
- security
- control apparatus
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a security management device and system for a universal management medium. A read-write host is connected to a universal storage medium through the security management device. The security management device comprises a main mode type interface assembly, a slave mode type interface assembly and a data security control assembly. The main mode type interface assembly is connected to the universal storage medium. The security management device is identified as the read-write host through the universal storage medium. The slave mode type interface assembly is connected to the read-write host. The security management device is identified as the universal storage medium through the read-write host. The data security control assembly is connected with the main mode type interface assembly and the slave mode type interface assembly for security identification during data exchange. Compared with the prior art, the security management device and system have the advantages that security management device and system are high in compatibility, safe, reliable and easy and convenient to use and supports concentrated security management on the read-write host.
Description
Technical field
The present invention relates to information security field, especially relate to a kind of security control apparatus for general management medium and a kind of safety management system based on this device.
Background technology
The use of various storage medium; bring great convenience to individual and in-house daily life and work; but its safety issue also becomes increasingly conspicuous, some nonstandard usage behaviors usually can cause the leakage of individual privacy or organize divulging a secret of internal information assets.Therefore need a kind of measure to protect the safety of responsive storage medium in individual and tissue, prevent the loss that sensitive information leakage causes.
There is a kind of solution adopting hardware mode at present, i.e. the solution of added safety devices on traditional memory device, as encrypted U disk, fingerprint portable hard drive.The advantage of this method is that security is good and easy to use, and its shortcoming is: 1. can only use as special memory device, cannot ensure the safety reading and writing main frame; 2., for a tissue, centralized security management cannot be realized by implementing unified storage security operating strategy.
Also there is a kind of solution adopting software mode at present, namely at operating system nucleus layer, a kind of specific driver is installed, realize " whole dish encryption " or specific file is encrypted.The advantage of this method is applicable to general storage medium, its shortcoming is that easily the security application (as anti-virus software, personal firewall software) that operate in operating system nucleus layer same with other clashes thus produce problems that are compatible and stability aspect, and therefore this solution is not suitable in tissue, implement large-scale application.
Summary of the invention
Object of the present invention be exactly in order to overcome above-mentioned prior art exist defect and a kind of security control apparatus for general management medium and a kind of safety management system based on this device are provided, program compatibility is good, safe and reliable, easy to be easy-to-use, and supports to carry out centralized security management to read-write main frame.
Object of the present invention can be achieved through the following technical solutions:
For a security control apparatus for general management medium, read-write main frame is connected to universal storage medium by described security control apparatus, and described security control apparatus comprises:
Holotype interface module, is connected to universal storage medium, by universal storage medium, security control apparatus is identified as read-write main frame;
From mode interface assembly, be connected to read-write main frame, by read-write main frame, security control apparatus be identified as universal storage medium;
Data Security Control assembly, connects holotype interface module and from mode interface assembly, carries out safety certification during exchanges data.
Described holotype interface module comprises SATA interface module and usb interface module, and described comprises eSATA interface module, usb interface module and ethernet interface module from mode interface assembly.
Described SATA interface module comprises SATA physical interface and connected SATA controller and RAID controller, usb interface module comprises USB physical interface and connected USB controller, eSATA interface module comprises eSATA physical interface and connected eSATA controller, and ethernet interface module comprises Ethernet physical interface and connected ethernet controller.
Described Data Security Control assembly comprises flash storage, data filtering processor, Read-write Catrol processor, encryption processor, authentication processor and physical characteristics collecting device, described flash storage is connected with data filtering processor, Read-write Catrol processor, encryption processor, authentication processor respectively, and described physical characteristics collecting device connects authentication processor.
Described physical characteristics collecting device comprises fingerprint capturer.
A kind of read-write Host Security management system of above-mentioned security control apparatus, comprise the security control apparatus that Security Strategies server and multiple and described Security Strategies server are connected, Security Strategies server sends security control instruction to all security control apparatus, carries out unified data safety management.
Compared with prior art, the present invention has built a transparent Agent Bridge between universal storage medium and read-write main frame, achieve the safety management to read-write main frame, do not rely on the software environment of universal storage medium during work, be supported in tissue and implement unified storage security operating strategy to realize carrying out centralized safety management to storage medium.
Accompanying drawing explanation
Fig. 1 is the structural representation of security control apparatus;
Fig. 2 is the fundamental diagram of safety management system safety control strategy.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in detail.
Embodiment
As shown in Figure 1, a kind of security control apparatus for general management medium, is connected between read-write main frame and universal storage medium, specifically comprises holotype interface module 1, from mode interface assembly 2, Data Security Control assembly 3 three parts.Wherein, holotype interface module 1 is connected to universal storage medium, read-write main frame is identified as by universal storage medium, and be connected to read-write main frame from mode interface assembly 2, be identified as the universal storage medium of standard by read-write main frame, thus between universal storage medium and read-write main frame, build a transparent Agent Bridge.Then by being connected to holotype interface module 1 and from the Data Security Control assembly 3 between mode interface assembly 2, carrying out safety certification during data interaction, the data safety management of read-write main frame is realized.
Wherein, holotype interface module 1 comprises SATA interface module and usb interface module, and comprises eSATA interface module, usb interface module and ethernet interface module from mode interface assembly 2.These interface modules are specially:
SATA interface module comprises SATA physical interface 41 and connected SATA controller 42 and RAID controller 43, usb interface module comprises USB physical interface 51 and connected USB controller 52, eSATA interface module comprises eSATA physical interface 61 and connected eSATA controller 62, and ethernet interface module comprises Ethernet physical interface 71 and connected ethernet controller 71.In order to ensure the accuracy and efficiency that data are transmitted, a buffer control unit 9 can be set at holotype interface module 1 with between mode interface assembly 2, realize the buffering of data transmission.Can realize the exchanges data between universal storage medium and read-write main frame by above-mentioned interface module, its security control is realized by Data Security Control assembly 3.
The Security Strategies of this Data Security Control assembly 3 includes authentication, data filtering, Read-write Catrol and data encryption, and its particular hardware comprises flash storage 31, data filtering processor 32, Read-write Catrol processor 33, encryption processor 34, authentication processor 35 and physical characteristics collecting device 36.Flash storage 31 is connected with data filtering processor 32, Read-write Catrol processor 33, encryption processor 34, authentication processor 35 respectively, as storing some information realized required for security strategy, comprise user and Groups List, storage medium register list, data filtering list, Access Control List (ACL) and key list etc.Physical characteristics collecting device 36 can adopt the devices such as fingerprint capturer, obtains biological information, and carries out authentication by authentication processor 35.
By disposing one for carrying out the Security Strategies server 8 of unified management, each security control apparatus is all connected with this Security Strategies server 8, thus forms a set of safety management system that can manage all read-write main frames.Storage security operating strategy is pushed to each safety management system by Security Strategies server 8, as shown in Figure 2.During application, storage security operating strategy pushes in each security control apparatus by Security Strategies server 8, and enforces storage security operating strategy, then in system, can carry out centralized safety management to storage medium.
Claims (6)
1., for a security control apparatus for general management medium, read-write main frame is connected to universal storage medium by described security control apparatus, and it is characterized in that, described security control apparatus comprises:
Holotype interface module, is connected to universal storage medium, by universal storage medium, security control apparatus is identified as read-write main frame;
From mode interface assembly, be connected to read-write main frame, by read-write main frame, security control apparatus be identified as universal storage medium;
Data Security Control assembly, connects holotype interface module and from mode interface assembly, carries out safety certification during exchanges data.
2. a kind of security control apparatus for general management medium according to claim 1, it is characterized in that, described holotype interface module comprises SATA interface module and usb interface module, and described comprises eSATA interface module, usb interface module and ethernet interface module from mode interface assembly.
3. a kind of security control apparatus for general management medium according to claim 2, it is characterized in that, described SATA interface module comprises SATA physical interface and connected SATA controller and RAID controller, usb interface module comprises USB physical interface and connected USB controller, eSATA interface module comprises eSATA physical interface and connected eSATA controller, and ethernet interface module comprises Ethernet physical interface and connected ethernet controller.
4. a kind of security control apparatus for general management medium according to claim 1, it is characterized in that, described Data Security Control assembly comprises flash storage, data filtering processor, Read-write Catrol processor, encryption processor, authentication processor and physical characteristics collecting device, described flash storage is connected with data filtering processor, Read-write Catrol processor, encryption processor, authentication processor respectively, and described physical characteristics collecting device connects authentication processor.
5. a kind of security control apparatus for general management medium according to claim 4, it is characterized in that, described physical characteristics collecting device comprises fingerprint capturer.
6. one kind adopts the read-write Host Security management system of security control apparatus described in claim 1, it is characterized in that, comprise the security control apparatus that Security Strategies server and multiple and described Security Strategies server are connected, Security Strategies server sends the steering order of Security Strategies to all security control apparatus, carries out unified data safety management.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310234401.9A CN104239765A (en) | 2013-06-09 | 2013-06-09 | Security management device and system for universal management medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310234401.9A CN104239765A (en) | 2013-06-09 | 2013-06-09 | Security management device and system for universal management medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104239765A true CN104239765A (en) | 2014-12-24 |
Family
ID=52227811
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310234401.9A Pending CN104239765A (en) | 2013-06-09 | 2013-06-09 | Security management device and system for universal management medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104239765A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291244A (en) * | 2007-04-16 | 2008-10-22 | 深圳市维信联合科技有限公司 | Network security management method and system thereof |
| CN101794364A (en) * | 2010-03-24 | 2010-08-04 | 无锡天鸿信息技术有限公司 | Device capable of carrying out safety management on universal storage medium |
| US20100241868A1 (en) * | 2009-03-19 | 2010-09-23 | Hani Nachef | Method and apparatus for storing, managing, and securing personal information |
| CN101916342A (en) * | 2010-08-16 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Secure mobile storage device and method for realizing secure data exchange by using same |
| CN202548829U (en) * | 2012-04-24 | 2012-11-21 | 深圳市维信联合科技有限公司 | Secure mobile memory and secure data system |
-
2013
- 2013-06-09 CN CN201310234401.9A patent/CN104239765A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101291244A (en) * | 2007-04-16 | 2008-10-22 | 深圳市维信联合科技有限公司 | Network security management method and system thereof |
| US20100241868A1 (en) * | 2009-03-19 | 2010-09-23 | Hani Nachef | Method and apparatus for storing, managing, and securing personal information |
| CN101794364A (en) * | 2010-03-24 | 2010-08-04 | 无锡天鸿信息技术有限公司 | Device capable of carrying out safety management on universal storage medium |
| CN101916342A (en) * | 2010-08-16 | 2010-12-15 | 武汉天喻信息产业股份有限公司 | Secure mobile storage device and method for realizing secure data exchange by using same |
| CN202548829U (en) * | 2012-04-24 | 2012-11-21 | 深圳市维信联合科技有限公司 | Secure mobile memory and secure data system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3532977B1 (en) | Periodically re-encrypting user data stored on a storage device | |
| US10810138B2 (en) | Enhanced storage encryption with total memory encryption (TME) and multi-key total memory encryption (MKTME) | |
| CN104615938A (en) | Power-on authentication method based on solid-state hard disk drive | |
| CN104160407A (en) | Using storage controller bus interfaces to secure data transfer between storage devices and hosts | |
| CN1996328A (en) | Portable information safety device | |
| TW201207862A (en) | Memory identification code generating method, management method, controller and storage system | |
| EP3020178A1 (en) | Universal serial bus (usb) device access | |
| CN201654768U (en) | Active type intelligent security USB (Universal Serial Bus) removable storage equipment | |
| CN105205416A (en) | Mobile hard disk password module | |
| CN105740733A (en) | Encrypted mobile hard disk and realization method thereof | |
| CN1312551C (en) | Portable secret computer | |
| CN102012874B (en) | USB (universal serial bus) storage device provided with resource manager | |
| CN201549223U (en) | Trusted secure portable storage device | |
| CN203414950U (en) | Safety management device for universal management media and safety management system | |
| CN204557492U (en) | A kind of data in magnetic disk encrypted circuit plate | |
| CN104239765A (en) | Security management device and system for universal management medium | |
| CN104503705A (en) | Trusted storage system constructed by flash memory devices and method for constructing trusted storage system by flash memory devices | |
| CN201122436Y (en) | Mobile hard disk case | |
| CN111736770B (en) | Embedded secure memory | |
| EP3007092B1 (en) | Mobile device-based authentication method and authentication apparatus | |
| CN204316517U (en) | A kind of SAS interface encryption apparatus | |
| US9369278B2 (en) | Method for maintenance or exchange of encryption function in storage system and storage device | |
| Cox et al. | Potential difficulties during investigations due to solid state drive (SSD) technology | |
| KR20100133184A (en) | Solid state drive device | |
| CN101794364A (en) | Device capable of carrying out safety management on universal storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20141224 |
|
| RJ01 | Rejection of invention patent application after publication |