CN106127073A - A kind of guard method of user's operation information - Google Patents
A kind of guard method of user's operation information Download PDFInfo
- Publication number
- CN106127073A CN106127073A CN201610462542.XA CN201610462542A CN106127073A CN 106127073 A CN106127073 A CN 106127073A CN 201610462542 A CN201610462542 A CN 201610462542A CN 106127073 A CN106127073 A CN 106127073A
- Authority
- CN
- China
- Prior art keywords
- information
- user
- program
- proceed
- operation monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Physics (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
Abstract
The present invention is applicable to the technical field of information protecting method, discloses the guard method of user's operation information, comprises the steps:, in user needs the system of operation, to set up information insulating space;During user operation, system is monitored;During user operation, communication service is monitored.The guard method of a kind of user's operation information that the present invention provides, for information protecting method, the security isolation of sensitive document was realized before user operation, monitoring in real time is realized among user operation, system information reduction is realized after user operation, it is greatly improved the safety of sensitive document information, both sensitive document was isolated with physical network, can effectively eliminate again and illegally steal the impact on sensitive document, and, also use portable memory apparatus as the information insulating space of sensitive document, allow users in office the safest when sensitive document is separated with operating system, improve the safety of sensitive document information further.
Description
[technical field]
The present invention relates to a kind of information protecting method, particularly to the guard method of a kind of user's operation information.
[background technology]
Now, the fast development of information technology and network technology and extensively application, a large amount of governments, enterprises and individuals need
Various network environments are carried out operate and process the file relating to sensitive information, cause operation and the record information accessed and weight
Want that file is substantial amounts of to be cached in the middle of network-termination device, carried out hidden trouble to the information security of government, enterprises and individuals.Combine
Seeing the information-leakage event occurred in recent years, a lot of governments, enterprise, star even ordinary people is by information leakage side
The security threat in face." shake net " virus of such as Iran, " the prism door " etc. of the U.S..Therefore the security protection to sensitive information
Demand the most urgent.
The existing information protecting method for above-mentioned sensitive document there is also certain deficiency, mainly includes with lower section
Face:
One is a lack of the effective protection to operation and file access vestige.Under complicated network environment, the access of program
Operation with resource all can leave substantial amounts of Operation Log information and data cached on an operating system, and this gives the letter of sensitive document
Breath safety brings hidden trouble.
Two is that operation and the sensitive document accessed are lacked effective and safe isolation.Protection to sensitive document in prior art
Often using special program to operate sensitive document, these programs itself have certain control of authority, to sensitive literary composition
Access and the operation of part are required for authentication, so that it is guaranteed that the safety of sensitive document.But, a lot of in the case of above-mentioned journey
Sequence the most also can remain in operation record the information even copy of sensitive document of sensitive document that is that obtained and that operated
In system or the network terminal, and the access of these record information and operation are to need not move through authentication, therefore result in quick
Sense fileinfo is revealed.Prior art does not also have can effectively clear up these record information and the method for protection sensitive document.
Three security protections being a lack of operating process whole to sensitive document.The access of system resource and the place of sensitive document
Can pass through screenshotss in the middle of reason process, the means such as intercept illegally are stolen, and are not had effective safeguard procedures in prior art.
Therefore, how to reduce and even eliminate the risk illegally stolen in the middle of sensitive document operating process, be the technology needing solution badly
One of problem.
[summary of the invention]
It is an object of the invention to overcome above-mentioned the deficiencies in the prior art, it is provided that the protection side of a kind of user's operation information
Method, its aim to solve the problem that in prior art a large amount of sensitive document information leakage during user operation, cannot be complete by sensitive document
The technical problem that sensitive document information in isolation, operating process is easily stolen.
For achieving the above object, the present invention proposes the guard method of a kind of user's operation information, comprises the steps:
S1: in user needs the system of operation, set up information insulating space, and allow user's input information insulating space
Checking information;
S2: during user operation, is monitored system, if be detected that information stealth program, then ejects letter
The warning that breath is stolen;
S3: during user operation, is monitored communication service, if be detected that there is the third party of None-identified
Access communications services, then eject the unsafe warning of communication line;
S4: the temporary file produced during user operation is preserved to information insulating space, and by user in system
Sensitive document required for operation also moves to information insulating space;
S5: user complete operation after, the user's operation information in deletion system, by system reducing to user operation it
Front state.
As preferably, specifically comprising the following steps that of described step S2
Whether S21: scanning system, have system to operate monitoring program, if be detected that have, then proceed to step in confirmation system
S23;If it is not, proceed to step S22;
S22: installation system operation monitoring program, proceeds to step S23;
S23: start system operation monitoring program, the logging modle of the current state information of system is redirected information every
From space;
S24: system is carried out security sweep, and proceeds to step S25;
S25: during user operation, the program run in monitoring system in real time, it is confirmed whether to be currently running
Information stealth program, if be detected that there is information stealth program to be currently running, then proceed to step S26;If it is not, keep
Monitoring state, until user completes operation, proceeds to step S27;
S26: eject information stealth warning and there is termination measure, end measure and ignore the choice box of measure, and root
According to the selection of user or terminate all operation programs, proceed to step S27;Entering of the information stealth program that detection of end goes out
Journey, and by the information record of information stealth program at information insulating space, then after waiting 1s~3s, proceed to step S25;
Directly after waiting 5s~20s, proceed to step S25;
S27: after user completes operation, shut-down system operation monitoring program, and deletion system operation monitoring program.
As preferably, specifically comprising the following steps that of described step S24
Whether S241: scanning system, have security scanning program in confirmation system, if it has, then proceed to step S243;If
No, then step S242 is proceeded to;
S242: install security scanning program, proceed to step S243;
S243: start security scanning program, system is carried out security sweep, is confirmed whether there is information stealth program, and will
The logging modle of the Log Directory of security scanning program redirects at information insulating space;
S244: system is carried out security sweep, if be detected that there is information stealth program, then proceeds to step S245;If
No, then closed safe scanning imaging system, and delete security scanning program, proceed to step S25;
S245: the process of ending message snooper at once, by the information record of information stealth program at information isolation sky
Between.
As preferably, specifically comprising the following steps that of described step S3
S31: when user initiates a communication connection, suspend this communication connection, scanning system, whether have in confirmation system
The traffic operation monitoring program being currently running, if be detected that have, then proceeds to step S35;If it is not, proceed to step S32;
Whether S32: scanning system, have traffic operation to monitor program, if be detected that have, then proceed to step in confirmation system
S34;If it is not, proceed to step S33;
S33: install traffic operation monitoring program, proceed to step S34;
S34: start mounted traffic operation monitoring program, proceed to step S35;
S35: continue the communication connection interrupted, the connection occurred in monitoring communication service, be confirmed whether have third party to access
This communication connection, if be detected that there is the third party of None-identified, then proceeds to step S36;If it is not, keep monitoring shape
State, until user completes communication, proceeds to step S37;
S36: suspend communication connection, ejects the dangerous warning of communication line and has termination measure and ignore the choosing of measure
Select frame, and according to the selection of user or terminate all of communication connection at once, communication close serve port, and by third-party
Link information record, at information insulating space, then reopens communication service port after waiting 1s~3s, proceeds to step
S31;Step S35 is proceeded to after waiting 5s~20s;
S37: after user completes communication, communication close operation monitoring program, and after user completes operation, delete
Traffic operation monitoring program.
As preferably, the system in described step S2 operates monitoring program and the traffic operation in described step S3
Monitoring program all uses user operation to monitor program, and described user operation monitoring program includes relatively independent system operation prison
Survey module and traffic operation monitoring modular;
System operation monitoring program in described step S21, S22 is user operation monitoring program, described step
Traffic operation monitoring program in S32, S33 is user operation monitoring program;
Described step S23 is for starting user operation monitoring program, and starts system operation monitoring modular, working as system
The logging modle of front status information redirects at information insulating space;
After described step S27 is for completing operation user, shut-down system operation monitoring modular, and delete user operation
Monitoring program;
Described step S31 is when user initiates a communication connection, suspends this communication connection, and scanning system confirms
Whether system has the traffic operation monitoring modular being currently running, if be detected that have, then proceeds to step S35;If it is not,
Proceed to step S32;
Described step S34 is for starting mounted user operation monitoring program, and starts traffic operation monitoring modular, turns
Enter step S35;
After described step S37 is for completing communication user, communication close operation monitoring modular.
As preferably, described information insulating space is portable storage device, described user operation monitoring program
All being located in storage device with the installation file of security scanning program, described step S1 is for needing behaviour by storage device with user
The system made connects, and ejects the inputting interface of checking information.
As preferably, read when the sensitive document in described step S4 includes user operation, revise, search, delete
And the sensitive document created, wherein, the sensitive document read during user operation, revised and create turns after user operation
Depositing copy to information insulating space, the sensitive document searched during user operation form with file directory after user operation is protected
Depositing to information insulating space, before the sensitive document user operation again deleted during user operation, unloading copy is to information isolation sky
Between.
As preferably, described information insulating space includes encrypting exchange area and common exchange area, described encryption exchange
District uses disk encryption to be encrypted, and described sensitive document moves to encryption exchange area and uses asymmetric encryption to calculate
Sensitive document is encrypted by method, and described system controls to limit the sensitive document in encryption exchange area by routine access
Can only be user-operably by the decryption program specified.
As preferably, in described step S5, user's operation information includes the access note of the log-on message of system, program
The record of the installation of record information, program or operation or the log information operated, sensitive document duplication or amendment or deletion or establishment is believed
Breath and the access record information of communication service.
As preferably, in described step S5, respectively by program log information, system registry information, system
Log information and communication connection information carry out feature analysis and program access record information, the log information of program, system
Logon information and the access record information of the record information of sensitive document and communication service position and delete.
Beneficial effects of the present invention: compared with prior art, the protection side of a kind of user's operation information that the present invention provides
Method, for the defect in information protecting method, realized before user operation sensitive document security isolation, user operation it
Middle realization is monitored in real time, is realized system information reduction after user operation, is greatly improved the safety of sensitive document information, both
Isolate with physical network all sidedly, up hill and dale by sensitive document, can effectively eliminate again and illegally steal the shadow to sensitive document
Ring, and, also use portable memory apparatus as the information insulating space of sensitive document so that why not user can in office pacify
The when of complete, sensitive document is separated with operating system, improve the safety of sensitive document information further.
Inventive feature and advantage will combine accompanying drawing by embodiment and be described in detail.
[accompanying drawing explanation]
Fig. 1 is the schematic flow sheet of the embodiment of the present invention;
Fig. 2 is the particular flow sheet of step S2 in the first embodiment of the present invention;
Fig. 2-1 is the particular flow sheet of step S24 in the first embodiment of the present invention;
Fig. 3 is the particular flow sheet of step S3 in the first embodiment of the present invention;
Fig. 4 is the particular flow sheet of step S2 in the second embodiment of the present invention;
Fig. 5 is the particular flow sheet of step S3 in the second embodiment of the present invention;
Fig. 6 be the second embodiment of the present invention be embodied as flow chart.
[detailed description of the invention]
For making the object, technical solutions and advantages of the present invention of greater clarity, below by accompanying drawing and embodiment, right
The present invention is further elaborated.However, it should be understood that specific embodiment described herein is only in order to explain this
Bright, it is not limited to the scope of the present invention.Additionally, in the following description, eliminate the description to known features and technology, with
Avoid unnecessarily obscuring idea of the invention.
Refering to Fig. 1, the embodiment of the present invention provides the guard method of a kind of user's operation information, comprises the steps:
S1: in user needs the system of operation, set up information insulating space, and allow user's input information insulating space
Checking information so that user before the procedure rather than carries out authentication in operating process, thus after avoiding use system
The probability that sensitive information is conducted interviews by door.In embodiments of the present invention, checking information is already provided in information insulating space.
S2: during user operation, is monitored system, if be detected that information stealth program, then ejects letter
The warning that breath is stolen.This step is for the situation of illegally stealing in physical connection.
S3: during user operation, is monitored communication service, if be detected that there is the third party of None-identified
Access communications services, then eject the unsafe warning of communication line.This step is for the situation of illegally stealing in communication connection.
Owing to the communication of sensitive document often has specific connectivity port and man-to-man connection protocol, therefore, in communication line
Once occur that third party connects, mean that this communication line is eavesdropped, be in unsafe condition.
S4: the temporary file produced during user operation is preserved to information insulating space, and by user in system
Sensitive document required for operation also moves to information insulating space, not only makes the operation of sensitive document to stay in systems
Lower vestige, and realize the security isolation of sensitive document so that access and the operation of sensitive document are separated with operating system, carry
The safety of high sensitive document.
S5: user complete operation after, the user's operation information in deletion system, by system reducing to user operation it
Front state.Embodiments of the invention are visited produced by the resource of access under different operating system environment and the program of operation
Ask and carry out targeted elimination with operation note, the system mode before reduction user operation so that the information of user operation will not be
System stays any vestige, reduces the risk that fileinfo is revealed.
Referring again to Fig. 2, in the first embodiment of the present invention, the specifically comprising the following steps that of step S2
Whether S21: scanning system, have system to operate monitoring program, if be detected that have, then proceed to step in confirmation system
S23;If it is not, proceed to step S22.
S22: installation system operation monitoring program, proceeds to step S23.
S23: start system operation monitoring program, the logging modle of the current state information of system is redirected information every
From space.
S24: system is carried out security sweep, and proceeds to step S25.
S25: during user operation, the program run in monitoring system in real time, it is confirmed whether to be currently running
Information stealth program, if be detected that there is information stealth program to be currently running, then proceed to step S26;If it is not, keep
Monitoring state, until user completes operation, proceeds to step S27.
S26: eject information stealth warning and there is termination measure, end measure and ignore the choice box of measure, and root
According to the selection of user or terminate all operation programs, proceed to step S27;Entering of the information stealth program that detection of end goes out
Journey, and by the information record of information stealth program at information insulating space, then after waiting 1s~3s, proceed to step S25;
Directly after waiting 5s~20s, proceed to step S25.In the first embodiment of the present invention, selection termination measure is then
System operation monitoring program can terminate the every operation of user, and be considered as user and complete operation, directly carries out follow-up system reducing
Step;Select end measure then system operation monitoring program only to close the information stealth program detected, then wait that 3s is follow-up
Continuous monitoring process;Select ignorance measure then system operation monitoring program not carry out any operation, supervise again after waiting 15s
Survey.In ignorance measure, system operation monitoring program once finds that information stealth program will eject information stealth warning, and this is just
It is likely to result in user during operation, constantly receives the warning of ejection so that user is painstaking, therefore, ignore
Waiting time in measure needs, more than the waiting time in end measure, to improve the convenience of user operation.
S27: after user completes operation, shut-down system operation monitoring program, and deletion system operation monitoring program, enter
One step eliminates the vestige that user stays in systems.
Refering to Fig. 2-1, specifically comprising the following steps that of above-mentioned step S24
Whether S241: scanning system, have security scanning program in confirmation system, if it has, then proceed to step S243;If
No, then step S242 is proceeded to.
S242: install security scanning program, proceed to step S243.
S243: start security scanning program, system is carried out security sweep, is confirmed whether there is information stealth program, and will
The logging modle of the Log Directory of security scanning program redirects at information insulating space.
S244: system is carried out security sweep, if be detected that there is information stealth program, then proceeds to step S245;If
No, then closed safe scanning imaging system, and delete security scanning program, proceed to step S25.It is to say, security scanning program
Carry out security protection just for the system situation before user operation, once complete security sweep, remove vestige the most at once, and open
Place system is so that user operation.
S245: the process of ending message snooper at once, by the information record of information stealth program at information isolation sky,
User is able to the information of information stealth program compare with the Log Directory of security scanning program, it is ensured that security sweep
The accuracy of program.
Further, referring again to Fig. 3, specifically comprising the following steps that of step S3
S31: when user initiates a communication connection, suspend this communication connection, scanning system, whether have in confirmation system
The traffic operation monitoring program being currently running, if be detected that have, then proceeds to step S35;If it is not, proceed to step S32.
Whether S32: scanning system, have traffic operation to monitor program, if be detected that have, then proceed to step in confirmation system
S34;If it is not, proceed to step S33.
S33: install traffic operation monitoring program, proceed to step S34.
S34: start mounted traffic operation monitoring program, proceed to step S35.
S35: continue the communication connection interrupted, the connection occurred in monitoring communication service, be confirmed whether have third party to access
This communication connection, if be detected that there is the third party of None-identified, then proceeds to step S36;If it is not, keep monitoring shape
State, until user completes communication, proceeds to step S37.
S36: suspend communication connection, ejects the dangerous warning of communication line and has termination measure and ignore the choosing of measure
Select frame, and according to the selection of user or terminate all of communication connection at once, communication close serve port, and by third-party
Link information record, at information insulating space, then reopens communication service port after waiting 1s~3s, proceeds to step
S31;Step S35 is proceeded to after waiting 5s~20s.
S37: after user completes communication, communication close operation monitoring program, and after user completes operation, delete
Traffic operation monitoring program.
Wherein, above-mentioned step is the process that user once communicates to connect, and during user operation, communication link
Connecing by generation repeatedly, therefore, above-mentioned step also repetitive cycling is repeatedly.And, the communication connection of twice or more than twice
When producing, above-mentioned step can also be carried out simultaneously, it is only necessary to when running to step S37 simultaneously, ignores because being currently running
And cannot communication close operation monitoring program, and the last time operating procedure S37 time, communication close operation monitoring program is i.e.
Can.
In the first embodiment of the present invention, step S2 and step S3 can start simultaneously at, synchronize to carry out.Due to communication behaviour
Tending to belong to a part for system operation, therefore step S3 terminates to terminate early than step S2, i.e. step S37 end of run
Afterwards, step S27 just end of run.And, traffic operation monitoring program is installed in systems, therefore, and system operation monitoring journey
The monitoring process of sequence also can monitor the running of whole step S3, prevents traffic operation monitoring program self contaminated and affects
The situation of the safety of whole guard method occurs.
Certainly, the waiting time in step S26 and step S36 is not only limited in the particular value in first embodiment, as long as
Within being in above-mentioned time range, just belong to protection scope of the present invention.
Specifically, sensitive document in step s 4 is read, revises, searches, deletes and is created when including user operation
Sensitive document, wherein, read during user operation, unloading copy is extremely after user operation for the sensitive document revising and create
Information insulating space, the sensitive document searched during user operation preserves to information with the form of file directory after user operation
Insulating space, before the sensitive document user operation again deleted during user operation, unloading copy is to information insulating space.
Further, information insulating space includes encrypting exchange area and common exchange area, and encryption exchange area uses disk to add
Close being encrypted, sensitive document moves to encryption exchange area and uses rivest, shamir, adelman to add sensitive document
Close process, system can only be by the decryption program quilt specified by the sensitive document that routine access controls to limit in encryption exchange area
User operation.If it is to say, sensitive document has left copy is encrypting exchange area, then user can not access and operate
Sensitive document in system, and by decryption program, the sensitive document of information insulating space can only be operated.This kind of side
Method makes user generally require to carry out twice authentication and could operate sensitive document, substantially increase sensitive document
Confidentiality.Wherein, common exchange area is for the program letter in the temporary file in storing step S4 and step S2 and step S3
Breath.
Specifically, in step s 5, user's operation information include the log-on message of system, the access record information of program,
Program installs or runs or the log information of operation, sensitive document replicate or amendment or the record information deleted or create and logical
The access record information of telecommunications services.
Further, in step s 5, respectively by program log information, system registry information, system journal are believed
Breath and communication connection information carry out feature analysis and program access record information, the log information of program, the logging in of system
The record information of information and sensitive document and the access record information of communication service position and delete.The first of the present invention
Embodiment is for different operating system environments, and take on a different character analysis method, to realize different system and distinct program
The location of information is deleted.
In order to the purpose of the present invention is better achieved, present invention also offers the second embodiment, wherein, the second embodiment with
It is in place of the difference of first embodiment: system operation monitoring program in step s 2 and the traffic operation monitoring in step S3
Program all uses user operation to monitor program, and user operation monitoring program includes relatively independent system operation monitoring modular and leads to
Letter operation monitoring modular.It is to say, system is operated monitoring program by the second embodiment of the present invention monitors journey with traffic operation
Sequence is integrated mutually so that the step that step S2 is identical with in step S3 can be carried out simultaneously, thus shortens step S2 and step S3 fortune
The time of row, improve the operational efficiency of program.
Referring again to Fig. 4 and Fig. 5, the system operation monitoring program in step S21, S22 is user operation monitoring program.
Step S23 is for starting user operation monitoring program, and starts system operation monitoring modular, by the note of the current state information of system
Record module redirects at information insulating space.After step S27 is for completing operation user, shut-down system operation monitoring modular,
And delete user operation monitoring program.
Traffic operation monitoring program in step S32, S33 is user operation monitoring program.Step S31 is for sending out as user
When playing a communication connection, suspend this communication connection, scanning system, whether confirmation system has the traffic operation prison being currently running
Survey module, if be detected that have, then proceed to step S35;If it is not, proceed to step S32.Step S34 is that startup installs
User operation monitoring program, and start traffic operation monitoring modular, proceed to step S35.Step S37 is for completing communication user
Afterwards, communication close operation monitoring modular.
Further, information insulating space is portable storage device, user operation monitoring program and security sweep journey
The installation file of sequence is all located in storage device, and step S1 is that the system that storage device needs operation with user is connected, and bullet
Go out to verify the inputting interface of information.
Wherein, encryption exchange area can be to use the form of virtual hard disk, further by sensitive document and isolation of system.
Remaining step is all identical with first embodiment, does not repeats them here.
Refering to Fig. 6, as a example by the second embodiment, the present invention specifically comprises the following steps that
(1) system is started.
(2) portable storage device is inserted, the checking information of input user, unlocking information insulating space.
(3) authentication is by afterwards, starts scanning and installs user operation monitoring program, starts system operation monitoring mould
Block, redirects the module of system record current state information in common exchange area.
(4) start scanning and start security scanning program, and the logging modle of log information is redirected in common exchange
District.
(5) system carrying out security sweep, now, user will be unable to operate system.
(6) after completing security sweep, close and delete security scanning program, to user's open systems, now, commonly handing over
The log information changed in district still retains.
(7) according to the operation of user, it is judged that whether user is conducting interviews to sensitive document and operating, and user is needed
Or the sensitive document accessed or operate retains copy and is encrypting exchange area, waits user's operation next time, now, is
System operation monitoring modular keeps monitoring process.
(8) according to the operation of user, it is judged that user needs whether the sensitive document accessing or operating leaves copy in encryption
Exchange area, if it has, then remind user to input decryption information, is then appointed as decryption program by sensitive document and opens, and remind
User inputs the authentication information of decryption program, and now, system operation monitoring modular keeps monitoring process.
(9) according to the operation of user, it may be judged whether communicate service monitoring, if user has initiated communication connection, then
Scanning open communication operation monitoring modular, now, system operation monitoring modular keeps monitoring process.
(10) communication connection to user is monitored, and prevents third party from eavesdropping communication connection, and daily record is believed
The logging modle of breath redirects in common exchange area.
(11) after user terminates communication connection, communication close monitoring modular.
(12) after user completes operation, shut-down system operation monitoring modular, delete user operation monitoring program, then
User's operation information in deletion system, by the state before system reducing to user operation, now, in information insulating space
Temporary file and sensitive document will retain.
(13) storage device is disconnected with system.
(14) closed system is closed.
Wherein, step (9) to step (11) can be run repeatedly with repetitive cycling, and step (7), (8), (9) i.e. can be same
Shi Yunhang, it is also possible to interleaved operation, such as, carry out the situation of the access of sensitive document, step after user initiates communication connection
(9), after running, step (8) brings into operation, then operating procedure (10).In like manner, transmission is started when user initiates communication connection
During sensitive document, step (8) the operation time be step (10) after, before step (11).
The foregoing is only presently preferred embodiments of the present invention, not in order to limit the present invention, all essences in the present invention
Any amendment, equivalent or the improvement etc. made within god and principle, should be included within the scope of the present invention.
Claims (10)
1. the guard method of a user's operation information, it is characterised in that: comprise the steps:
S1: in user needs the system of operation, set up information insulating space, and allow the checking of user's input information insulating space
Information;
S2: during user operation, is monitored system, if be detected that information stealth program, then the information that ejects is stolen
The warning taken;
S3: during user operation, is monitored communication service, if be detected that there is the third party of None-identified to access
Communication service, then eject the unsafe warning of communication line;
S4: the temporary file produced during user operation is preserved to information insulating space, and by user operation in system
Required sensitive document also moves to information insulating space;
S5: after user completes operation, the user's operation information in deletion system, before system reducing to user operation
State.
The guard method of a kind of user's operation information the most as claimed in claim 1, it is characterised in that: the tool of described step S2
Body step is as follows:
Whether S21: scanning system, have system to operate monitoring program, if be detected that have, then proceed to step S23 in confirmation system;
If it is not, proceed to step S22;
S22: installation system operation monitoring program, proceeds to step S23;
S23: start system operation monitoring program, redirects the logging modle of the current state information of system at information isolation sky
Between;
S24: system is carried out security sweep, and proceeds to step S25;
S25: during user operation, the program run in monitoring system in real time, it is confirmed whether there is the letter being currently running
Breath snooper, if be detected that there is information stealth program to be currently running, then proceeds to step S26;If it is not, keep monitoring
State, until user completes operation, proceeds to step S27;
S26: eject information stealth warning and have termination measure, end measure and ignore measure choice box, and according to
The selection at family or terminate all operation programs, proceeds to step S27;The process of the information stealth program that detection of end goes out,
And by the information record of information stealth program at information insulating space, then after waiting 1s~3s, proceed to step S25;?
Directly after waiting 5s~20s, proceed to step S25;
S27: after user completes operation, shut-down system operation monitoring program, and deletion system operation monitoring program.
The guard method of a kind of user's operation information the most as claimed in claim 2, it is characterised in that: described step S24
Specifically comprise the following steps that
Whether S241: scanning system, have security scanning program in confirmation system, if it has, then proceed to step S243;If not yet
Have, then proceed to step S242;
S242: install security scanning program, proceed to step S243;
S243: start security scanning program, system is carried out security sweep, is confirmed whether there is information stealth program, and by safety
The logging modle of the Log Directory of scanning imaging system redirects at information insulating space;
S244: system is carried out security sweep, if be detected that there is information stealth program, then proceeds to step S245;If it did not,
Then closed safe scanning imaging system, and delete security scanning program, proceed to step S25;
S245: the process of ending message snooper at once, by the information record of information stealth program at information insulating space.
The guard method of a kind of user's operation information the most as claimed in claim 2 or claim 3, it is characterised in that: described step S3
Specifically comprise the following steps that
S31: when user initiates a communication connection, suspend this communication connection, scanning system, whether have in confirmation system
The traffic operation monitoring program run, if be detected that have, then proceeds to step S35;If it is not, proceed to step S32;
Whether S32: scanning system, have traffic operation to monitor program, if be detected that have, then proceed to step S34 in confirmation system;
If it is not, proceed to step S33;
S33: install traffic operation monitoring program, proceed to step S34;
S34: start mounted traffic operation monitoring program, proceed to step S35;
S35: continue the communication connection interrupted, the connection occurred in monitoring communication service, is confirmed whether that having third party to access this leads to
Letter connects, if be detected that there is the third party of None-identified, then proceeds to step S36;If it is not, holding monitoring state, directly
Complete communication to user, proceed to step S37;
S36: suspend communication connection, ejects the dangerous warning of communication line and has termination measure and ignore the selection of measure
Frame, and according to the selection of user or terminate all of communication connection at once, communication close serve port, and by third-party company
Connect information record at information insulating space, then after waiting 1s~3s, reopen communication service port, proceed to step
S31;Step S35 is proceeded to after waiting 5s~20s;
S37: after user completes communication, communication close operation monitoring program, and after user completes operation, deleting communication
Operation monitoring program.
The guard method of a kind of user's operation information the most as claimed in claim 4, it is characterised in that: in described step S2
System operation monitoring program and described step S3 in traffic operation monitoring program all use user operation to monitor program, institute
The user operation monitoring program stated includes relatively independent system operation monitoring modular and traffic operation monitoring modular;
System operation monitoring program in described step S21, S22 is user operation monitoring program, described step S32,
Traffic operation monitoring program in S33 is user operation monitoring program;
Described step S23 is for starting user operation monitoring program, and starts system operation monitoring modular, by the current shape of system
The logging modle of state information redirects at information insulating space;
After described step S27 is for completing operation user, shut-down system operation monitoring modular, and delete user operation monitoring
Program;
Described step S31 is when user initiates a communication connection, suspends this communication connection, and scanning system confirms system
In whether have the traffic operation monitoring modular being currently running, if be detected that have, then proceed to step S35;If it is not, proceed to
Step S32;
Described step S34 is for starting mounted user operation monitoring program, and starts traffic operation monitoring modular, proceeds to step
Rapid S35;
After described step S37 is for completing communication user, communication close operation monitoring modular.
The guard method of a kind of user's operation information the most as claimed in claim 5, it is characterised in that: described information isolation sky
Between be portable storage device, storage is all located at by the installation file of described user operation monitoring program and security scanning program
In equipment, described step S1 is that the system that storage device needs operation with user is connected, and ejects the input of checking information
Interface.
The guard method of a kind of user's operation information the most as claimed in claim 1, it is characterised in that: in described step S4
The sensitive document sensitive document reading, revise, search, delete and create when including user operation, wherein, during user operation
The sensitive document unloading copy after user operation read, revised and create, to information insulating space, is looked into during user operation
The sensitive document looked for preserves to information insulating space with the form of file directory after user operation, deletes during user operation
Before sensitive document user operation again, unloading copy is to information insulating space.
8. the guard method of a kind of user's operation information as described in claim 1 or 7, it is characterised in that: described information every
Include encrypting exchange area and common exchange area from space, described encryption exchange area uses disk encryption to be encrypted, institute
The sensitive document stated moves to encryption exchange area and uses rivest, shamir, adelman to be encrypted sensitive document, described
System can only be by the decryption program specified by user by the sensitive document that routine access controls to limit in encryption exchange area
Operation.
The guard method of a kind of user's operation information the most as claimed in claim 1, it is characterised in that: in described step S5
In, user's operation information includes that the log-on message of system, the record information that accesses of program, program are installed or run or the day of operation
Will information, sensitive document replicate amendment or delete or create record information and the access record information of communication service.
The guard method of a kind of user's operation information the most as claimed in claim 9, it is characterised in that: in described step S5
In, respectively by program log information, system registry information, system log message and communication connection information are carried out feature
Analyze the record information that program accessed record information, the log information of program, the logon information of system and sensitive document with
And the access record information of communication service positions and deletes.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610462542.XA CN106127073B (en) | 2016-06-21 | 2016-06-21 | User operation information protection method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610462542.XA CN106127073B (en) | 2016-06-21 | 2016-06-21 | User operation information protection method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106127073A true CN106127073A (en) | 2016-11-16 |
CN106127073B CN106127073B (en) | 2023-05-05 |
Family
ID=57269065
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610462542.XA Active CN106127073B (en) | 2016-06-21 | 2016-06-21 | User operation information protection method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106127073B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114138455A (en) * | 2021-10-22 | 2022-03-04 | 苏州浪潮智能科技有限公司 | Memory residual information clearing method, device, terminal and storage medium |
CN114329437A (en) * | 2022-03-14 | 2022-04-12 | 北京指掌易科技有限公司 | Data processing method, device, equipment and storage medium |
Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101453327A (en) * | 2007-11-29 | 2009-06-10 | 北京鼎信高科信息技术有限公司 | Information leakage prevention system |
CN101572660A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Comprehensive control method for preventing leakage of data |
US20090292919A1 (en) * | 2008-05-23 | 2009-11-26 | Microsoft Corporation | Secure execution environment on external device |
CN101827101A (en) * | 2010-04-20 | 2010-09-08 | 中国人民解放军理工大学指挥自动化学院 | Information asset protection method based on credible isolated operating environment |
CN102004886A (en) * | 2010-11-15 | 2011-04-06 | 上海安纵信息科技有限公司 | Data anti-leakage method based on operating system virtualization principle |
CN102508792A (en) * | 2011-09-30 | 2012-06-20 | 广州尚恩科技有限公司 | Method for realizing secure access of data in hard disk |
CN103442061A (en) * | 2013-08-28 | 2013-12-11 | 百度在线网络技术(北京)有限公司 | Method and system for encrypting cloud server files and cloud server |
CN103647784A (en) * | 2013-12-20 | 2014-03-19 | 北京奇虎科技有限公司 | Public and private isolation method and device |
CN103793647A (en) * | 2012-10-29 | 2014-05-14 | 腾讯科技(深圳)有限公司 | System and method for processing virus files |
CN104598787A (en) * | 2015-01-23 | 2015-05-06 | 浙江远望软件有限公司 | File storage and editing method for artificially authorizing and providing trusted operation environment |
CN104598838A (en) * | 2015-01-23 | 2015-05-06 | 浙江远望软件有限公司 | File storage and editing method for random check and providing of trusted operating environments |
CN105205370A (en) * | 2015-08-24 | 2015-12-30 | 北京恒信安科技有限公司 | Safety protection method for mobile terminal, mobile terminal, safety system and application method |
-
2016
- 2016-06-21 CN CN201610462542.XA patent/CN106127073B/en active Active
Patent Citations (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101453327A (en) * | 2007-11-29 | 2009-06-10 | 北京鼎信高科信息技术有限公司 | Information leakage prevention system |
CN101572660A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Comprehensive control method for preventing leakage of data |
US20090292919A1 (en) * | 2008-05-23 | 2009-11-26 | Microsoft Corporation | Secure execution environment on external device |
CN101827101A (en) * | 2010-04-20 | 2010-09-08 | 中国人民解放军理工大学指挥自动化学院 | Information asset protection method based on credible isolated operating environment |
CN102004886A (en) * | 2010-11-15 | 2011-04-06 | 上海安纵信息科技有限公司 | Data anti-leakage method based on operating system virtualization principle |
CN102508792A (en) * | 2011-09-30 | 2012-06-20 | 广州尚恩科技有限公司 | Method for realizing secure access of data in hard disk |
CN103793647A (en) * | 2012-10-29 | 2014-05-14 | 腾讯科技(深圳)有限公司 | System and method for processing virus files |
CN103442061A (en) * | 2013-08-28 | 2013-12-11 | 百度在线网络技术(北京)有限公司 | Method and system for encrypting cloud server files and cloud server |
CN103647784A (en) * | 2013-12-20 | 2014-03-19 | 北京奇虎科技有限公司 | Public and private isolation method and device |
CN104598787A (en) * | 2015-01-23 | 2015-05-06 | 浙江远望软件有限公司 | File storage and editing method for artificially authorizing and providing trusted operation environment |
CN104598838A (en) * | 2015-01-23 | 2015-05-06 | 浙江远望软件有限公司 | File storage and editing method for random check and providing of trusted operating environments |
CN105205370A (en) * | 2015-08-24 | 2015-12-30 | 北京恒信安科技有限公司 | Safety protection method for mobile terminal, mobile terminal, safety system and application method |
Non-Patent Citations (1)
Title |
---|
张兴: "无干扰可信模型及可信平台体系结构实现研究" * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114138455A (en) * | 2021-10-22 | 2022-03-04 | 苏州浪潮智能科技有限公司 | Memory residual information clearing method, device, terminal and storage medium |
CN114138455B (en) * | 2021-10-22 | 2023-11-14 | 苏州浪潮智能科技有限公司 | Memory residual information clearing method, device, terminal and storage medium |
CN114329437A (en) * | 2022-03-14 | 2022-04-12 | 北京指掌易科技有限公司 | Data processing method, device, equipment and storage medium |
CN114329437B (en) * | 2022-03-14 | 2022-06-14 | 北京指掌易科技有限公司 | Data processing method, device, equipment and storage medium |
Also Published As
Publication number | Publication date |
---|---|
CN106127073B (en) | 2023-05-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN106302449B (en) | A kind of storage of ciphertext and the open cloud service method of searching ciphertext and system | |
CN105027498B (en) | A kind of method and its system and device by remotely separating and assembling data file realization secure storage | |
CN103020531B (en) | Method and system for trusted control of operating environment of Android intelligent terminal | |
CN104036202B (en) | A kind of method and apparatus for isolating enterprise's application | |
CN103390026A (en) | Mobile intelligent terminal security browser and working method thereof | |
CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
CN102065104A (en) | Method, device and system for accessing off-site document | |
US9608973B2 (en) | Security management system including multiple relay servers and security management method | |
CN103619014B (en) | The method and system for preventing application data from revealing | |
CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
CN111277539A (en) | Server Lesox virus protection system and method | |
CN109766711A (en) | A kind of method of safety management database | |
CN106127073A (en) | A kind of guard method of user's operation information | |
CN111970232A (en) | Safe access system of intelligent service robot of electric power business hall | |
CN108399341B (en) | Windows dual file management and control system based on mobile terminal | |
CN102970276A (en) | Method for achieving safe operation of power special mobile terminal on basis of isolation technique | |
CN104955043B (en) | A kind of intelligent terminal security protection system | |
CN103916404A (en) | Data management method and system | |
CN110457948A (en) | A kind of dynamic data means of defence and system based on store instruction randomization | |
Clayton | Exclusive: Cyberattack leaves natural gas pipelines vulnerable to sabotage | |
CN201805447U (en) | Electronic information management platform system of Intranet | |
CN104866761B (en) | A kind of high security Android intelligent terminal | |
CN105828323A (en) | Privacy protection method and system for common database of Android mobile phone | |
CN112000953A (en) | Big data terminal safety protection system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
TA01 | Transfer of patent application right | ||
TA01 | Transfer of patent application right |
Effective date of registration: 20230420 Address after: Room B309, 572 Xincheng Road, Changhe street, Binjiang District, Hangzhou, Zhejiang 310000 Applicant after: ZHEJIANG JIYAN INFORMATION TECHNOLOGY CO.,LTD. Address before: 312500, No. 211, West Avenue, Qixing street, Xinchang County, Shaoxing City, Zhejiang Province Applicant before: XINCHANG COUNTY QIXING STREET MINGSHENG MOLD FACTORY |
|
GR01 | Patent grant | ||
GR01 | Patent grant |