CN105389520A - Data access control method and apparatus and mobile storage medium - Google Patents
Data access control method and apparatus and mobile storage medium Download PDFInfo
- Publication number
- CN105389520A CN105389520A CN201510767283.7A CN201510767283A CN105389520A CN 105389520 A CN105389520 A CN 105389520A CN 201510767283 A CN201510767283 A CN 201510767283A CN 105389520 A CN105389520 A CN 105389520A
- Authority
- CN
- China
- Prior art keywords
- virtual desktop
- electronic equipment
- data
- memory medium
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/451—Execution arrangements for user interfaces
- G06F9/452—Remote windowing, e.g. X-Window System, desktop virtualisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2143—Clearing memory, e.g. to prevent the data from being stolen
Abstract
The present application provides a data access control method and apparatus and a mobile storage medium. The method comprises: when detecting that the mobile storage medium is connected to an electrical device, starting a virtual desktop on the electrical device; receiving an access request input on the virtual desktop by a user; acquiring target data stored in the mobile storage medium; processing the target data according to operation behaviors of the user on the target data on the virtual desktop, and caching a processing result of the target data in the electrical device; and when a request of terminating the virtual desktop is detected, storing the cached processing result in the mobile storage medium and clearing the processing result cached in the electrical device. The method, the apparatus and the mobile storage medium which are provided by the present application can implement mobile office, while reducing the risk that internal data of an enterprise is leaked.
Description
Technical field
The application relates to electronic information field, particularly relates to a kind of data access control method and device and mobile memory medium.
Background technology
Along with the development of IT application in enterprises degree, enterprises safety problem also more and more comes into one's own.In a lot of situation, user may wish that enterprise external carries out data processing, as, user may wish to work at home to process enterprises associated traffic data, but the business datum of direct copying enterprises, and carries out data processing at enterprise external the risk of data leak can be caused to increase.
At present, in order to reduce the risk of leaking data, a lot of enterprise adopts the technology such as cloud desktop or cloud service to carry out the access behavior of limited subscriber, namely, by sensitive data from the server being saved in corporate intranet, do not allow data to flow out, user can pass through remote desktop visit data, thus inside data of enterprise can not be dropped in the terminal at user place.Although this kind of mode can reduce the risk of leaking data, but but need user just may operate business data when networking, cannot network if user is current, then cannot conduct interviews to business data and process, thus the demand of user's mobile office cannot be met.
Summary of the invention
This application provides a kind of data access control method and device moves mobile memory medium, with under the prerequisite providing mobile office for user, reduce inside data of enterprise by the risk revealed.
To achieve these goals, this application provides following technical scheme: a kind of data access control method, comprising:
When detecting that mobile memory medium is connected with electronic equipment, described electronic equipment starts virtual desktop;
Receive the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium;
Obtain in described mobile memory medium the described target data stored;
According to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory;
When the request stopping described virtual desktop being detected, the described result of buffer memory is stored in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
Preferably, described empty the described result of buffer memory in described electronic equipment after, also comprise:
Stop the described virtual desktop that described electronic equipment runs.
Preferably, describedly on described electronic equipment, start virtual desktop, comprising:
Load and run virtual desktop program preset in described mobile memory medium, to present virtual desktop on described electronic equipment;
For described virtual desktop distributes spatial cache.
Preferably, before the request of access that described reception user inputs on described virtual desktop, also comprise:
Receive the authorization information of user's input;
When verifying that described authorization information is default legal verification information, monitor the request of access that described virtual desktop inputs.
Preferably, after described electronic equipment starts virtual desktop, also comprise:
Obtain in described mobile memory medium the addressable data object stored;
Described addressable data object is presented in described virtual desktop;
The then described request of access receiving user and input on described virtual desktop, comprising:
Receive user to the request of access of the destination object in the described addressable data object presented in described virtual desktop;
The described target data then stored in the described mobile memory medium of described acquisition, comprising:
Obtain in described mobile memory medium the target data in the described destination object stored.
Preferably, after described electronic equipment starts virtual desktop, also comprise:
Set up described electronic equipment based on described virtual desktop to be connected with the network of remote enterprise Intranet;
What described virtual desktop presented described remote enterprise Intranet can service data;
Based on user on described virtual desktop to described can the operation behavior of service data, send request of access to described remote enterprise Intranet, and the network data that corporate intranet described in buffer memory returns;
When the request stopping described virtual desktop being detected, empty the described network data of buffer memory in described electronic equipment.
On the other hand, present invention also provides a kind of data access control device, comprising:
Virtual desktop start unit, for when detecting that mobile memory medium is connected with electronic equipment, described electronic equipment starts virtual desktop;
Access receiving element, for receiving the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium;
Data capture unit, for obtaining in described mobile memory medium the described target data stored;
Data buffer storage unit, for according to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory;
Anti-data-leakage unit, for when the request stopping described virtual desktop being detected, is stored into the described result of buffer memory in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
Preferably, described virtual desktop start unit, comprising:
Desktop adds subelements, for loading and running virtual desktop program preset in described mobile memory medium, to present virtual desktop on described electronic equipment;
Space allocation unit, for distributing spatial cache for described virtual desktop.
Preferably, also comprise:
Information input unit, before the request of access inputted on described virtual desktop described access receiving element reception user, receives the authorization information of user's input;
Information Authentication unit, for when verifying that described authorization information is default legal verification information, monitors the request of access that described virtual desktop inputs.
On the other hand, present invention also provides a kind of mobile memory medium, comprising:
Whether detection module, be connected with electronic equipment for detecting described movable storage device;
Virtual desktop starts module, if for detecting that described movable storage device is connected with electronic equipment, then start virtual desktop on described electronic equipment;
Control module, for receiving the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium; Obtain in described mobile memory medium the described target data stored; According to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory; When the request stopping described virtual desktop being detected, the described result of buffer memory is stored in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
Method described in the application, device and mobile memory medium, when detecting that mobile memory medium is connected with electronic equipment, automatically virtual desktop can be run on an electronic device, user is realized by this virtual desktop all operations of this mobile memory medium, like this, user by virtual desktop to the operation of the data stored in mobile memory medium all can tackle by this virtual desktop and be directed to buffer area to perform, and when the request of closing virtual desktop being detected, by while the result of data is stored into mobile memory medium in mobile memory medium, the result of buffer area buffer memory can be emptied, the data avoided in mobile memory medium are revealed, thus can by storing business data in this mobile memory medium, and the operational processes realized in any terminal business data, while achieving mobile office, also can be avoided the leakage of business data.
Accompanying drawing explanation
In order to be illustrated more clearly in the embodiment of the present application or technical scheme of the prior art, be briefly described to the accompanying drawing used required in embodiment or description of the prior art below, apparently, accompanying drawing in the following describes is only some embodiments of the application, for those of ordinary skill in the art, under the prerequisite not paying creative work, other accompanying drawing can also be obtained according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of a kind of data access control method of the application embodiment;
Fig. 2 is the schematic flow sheet of a kind of another embodiment of data access control method of the application;
Fig. 3 is the structural representation of a kind of data access control device of the application embodiment;
Fig. 4 is the structural representation of a kind of mobile memory medium of the application embodiment.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present application, be clearly and completely described the technical scheme in the embodiment of the present application, obviously, described embodiment is only some embodiments of the present application, instead of whole embodiments.Based on the embodiment in the application, those of ordinary skill in the art are not making the every other embodiment obtained under creative work prerequisite, all belong to the scope of the application's protection.
See Fig. 1, it illustrates the schematic flow sheet of a kind of data access control method of the application embodiment, the method for the present embodiment can comprise:
101, when detecting that mobile memory medium is connected with electronic equipment, start virtual desktop on the electronic equipment.
Wherein, this mobile memory medium can be USB flash disk, portable hard drive, storage card etc.
In the embodiment of the present application, when mobile memory medium is connected with electronic equipment, can trigger and start virtual desktop on an electronic device, the operation behavior of follow-up so all data to storing in mobile memory medium is all the operation behavior on this virtual desktop, and the data that these operation behaviors produce also all can trigger generation by this virtual desktop.
102, receive the request of access that user inputs on this virtual desktop.
Wherein, this request of access conducts interviews for asking the target data to storing in this mobile memory medium, and to make, user is follow-up can be operated this target data.
103, obtain the target data stored in this mobile memory medium.
104, according to user on this virtual desktop to the operation behavior of this target data, this target data is processed, and in this electronic equipment the result of this target data of buffer memory.
Obtain the target data of accessing needed for user from mobile memory medium after, user can operate this target data, as deletion, modifying target data or editing data form etc. operation.
Be understandable that, after starting virtual desktop on an electronic device, all can be redirected any operation that data are carried out by this virtual desktop, namely all operations are not directly change the data on mobile memory medium or electronic equipment, but all data operated by user, intermediate conversion result and final process result are cached to appointed area, and the data itself stored in the storage area of these data can't change.
105, when the request stopping this virtual desktop being detected, this result of buffer memory being stored in this mobile memory medium, and emptying the result of buffer memory in this electronic equipment.
Wherein, the request stopping this virtual desktop can be inputted by user, also can be when detecting that the operation behavior of user meets pre-conditioned, and the request of the termination virtual desktop generated.As, when detecting that user asks to close this virtual desktop, then generate and stop the request of this virtual desktop, also can be user when asking to extract this mobile memory medium, then determine the request stopping this virtual desktop to be detected.
Owing to being all directly to operate the data in mobile memory medium in all operations behavior of virtual desktop, therefore, in order to preserve the operating result of user, when receiving the request stopping this virtual desktop, can the result of buffer memory be stored in this mobile memory medium, meanwhile, in order to avoid leaking data, the result emptying buffer memory in this electronic equipment can be triggered.
Visible, in the embodiment of the present application, when detecting that mobile memory medium is connected with electronic equipment, automatically virtual desktop can be run on an electronic device, user is realized by this virtual desktop all operations of this mobile memory medium, and on the true desktop of electronic equipment, directly cannot access this mobile memory medium, like this, user by virtual desktop to the operation of the data stored in mobile memory medium all can tackle by this virtual desktop and be directed to buffer area to perform, and process and the result data of data processing in medium on this electronic equipment except data buffer area, can not be retained, on electronic equipment, in data buffer area, data are can buffer memory in an encrypted form, therefore leaking data is prevented.And when the request of closing virtual desktop being detected, by while the result of data is stored into mobile memory medium in mobile memory medium, the result of buffer area buffer memory can be emptied, the data avoided in mobile memory medium are revealed, so just can by storing business data in this mobile memory medium, and the operational processes realized in any terminal business data, while achieving mobile office, also can be avoided the leakage of business data.
In actual applications, after the result emptying buffer memory in this electronic equipment, the virtual desktop that this electronic equipment runs can also be stopped.
Be understandable that, in actual applications, the program of this virtual desktop can be preset in mobile memory medium in advance, detecting that this mobile memory medium is connected with electronic equipment, as detected in the USB interface that mobile memory medium is connected on electronic equipment, or be connected with electronic equipment by other means, then can trigger the program of the virtual desktop run in this mobile memory medium, like this, also can only be realized by this virtual desktop to all operations behavior of mobile memory medium.
Meanwhile, after this virtual desktop of startup, in order to ensure the normal operation of virtual desktop, and data access and process can be realized by virtual desktop, spatial cache can also be distributed for virtual desktop.
Concrete, when detecting that mobile memory medium is connected with electronic equipment, loading and running virtual desktop program preset in this mobile memory medium, to present virtual desktop on the electronic equipment; For this virtual desktop distribute spatial cache.Like this, all carry out at this spatial cache by all data manipulations of virtual desktop, all data processed result are also all buffered in this spatial cache, during the request of subsequently received closedown virtual desktop, all data of buffer memory in this spatial cache can be emptied, process and the result data of data processing can not be retained in storage area on electronic equipment except this spatial cache, thus the data in mobile memory medium can not be transferred in electronic equipment, avoid leaking data.Wherein, on electronic equipment, in spatial cache, data are buffer memorys in an encrypted form, therefore can prevent leaking data further
Be understandable that, after distributing spatial cache for virtual desktop, after get target data from mobile memory medium, target data can be cached to this spatial cache, and based on the operation behavior of user, this target data be processed.
Further, in order to provide the security of data, this mobile memory medium can be encryption mobile memory medium, after this mobile memory medium is connected with electronic equipment, need to be verified by the authorization information such as password or fingerprint, and only have authorization information to be after default legal verification information, just allow user to use this mobile memory medium.As, after mobile memory medium is connected with this electronic equipment, start proving program, eject the information of input validation information, after the authorization information receiving user's input, if verify that this authorization information is legal, then load virtual desktop, otherwise do not respond any request of user.Certainly, load virtual desktop and also can exchange with the order receiving user's input validation information, or carry out simultaneously, do not limited at this.
See Fig. 2, it illustrates the schematic flow sheet of a kind of another embodiment of data access control method of the embodiment of the present application, the present embodiment is encrypt a kind of preferred embodiment that mobile memory medium is example with mobile memory medium, and the method for the present embodiment can comprise:
201, when detecting that mobile memory medium is connected with electronic equipment, loading and running the preset virtual desktop program in the program area of this mobile memory medium, presenting virtual desktop on an electronic device.
202, described virtual desktop presents authorization information input frame.
It should be noted that, comprise program area and cryptographic storage district at the storage area of encryption mobile memory medium.Wherein, can store in this cryptographic storage district can for user access data, program area then can storage encryption mobile memory medium run needed for program.
Wherein, the program of this virtual desktop just can programming in this program area.And this proving program can be a part for virtual desktop program, in that case, after being loaded with virtual desktop, the input frame of meeting automatic spring authorization information.This proving program also can be independently be arranged in program area, can call the proving program of the program area of mobile memory medium in that case, to present the input frame of authorization information on virtual desktop.
203, receive the authorization information that user inputs in this input frame.
204, after the authorization information of authentication of users input is default legal verification information, the request of access that monitoring virtual desktop inputs.
Be understandable that, run before virtual desktop on an electronic device, prompting user input validation information, and after authorization information is proved to be successful, then represent virtual desktop and be applicable to the present embodiment too.
205, when after the request of access that reception user inputs on this virtual desktop, from the cryptographic storage region this mobile memory medium, obtain the target data of this request of access institute request access.
Wherein, this request of access conducts interviews for asking the target data to storing in this mobile memory medium.
206, according to user on this virtual desktop to the operation behavior of this target data, this target data is processed, and in this electronic equipment the result of this target data of buffer memory.
207, when the request stopping this virtual desktop being detected, this result of buffer memory being stored into the cryptographic storage district of this mobile memory medium, and emptying the result of buffer memory in this electronic equipment.
208, close this virtual desktop.
In the present embodiment, mobile memory medium is set to encrypt mobile memory medium, encryption mobile memory medium is combined with virtual desktop technology, only have when the authorization information of user's input is legal verification information like this, user is just allowed to be visited the data stored in cryptographic storage district in the deciphering of this encryption mobile storage by virtual desktop, thus be conducive to avoiding unauthorized person use this encryption mobile memory medium and cause leaking data, further increase the security of data.
More than the application in any one embodiment, after starting virtual desktop on an electronic device, also comprise:
Obtain the addressable data object stored in mobile memory medium; Then, in described virtual desktop, this addressable data object is presented.Wherein, this addressable data object can be that a file or a list etc. can operands.By the addressable data object presented at virtual desktop, user can be made to compare and to get information about all objects can accessed in this mobile memory medium, so that user determines the object of required access.Certainly, in actual applications, in order to reduce data processing amount, the addressable data object that virtual desktop presents is only the mark of addressable data, and uniquely can indicate file or a list etc. by this mark can operand.
Accordingly, user can directly operate the addressable data object that virtual desktop presents, as clicked or choose part or all of addressable data object.Like this, virtual desktop receive user to this virtual desktop in destination object in the addressable data object that presents request of access after, the target data in the destination object stored in this mobile memory medium can be obtained.As, destination object can be a form in a file, then destination object is the data in this form.
Be understandable that, in any one embodiment above, be connected with electronic equipment at mobile memory medium, and after starting virtual desktop on an electronic device, if this electronic equipment can connect with remote enterprise Intranet, as connected with remote server, also can carry out remote access by this virtual desktop to Enterprise content, to avoid the leaking data of Enterprise content.Concrete, after starting virtual desktop on an electronic device, can also comprise:
Set up electronic equipment based on virtual desktop to be connected with the network of remote enterprise Intranet, namely carry out trigger network connection request by virtual desktop, and set up network connection; Wherein, this network connect can for encryption secured communication channel, the content transmitted by this secured communication channel cannot be run virtual desktop electronic equipment deciphering, therefore can prevent leaking data.
What virtual desktop presented this remote enterprise Intranet can service data;
Based on user on virtual desktop to can the operation behavior of service data, send request of access to remote enterprise Intranet, and the network data that this corporate intranet of buffer memory returns;
When the request stopping virtual desktop being detected, empty this network data of buffer memory in electronic equipment.
In the process that can be conducted interviews to remote enterprise Intranet by virtual desktop, the all-network data that corporate intranet returns all are tackled by this virtual desktop, and be directed in named cache, and when the request stopping virtual desktop being detected, the network data of buffer memory in electronic equipment can be emptied, thus while access remote enterprise Intranet, avoid the leaking data in remote enterprise Intranet.
A kind of data access control method of corresponding the application, the embodiment of the present application additionally provides a kind of data access control device.
See Fig. 3, it illustrates the structural representation of a kind of data access control device of the application embodiment, the device of the present embodiment can comprise:
Virtual desktop start unit 301, for when detecting that mobile memory medium is connected with electronic equipment, described electronic equipment starts virtual desktop;
Access receiving element 302, for receiving the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium;
Data capture unit 303, for obtaining in described mobile memory medium the described target data stored;
Data buffer storage unit 304, for according to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory;
Anti-data-leakage unit 305, for when the request stopping described virtual desktop being detected, is stored into the described result of buffer memory in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
Optionally, described device can also comprise:
Virtual desktop stop unit, at described anti-data-leakage unit after the described result emptying buffer memory in described electronic equipment, stop the described virtual desktop that described electronic equipment runs.
Optionally, described virtual desktop start unit, comprising:
Desktop adds subelements, for loading and running virtual desktop program preset in described mobile memory medium, to present virtual desktop on described electronic equipment;
Space allocation unit, for distributing spatial cache for described virtual desktop.
Optionally, described device also comprises:
Information input unit, before the request of access inputted on described virtual desktop described access receiving element reception user, receives the authorization information of user's input;
Information Authentication unit, for when verifying that described authorization information is default legal verification information, monitors the request of access that described virtual desktop inputs.
Further, the device of the present embodiment can also comprise:
Network connection establishment unit, after starting virtual desktop at described virtual desktop start unit on described electronic equipment, is connected based on the network of the electronic equipment that virtual desktop is set up with remote enterprise Intranet;
Display unit, can service data for what present described remote enterprise Intranet on described virtual desktop;
Network data buffer unit, for based on user on described virtual desktop to described can the operation behavior of service data, send request of access to described remote enterprise Intranet, and the network data that corporate intranet described in buffer memory returns;
Network data empties unit, for when the request stopping described virtual desktop being detected, empties the described network data of buffer memory in described electronic equipment.
On the other hand, the embodiment of the present application is also supplied to a kind of mobile memory medium.
See Fig. 4, it illustrates the structural representation of a kind of mobile memory medium of the application embodiment, the mobile memory medium of the present embodiment can comprise:
Whether detection module 401, be connected with electronic equipment for detecting described movable storage device;
Virtual desktop starts module 402, if for detecting that described movable storage device is connected with electronic equipment, then start virtual desktop on described electronic equipment;
Control module 403, for receiving the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium; Obtain in described mobile memory medium the described target data stored; According to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory; When the request stopping described virtual desktop being detected, the described result of buffer memory is stored in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
It should be noted that, in this mobile memory medium, the specific implementation process of modules see the related introduction of method or device embodiment, can repeat no more herein.
In this instructions, each embodiment adopts the mode of going forward one by one to describe, and what each embodiment stressed is the difference with other embodiment, between each embodiment same or similar part mutually see.
To the above-mentioned explanation of the disclosed embodiments, professional and technical personnel in the field are realized or uses the application.To be apparent for those skilled in the art to the multiple amendment of these embodiments, General Principle as defined herein when not departing from the spirit or scope of the application, can realize in other embodiments.Therefore, the application can not be restricted to these embodiments shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.
Claims (10)
1. a data access control method, is characterized in that, comprising:
When detecting that mobile memory medium is connected with electronic equipment, described electronic equipment starts virtual desktop;
Receive the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium;
Obtain in described mobile memory medium the described target data stored;
According to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory;
When the request stopping described virtual desktop being detected, the described result of buffer memory is stored in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
2. method according to claim 1, is characterized in that, described empty the described result of buffer memory in described electronic equipment after, also comprise:
Stop the described virtual desktop that described electronic equipment runs.
3. method according to claim 1, is characterized in that, describedly on described electronic equipment, starts virtual desktop, comprising:
Load and run virtual desktop program preset in described mobile memory medium, to present virtual desktop on described electronic equipment;
For described virtual desktop distributes spatial cache.
4. method according to claim 1, is characterized in that, before the request of access that described reception user inputs on described virtual desktop, also comprises:
Receive the authorization information of user's input;
When verifying that described authorization information is default legal verification information, monitor the request of access that described virtual desktop inputs.
5. the method according to claim 1 or 4, is characterized in that, after described electronic equipment starts virtual desktop, also comprises:
Obtain in described mobile memory medium the addressable data object stored;
Described addressable data object is presented in described virtual desktop;
The then described request of access receiving user and input on described virtual desktop, comprising:
Receive user to the request of access of the destination object in the described addressable data object presented in described virtual desktop;
The described target data then stored in the described mobile memory medium of described acquisition, comprising:
Obtain in described mobile memory medium the target data in the described destination object stored.
6. method according to claim 1, is characterized in that, after described electronic equipment starts virtual desktop, also comprises:
Set up described electronic equipment based on described virtual desktop to be connected with the network of remote enterprise Intranet;
What described virtual desktop presented described remote enterprise Intranet can service data;
Based on user on described virtual desktop to described can the operation behavior of service data, send request of access to described remote enterprise Intranet, and the network data that corporate intranet described in buffer memory returns;
When the request stopping described virtual desktop being detected, empty the described network data of buffer memory in described electronic equipment.
7. a data access control device, is characterized in that, comprising:
Virtual desktop start unit, for when detecting that mobile memory medium is connected with electronic equipment, described electronic equipment starts virtual desktop;
Access receiving element, for receiving the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium;
Data capture unit, for obtaining in described mobile memory medium the described target data stored;
Data buffer storage unit, for according to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory;
Anti-data-leakage unit, for when the request stopping described virtual desktop being detected, is stored into the described result of buffer memory in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
8. device according to claim 7, is characterized in that, described virtual desktop start unit, comprising:
Desktop adds subelements, for loading and running virtual desktop program preset in described mobile memory medium, to present virtual desktop on described electronic equipment;
Space allocation unit, for distributing spatial cache for described virtual desktop.
9. device according to claim 7, is characterized in that, also comprises:
Information input unit, before the request of access inputted on described virtual desktop described access receiving element reception user, receives the authorization information of user's input;
Information Authentication unit, for when verifying that described authorization information is default legal verification information, monitors the request of access that described virtual desktop inputs.
10. a mobile memory medium, is characterized in that, comprising:
Whether detection module, be connected with electronic equipment for detecting described movable storage device;
Virtual desktop starts module, if for detecting that described movable storage device is connected with electronic equipment, then start virtual desktop on described electronic equipment;
Control module, for receiving the request of access that user inputs on described virtual desktop, described request of access conducts interviews for asking the target data to storing in described mobile memory medium; Obtain in described mobile memory medium the described target data stored; According to user on described virtual desktop to the operation behavior of described target data, described target data is processed, and in described electronic equipment the result of target data described in buffer memory; When the request stopping described virtual desktop being detected, the described result of buffer memory is stored in described mobile memory medium, and empties the described result of buffer memory in described electronic equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510767283.7A CN105389520A (en) | 2015-11-11 | 2015-11-11 | Data access control method and apparatus and mobile storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510767283.7A CN105389520A (en) | 2015-11-11 | 2015-11-11 | Data access control method and apparatus and mobile storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105389520A true CN105389520A (en) | 2016-03-09 |
Family
ID=55421796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510767283.7A Pending CN105389520A (en) | 2015-11-11 | 2015-11-11 | Data access control method and apparatus and mobile storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105389520A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105894769A (en) * | 2016-03-30 | 2016-08-24 | 乐视控股(北京)有限公司 | Mobile storage device and data access method and device |
| CN106778321A (en) * | 2016-11-18 | 2017-05-31 | 东软集团股份有限公司 | Authority control method and device |
| CN108021801A (en) * | 2017-11-20 | 2018-05-11 | 深信服科技股份有限公司 | Divulgence prevention method, server and storage medium based on virtual desktop |
| CN110390209A (en) * | 2019-07-25 | 2019-10-29 | 中国工商银行股份有限公司 | Creation data access method and device |
| CN111158857A (en) * | 2019-12-24 | 2020-05-15 | 深信服科技股份有限公司 | Data encryption method, device, equipment and storage medium |
| CN111881466A (en) * | 2020-08-06 | 2020-11-03 | 成都卫士通信息产业股份有限公司 | File output method and device, electronic equipment and storage medium |
| CN115511307A (en) * | 2022-09-28 | 2022-12-23 | 西京学院 | Waste water on-line monitoring and intelligent scheduling discharge system based on big data |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026516A (en) * | 2006-02-22 | 2007-08-29 | 迈世亚(北京)科技有限公司 | Method for establishing virtual personal network connection |
| CN101272242A (en) * | 2008-02-29 | 2008-09-24 | 中兴通讯股份有限公司 | Mobile memory system and method based on network |
| CN201319185Y (en) * | 2008-08-12 | 2009-09-30 | 袁萌 | Intelligent terminal mobile storage Windows |
| CN101710290A (en) * | 2009-12-17 | 2010-05-19 | 东南大学 | Method for implementing portable mobile desktop terminal |
| CN101807237A (en) * | 2010-03-01 | 2010-08-18 | 北京飞天诚信科技有限公司 | Signature method and device |
| CN101989196A (en) * | 2009-08-04 | 2011-03-23 | 张济政 | Mobile storage equipment-based parasitic operation system |
| WO2013008058A1 (en) * | 2011-07-08 | 2013-01-17 | Daini Matteo | Portable usb pocket device for internet connection, with its own live operating system for accessing user's virtual desktop through the internet |
| CN103473515A (en) * | 2013-09-27 | 2013-12-25 | 贝壳网际(北京)安全技术有限公司 | Management method, device and client terminal of private data of browser |
| CN103488515A (en) * | 2012-12-05 | 2014-01-01 | 张维加 | Equipment combining USB guide system and program virtual machine |
| CN103546483A (en) * | 2013-10-31 | 2014-01-29 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for safe network access |
-
2015
- 2015-11-11 CN CN201510767283.7A patent/CN105389520A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101026516A (en) * | 2006-02-22 | 2007-08-29 | 迈世亚(北京)科技有限公司 | Method for establishing virtual personal network connection |
| CN101272242A (en) * | 2008-02-29 | 2008-09-24 | 中兴通讯股份有限公司 | Mobile memory system and method based on network |
| CN201319185Y (en) * | 2008-08-12 | 2009-09-30 | 袁萌 | Intelligent terminal mobile storage Windows |
| CN101989196A (en) * | 2009-08-04 | 2011-03-23 | 张济政 | Mobile storage equipment-based parasitic operation system |
| CN101710290A (en) * | 2009-12-17 | 2010-05-19 | 东南大学 | Method for implementing portable mobile desktop terminal |
| CN101807237A (en) * | 2010-03-01 | 2010-08-18 | 北京飞天诚信科技有限公司 | Signature method and device |
| WO2013008058A1 (en) * | 2011-07-08 | 2013-01-17 | Daini Matteo | Portable usb pocket device for internet connection, with its own live operating system for accessing user's virtual desktop through the internet |
| CN103488515A (en) * | 2012-12-05 | 2014-01-01 | 张维加 | Equipment combining USB guide system and program virtual machine |
| CN103473515A (en) * | 2013-09-27 | 2013-12-25 | 贝壳网际(北京)安全技术有限公司 | Management method, device and client terminal of private data of browser |
| CN103546483A (en) * | 2013-10-31 | 2014-01-29 | 宇龙计算机通信科技(深圳)有限公司 | Method and device for safe network access |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105894769A (en) * | 2016-03-30 | 2016-08-24 | 乐视控股(北京)有限公司 | Mobile storage device and data access method and device |
| CN106778321A (en) * | 2016-11-18 | 2017-05-31 | 东软集团股份有限公司 | Authority control method and device |
| CN106778321B (en) * | 2016-11-18 | 2020-06-05 | 东软集团股份有限公司 | Authority control method and device |
| CN108021801A (en) * | 2017-11-20 | 2018-05-11 | 深信服科技股份有限公司 | Divulgence prevention method, server and storage medium based on virtual desktop |
| CN108021801B (en) * | 2017-11-20 | 2021-07-06 | 深信服科技股份有限公司 | Virtual desktop-based anti-leakage method, server and storage medium |
| CN110390209A (en) * | 2019-07-25 | 2019-10-29 | 中国工商银行股份有限公司 | Creation data access method and device |
| CN111158857A (en) * | 2019-12-24 | 2020-05-15 | 深信服科技股份有限公司 | Data encryption method, device, equipment and storage medium |
| CN111881466A (en) * | 2020-08-06 | 2020-11-03 | 成都卫士通信息产业股份有限公司 | File output method and device, electronic equipment and storage medium |
| CN115511307A (en) * | 2022-09-28 | 2022-12-23 | 西京学院 | Waste water on-line monitoring and intelligent scheduling discharge system based on big data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105389520A (en) | Data access control method and apparatus and mobile storage medium | |
| US10375116B2 (en) | System and method to provide server control for access to mobile client data | |
| CN110535833B (en) | Data sharing control method based on block chain | |
| CN103778384B (en) | The guard method of the virtual terminal security context of a kind of identity-based certification and system | |
| JP5688458B2 (en) | System and method for securely using multiple subscriber profiles in security components and portable communication devices | |
| CN102622311B (en) | USB (universal serial bus) mobile memory device access control method, USB mobile memory device access control device and USB mobile memory device access control system | |
| US20160057228A1 (en) | Application execution program, application execution method, and information processing terminal device that executes application | |
| CN103559455A (en) | Android device personal information protection method based on user identification | |
| CN103095457A (en) | Login and verification method for application program | |
| CN105528553A (en) | A method and a device for secure sharing of data and a terminal | |
| US8190757B1 (en) | Systems and methods for automatically binding client-side applications with backend services | |
| CN102065104A (en) | Method, device and system for accessing off-site document | |
| CN101197874B (en) | Mobile terminal equipment | |
| US10762231B2 (en) | Protecting screenshots of applications executing in a protected workspace container provided in a mobile device | |
| CN102378155B (en) | System and method for remotely controlling mobile terminal | |
| US20220075867A1 (en) | Temporary removal of software programs to secure mobile device | |
| WO2017166362A1 (en) | Esim number writing method, security system, esim number server, and terminal | |
| CN101739361A (en) | Access control method, access control device and terminal device | |
| US20120204232A1 (en) | System And Method For Managing Usage Rights Of Software Applications | |
| KR102137309B1 (en) | Intergrated Monitoring System | |
| KR102356474B1 (en) | Systems that support smart work | |
| CN105516136A (en) | Authority management method, device and system | |
| CN104955043A (en) | Intelligent terminal safety protection system | |
| CN103208043A (en) | Method and system for providing hotel services | |
| CN111181905B (en) | File encryption method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160309 |