CN107196932A - Managing and control system in a kind of document sets based on virtualization - Google Patents
Managing and control system in a kind of document sets based on virtualization Download PDFInfo
- Publication number
- CN107196932A CN107196932A CN201710351556.9A CN201710351556A CN107196932A CN 107196932 A CN107196932 A CN 107196932A CN 201710351556 A CN201710351556 A CN 201710351556A CN 107196932 A CN107196932 A CN 107196932A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- client
- virtualization
- server end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0876—Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/131—Protocols for games, networked simulations or virtual reality
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Abstract
The invention discloses managing and control system in a kind of document sets based on virtualization, wherein, including:Data storage area, server end and client, server end include:Virtual opetrating system and security management and control server software;Data storage area is used for the file for storing user;Server end is used for the file for the user that management and control data storage area is stored;Security management and control server software is used to carry out authentication to the user of client, and authentication, by rear, sets up the secure transmission tunnel of client and server again, server end, virtual desktop after the data processing of data storage area, is transferred in client, is checked for user.Managing and control system in document sets of the invention based on virtualization, on the basis of office efficiency is not influenceed, greatly enhances the security of confidential data.
Description
Technical field
The invention belongs to technical field of network security, particularly a kind of access control system based on virtualization.
Background technology
With the raising of the penetration of information technology, army, party and government or institutional settings have all been set up interior
Portion's network, network is set up, Information System configuration brings many facilities, such as resource-sharing, office to these units
Automation and convenient information ` transmission etc., drastically increase operating efficiency.
But the popularization used with personal terminal, generation, editor, storage, the circulation of data lack effective supervision, led
During the malicious attacks such as cause classified information is illegally listened, unauthorized access, bootlegging, terminal user can not be found in time, be adopted
Effective counter-measure is taken, causes serious accident occur.How these significant data resources, and energy can effectively be managed
On the basis of user's use habit is not changed, user efficiently, is easily completed routine work and tut-tuted as network security and wait to solve
A significant problem certainly.
Currently for the office automation system, it there is problems:
With the continuous expansion of network size, the storage of data resource more disperses, and scattered node adds attacker
Target, each terminal data resource processing, storage and exchange process in be highly susceptible to outside or inside personnel invasion and
Destruction;
File lacks the access control measure of fine granularity, overall process during storage, access, circulation, lacks to data
The means of the unified management of resource security attribute, rational delegation of power and dynamic supervision are not enough;
Although the technologies such as access control, host monitor can lift the security protection energy of each terminal in the office automation system
Power, but facing to the network attack means emerged in an endless stream, multifarious usage scenario and not exclusively controlled terminal user when,
Rogue program, network attack, management link leak, the intentional or unintentional faulty operation of user can all cause the loss of data, let out
Leak or be tampered.
The content of the invention
It is above-mentioned for solving it is an object of the invention to provide managing and control system in a kind of document sets based on virtualization technology
Problem of the prior art.
Managing and control system in a kind of document sets based on virtualization of the present invention, wherein, including:Data storage area, server end
And client, server end includes:Virtual opetrating system and security management and control server software;Data storage area is used to store
The file of user;Server end is used for the file for the user that management and control data storage area is stored;Security management and control server software is used for
Authentication is carried out to the user of client, and authentication, by rear, sets up the safe transmission of client and server again
Passage, server end, the virtual desktop after the data processing of data storage area is transferred in client, checked for user.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, security management and control service
Device software includes:Authentication module is used to by way of two-way authentication carry out effective identity mirror to client and server end
Not;Remote transmission module, the secure transmission tunnel for providing the user encryption;Access control module, for determining that user is led to
The data area that virtual opetrating system is able to access that is crossed, the instruction of reading document and store document to user carries out parsing and tested
Card;Safety management module, for user management, policy permissions configuration and the storage of identification authentication data, and carrying out daily record pipe
Reason and audit;I/O processing modules, the driving stage file encryption-decryption service for providing the user transparence, and monitor in real time empty
Intend operating system I/O Processing Interfaces, by interface operation and daily record, be sent to safety management module.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, security management and control service
The identification authentication mode that device software is used is:The mode that USBKey, user name, PIN code and CA digital certificates are combined.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, secure transmission tunnel
Data transfer including both direction, the data transfer of first direction client to server end, transmission is keyboard and mouse
Target logical operation;Second direction is data transfer of the server end to client, and transmission is in the display of virtual desktop
Hold, the display content of server end timing acquiring virtual desktop, and by display content in the way of Image Coding, be transferred to client
End, then by image decoding, display is on the client.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, authentication and peace
After the completion of full transmission channel is set up, client can use the private key in USBKey to count ID and user in data storage area
A signature value is generated according to the physical logic drive of storage, signature value is sent to by server end by secure transmission tunnel, this
Individual signature value is attached in the instruction of follow-up all access data storage areas, and access control module receives upper layer application and is transmitted through what is come
Whether user's id information in data access instruction, checking signature value and data access instruction is identical, if identical, just visits data
Ask that instruction is transferred to data storage area, data storage area is believed according to the IP address in instruction, drive number and file storage address
Breath finds data, and ciphertext data are returned into virtual opetrating system.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, data access instruction
Structure includes:Logical DOS drives, file in ID, instruction type, instruction, operating system IP address, the stove of data storage area
Location and signature value.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, I/O processing modules are led to
The transparent encryption and decryption for level of overdriving unites the ciphertext data deciphering received, the algorithm and key the whole network of the encryption and decryption of ciphertext data
One, I/O processing module are by the data display after decryption on virtual desktop, and virtual opetrating system passes virtual desktop by safety
Defeated passage is pushed to client.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, I/O processing modules
In data handling procedure, I/O processing modules record data read-write operation, are sent to safety management module, safety management module
Daily record is generated according to important operation and stored.
Managing and control system in document sets of the invention based on virtualization, can be by the mouse of foreground user by thin-client
It is mapped in real time on the virtual machine of backstage with keyboard operation, and returning the operating result real-time mirror image on virtual machine
Thin-client is returned, during operating herein, can realize that all True Datas are stored in background server, stream compression
Only circulated between each Virtual User in background server, user is real-time on the important operation of other data such as document
Record realizes that user's telecommuting, safe access control, data are centrally stored, document circulation in backstage Log Administration System
The functions such as audit, on the basis of office efficiency is not influenceed, greatly enhance the security of confidential data.
Brief description of the drawings
Fig. 1 show the module map of managing and control system in a kind of document sets based on virtualization of the present invention;
Fig. 2 show the module map of security management and control server software;
Fig. 3 show the schematic diagram of another embodiment of managing and control system in the document sets of the invention based on virtualization;
Fig. 4 show data access instruction structure chart.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's
Embodiment is described in further detail.
Fig. 1 show the module map of managing and control system in a kind of document sets based on virtualization of the present invention, as shown in figure 1, base
The module of managing and control system includes in the document sets of virtualization:Data storage area 10, server end 20 and thin-client 30.Clothes
Business device end 20 includes:Virtual opetrating system 21 and security management and control server software 22.
As shown in figure 1, file is by the centralized management of server end 20, being stored on back-end data memory block 10 for file is counted
Made a distinction according to by user and type, partitioned storage after encryption.When user needs office, the bursting tube on thin-client 10 is logged in
The client of agent software is controlled, is completed with security management and control server software 22 after authentication, sets up secure transmission tunnel, thin visitor
Family end 1 is real-time transmitted to client in virtual opetrating system 21 on the logical operation of mouse and keyboard, virtual opetrating system 21
Virtual desktop after data processing is transferred to 1 on thin-client in real time, for user's real time inspection.
Fig. 2 show the module map of security management and control server software, as shown in Figure 1 and Figure 2, and security management and control server is soft
Part is made up of 6 subsystems, including:Authentication module 221, remote transmission module 222, access control module 223, at I/O
Manage module 224 and safety management module 225.Thin-client 30 is referred to as client 30.Authentication module 221 can pass through
The mode of two-way authentication carries out effective identity discriminating to client and server end, it is ensured that user terminal and server end identity it is true
Reality and legitimacy;Remote transmission module 222 can be user security, reliable encrypted transmission passage, ensure that Thin clients
The uplink and downlink data safety transmitted between end and background server.Access control module 223 is primarily to determine user
The data area being able to access that by virtual opetrating system, the instruction of reading document and store document to user carries out parsing and tested
Card.And the access of other users can be limited.I/O processing modules 224 mainly provide the user the driving stage file of transparence
Encryption and decryption is serviced, and monitor operating system I/O Processing Interfaces in real time, and important interface operation and access log are sent
To safety management module.Safety management module 225 is mainly realized to user management, policy permissions configuration and identification authentication data
Store, the function such as audit log management, system setting.
Fig. 3 show the schematic diagram of another embodiment of managing and control system in the document sets of the invention based on virtualization, such as Fig. 1
And shown in Fig. 3, the workflow of managing and control system includes in the document sets based on virtualization of the present embodiment:
Step 1:Start client 30, user passes through USBKEY and user name password login security management and control server software
22, server end 20 completes bidirectional identity authentication by authentication module 221 and user.
The identification authentication mode that security management and control server software 22 is used is:USBKey+ user names+PIN code+CA numeral cards
The mode of book.Authentication procedures need safety management module to assist, and extract the identification authentication data for being stored in server end.
Have been widely used, and therefore, adopted as information-based basic condition in view of current CA digital certificate systems
Recognizing for identity is completed with the bottom storehouse of the authenticating device, Authentication Client and certificate server that provide CA identity authorization systems
Card.Meanwhile, the public/private key pair information in user certificate and data protection are combined, man-in-the-middle attack can be resisted.
Step 2:Authentication is by rear, and remote transmission module 222 and the client 30 of server end 20 set up safe number
According to transmission channel, safety data transmission passage can use VPN or encryption software to realize that concrete scheme is not required.Safety
Data transmission channel mainly includes the data transfer of both direction, and the data of first direction client 30 to server end 20 are passed
Defeated, prevailing transmission is the logical operation of keyboard and mouse, for example, open document, editor's operation such as document, client 30 it is soft
User is sent to server end 20 by part about the logical operation of mouse and keyboard in real time;Second direction is server end
20 arrive the data transfer of client 30, prevailing transmission be virtual desktop display content, the timing acquiring of server end 20 is virtual
The display content of desktop, and by display content in the way of Image Coding, client 30 is transferred to, then by image decoding, show
Show on thin-client.Image Coding mode is not required herein.In addition, server end 20 can also deposit user in data
The physical logic drive of data storage is sent to client 30 in storage area, for subsequently using.
Step 3:After the completion of authentication and remote channel are set up, client 30 can use the private key pair in USBKey first
ID and the user other information such as physical logic drive of data storage in data storage area generate a signature value, pass through
Signature value is sent to server end 20 by remote data transmission passage, and this signature value needs is attached to follow-up all access data
In the instruction of memory block, access control module 223 receives the data access instruction that upper layer application is transmitted through coming, and signature can be verified first
Whether the information such as the ID in value and data access instruction are identical, if identical, data access instruction just is transferred into data and deposited
Storage area 10, data storage area 10 is according to the IP address in instruction, drive number, the information searching data such as file storage address, and will
Ciphertext data return to virtual opetrating system 21.By data access instruction, access control module 223 can filter out illegal use
The data access instruction that family is forged, it is ensured that the Lawful access of data storage area.
Fig. 4 show data access instruction structure chart, as shown in figure 4, data access instruction structure includes:ID, refer to
Make logical DOS drives, file address and signature value in type, instruction, operating system IP address, the stove of data storage area.
Step 4:I/O processing modules 224 are by the transparent encryption and decryption of driving stage by the ciphertext data deciphering received, the data
The AES and key the whole network of encryption and decryption are unified, key data periodic replacement, and I/O processing modules 224 are by the data after decryption
It is transmitted to upper layer application, after the completion of upper layer application processing, result is included on virtual desktop, virtual opetrating system 21 is by void
Intend desktop and client is pushed to by telesecurity transmission channel.When be related to two users need transmission data when, for example, work as
User 2 need to user 4 transmit a document when, the virtual opetrating system of user 2 can from data storage area user 2 independence
Data storage area extracts the ciphertext data that will be sent, and data reach after network interface card 25, will not be transferred to I/O processing modules 224 and solve
It is close, the data are directly transmitted to the virtual opetrating system 21 of user 4 by network interface card 25, the virtual opetrating system 21 of user 4 again will
The ciphertext stores the independent data memory block of the user 4 into data storage area 10, and during the stream compression, data exist always
Circulated in server end 20 and data storage area 10, client will not be sent to.
In the data handling procedure of this step 4, I/O processing modules 224 can record the important operations such as reading and writing data, and
Safety management module 225 is sent to, safety management module 225 generates daily record according to these important operations to document and stored.
Managing and control system in document sets of the invention based on virtualization, can be by the mouse of foreground user by thin-client
It is mapped in real time on the virtual machine of backstage with keyboard operation, and returning the operating result real-time mirror image on virtual machine
Thin-client is returned, during operating herein, can realize that all True Datas are stored in background server, stream compression
Only circulated between each Virtual User in background server, user is real-time on the important operation of other data such as document
Record realizes that user's telecommuting, safe access control, data are centrally stored, document circulation in backstage Log Administration System
The functions such as audit, on the basis of office efficiency is not influenceed, greatly enhance the security of confidential data.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these improve and deformed
Also it should be regarded as protection scope of the present invention.
Claims (8)
1. managing and control system in a kind of document sets based on virtualization, it is characterised in that including:
Data storage area, server end and client, server end include:Virtual opetrating system and security management and control server
Software;
Data storage area is used for the file for storing user;Server end is used for the file for the user that management and control data storage area is stored;
Security management and control server software is used to carry out authentication to the user of client, and authentication, by rear, sets up client again
End and the secure transmission tunnel of server end, server end, the virtual desktop after the data processing of data storage area are transferred to visitor
On the end of family, checked for user.
2. managing and control system in the document sets as claimed in claim 1 based on virtualization, it is characterised in that security management and control server
Software includes:
Authentication module is used to by way of two-way authentication carry out effective identity discriminating to client and server end;
Remote transmission module, the secure transmission tunnel for providing the user encryption;
Access control module, for determining the data area that user is able to access that by virtual opetrating system, the reading to user
The instruction of document and store document carries out parsing checking;
Safety management module, for user management, policy permissions configuration and the storage of identification authentication data, and carrying out daily record pipe
Reason and audit;
I/O processing modules, for providing the user the driving stage file encryption-decryption service of transparence, and monitor pseudo operation in real time
System I/O Processing Interfaces, by interface operation and daily record, are sent to safety management module.
3. managing and control system in the document sets as claimed in claim 1 based on virtualization, it is characterised in that security management and control server
The identification authentication mode that software is used is:The mode that USBKey, user name, PIN code and CA digital certificates are combined.
4. managing and control system in the document sets as claimed in claim 1 based on virtualization, it is characterised in that secure transmission tunnel bag
Include the data transfer of both direction, the data transfer of first direction client to server end, transmission is keyboard and mouse
Logical operation;Second direction is data transfer of the server end to client, transmission be virtual desktop display content,
The display content of server end timing acquiring virtual desktop, and by display content in the way of Image Coding, client is transferred to,
Again by image decoding, display is on the client.
5. managing and control system in the document sets as claimed in claim 2 based on virtualization, it is characterised in that authentication and safety
Transmission channel set up after the completion of, client can use the private key in USBKey to ID and user the data in data storage area
The physical logic drive of storage generates a signature value, and signature value is sent into server end by secure transmission tunnel, this
Signature value is attached in the instruction of follow-up all access data storage areas, and access control module receives the number that upper layer application is transmitted through coming
According to access instruction, verify whether user's id information on signature value and data access instruction is identical, if identical, just by data access
Instruction is transferred to data storage area, and data storage area is according to the IP address in instruction, drive number and file storage address information
Data are found, and ciphertext data are returned into virtual opetrating system.
6. managing and control system in the document sets as claimed in claim 5 based on virtualization, it is characterised in that data access instruction knot
Structure includes:Logical DOS drives, file address in ID, instruction type, instruction, operating system IP address, the stove of data storage area
And signature value.
7. managing and control system in the document sets as claimed in claim 5 based on virtualization, it is characterised in that I/O processing modules are led to
The transparent encryption and decryption for level of overdriving unites the ciphertext data deciphering received, the algorithm and key the whole network of the encryption and decryption of ciphertext data
One, I/O processing module are by the data display after decryption on virtual desktop, and virtual opetrating system passes virtual desktop by safety
Defeated passage is pushed to client.
8. managing and control system in the document sets as claimed in claim 7 based on virtualization, it is characterised in that I/O processing modules
In data handling procedure, I/O processing modules record data read-write operation, are sent to safety management module, safety management module
Daily record is generated according to important operation and stored.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710351556.9A CN107196932A (en) | 2017-05-18 | 2017-05-18 | Managing and control system in a kind of document sets based on virtualization |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710351556.9A CN107196932A (en) | 2017-05-18 | 2017-05-18 | Managing and control system in a kind of document sets based on virtualization |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107196932A true CN107196932A (en) | 2017-09-22 |
Family
ID=59875213
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710351556.9A Pending CN107196932A (en) | 2017-05-18 | 2017-05-18 | Managing and control system in a kind of document sets based on virtualization |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107196932A (en) |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107749837A (en) * | 2017-09-26 | 2018-03-02 | 甘肃万维信息技术有限责任公司 | A kind of E-Government Resource Security guard system and its method |
CN108076064A (en) * | 2017-12-25 | 2018-05-25 | 北京航空航天大学 | A kind of virtualization desktop file leakage prevention method based on secret mark |
CN108614711A (en) * | 2018-04-20 | 2018-10-02 | 北京握奇智能科技有限公司 | TA mirrored storages method, apparatus and terminal |
WO2019077452A1 (en) * | 2017-10-19 | 2019-04-25 | International Business Machines Corporation | Secure access management for tools within a secure environment |
CN110602118A (en) * | 2019-09-20 | 2019-12-20 | 南京信同诚信息技术有限公司 | Virtualization data remote encryption security system and method |
CN111291429A (en) * | 2020-01-21 | 2020-06-16 | 李岗 | Data protection method and system |
CN111506321A (en) * | 2020-01-21 | 2020-08-07 | 李岗 | Method and system for loading software running environment |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101729550A (en) * | 2009-11-09 | 2010-06-09 | 西北大学 | Digital content safeguard system based on transparent encryption and decryption method thereof |
CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
CN103442117A (en) * | 2013-08-26 | 2013-12-11 | 厦门亿联网络技术股份有限公司 | Method for VOIPs to achieve phone function at thin client terminal |
WO2017030607A1 (en) * | 2015-08-17 | 2017-02-23 | Five9, Inc. | Systems and methods for establishing a control channel between a virtualization server and a client device |
-
2017
- 2017-05-18 CN CN201710351556.9A patent/CN107196932A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101729550A (en) * | 2009-11-09 | 2010-06-09 | 西北大学 | Digital content safeguard system based on transparent encryption and decryption method thereof |
CN103441986A (en) * | 2013-07-29 | 2013-12-11 | 中国航天科工集团第二研究院七〇六所 | Data resource security control method in thin client mode |
CN103442117A (en) * | 2013-08-26 | 2013-12-11 | 厦门亿联网络技术股份有限公司 | Method for VOIPs to achieve phone function at thin client terminal |
WO2017030607A1 (en) * | 2015-08-17 | 2017-02-23 | Five9, Inc. | Systems and methods for establishing a control channel between a virtualization server and a client device |
Cited By (14)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107749837A (en) * | 2017-09-26 | 2018-03-02 | 甘肃万维信息技术有限责任公司 | A kind of E-Government Resource Security guard system and its method |
US10924486B2 (en) | 2017-10-19 | 2021-02-16 | International Business Machines Corporation | Secure access management for tools within a secure environment |
WO2019077452A1 (en) * | 2017-10-19 | 2019-04-25 | International Business Machines Corporation | Secure access management for tools within a secure environment |
GB2581721A (en) * | 2017-10-19 | 2020-08-26 | Ibm | Secure access management for tools within a secure environment |
US10834081B2 (en) | 2017-10-19 | 2020-11-10 | International Business Machines Corporation | Secure access management for tools within a secure environment |
GB2581721B (en) * | 2017-10-19 | 2022-05-11 | Ibm | Secure access management for tools within a secure environment |
DE112018004390B4 (en) | 2017-10-19 | 2022-12-08 | International Business Machines Corporation | SECURE ACCESS MANAGEMENT FOR TOOLS IN A SECURE ENVIRONMENT |
US11799861B2 (en) | 2017-10-19 | 2023-10-24 | International Business Machines Corporation | Secure access management for tools within a secure environment |
CN108076064A (en) * | 2017-12-25 | 2018-05-25 | 北京航空航天大学 | A kind of virtualization desktop file leakage prevention method based on secret mark |
CN108614711A (en) * | 2018-04-20 | 2018-10-02 | 北京握奇智能科技有限公司 | TA mirrored storages method, apparatus and terminal |
CN110602118A (en) * | 2019-09-20 | 2019-12-20 | 南京信同诚信息技术有限公司 | Virtualization data remote encryption security system and method |
CN110602118B (en) * | 2019-09-20 | 2022-04-22 | 南京信易达计算技术有限公司 | Virtualization data remote encryption security system and method |
CN111291429A (en) * | 2020-01-21 | 2020-06-16 | 李岗 | Data protection method and system |
CN111506321A (en) * | 2020-01-21 | 2020-08-07 | 李岗 | Method and system for loading software running environment |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107196932A (en) | Managing and control system in a kind of document sets based on virtualization | |
CN111147255B (en) | Data security service system, method and computer readable storage medium | |
EP2957063B1 (en) | Policy enforcement with associated data | |
CN109361668A (en) | A kind of data trusted transmission method | |
CN103747036B (en) | Trusted security enhancement method in desktop virtualization environment | |
CN105191207B (en) | Federated key management | |
CN106888084B (en) | Quantum fort machine system and authentication method thereof | |
US9525690B2 (en) | Securely integrating third-party applications with banking systems | |
CN108989346B (en) | Third-party valid identity escrow agile authentication access method based on account hiding | |
CN102624699B (en) | Method and system for protecting data | |
US11372993B2 (en) | Automatic key rotation | |
CN202795383U (en) | Device and system for protecting data | |
CN105282157B (en) | A kind of secure communication control method | |
CN104756127A (en) | Secure data handling by a virtual machine | |
CN113014539B (en) | Internet of things equipment safety protection system and method | |
CN105430000A (en) | Cloud computing security management system | |
CN103310161A (en) | Protection method and system for database system | |
CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
CN102999732A (en) | Multi-stage domain protection method and system based on information security level identifiers | |
US9053343B1 (en) | Token-based debugging of access control policies | |
CN112905965B (en) | Financial big data processing system based on block chain | |
CN101833620A (en) | Custom security JDBC driver-based database protective method | |
CN106533693A (en) | Access method and device of railway vehicle monitoring and maintenance system | |
CN111046405B (en) | Data processing method, device, equipment and storage medium | |
CN114254269B (en) | System and method for determining rights of biological digital assets based on block chain technology |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170922 |
|
RJ01 | Rejection of invention patent application after publication |