CN107196932A - Managing and control system in a kind of document sets based on virtualization - Google Patents

Managing and control system in a kind of document sets based on virtualization Download PDF

Info

Publication number
CN107196932A
CN107196932A CN201710351556.9A CN201710351556A CN107196932A CN 107196932 A CN107196932 A CN 107196932A CN 201710351556 A CN201710351556 A CN 201710351556A CN 107196932 A CN107196932 A CN 107196932A
Authority
CN
China
Prior art keywords
data
user
client
virtualization
server end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710351556.9A
Other languages
Chinese (zh)
Inventor
曾淑娟
姚金利
周益周
郭敏
李红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Institute of Computer Technology and Applications
Original Assignee
Beijing Institute of Computer Technology and Applications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Institute of Computer Technology and Applications filed Critical Beijing Institute of Computer Technology and Applications
Priority to CN201710351556.9A priority Critical patent/CN107196932A/en
Publication of CN107196932A publication Critical patent/CN107196932A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/131Protocols for games, networked simulations or virtual reality
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Abstract

The invention discloses managing and control system in a kind of document sets based on virtualization, wherein, including:Data storage area, server end and client, server end include:Virtual opetrating system and security management and control server software;Data storage area is used for the file for storing user;Server end is used for the file for the user that management and control data storage area is stored;Security management and control server software is used to carry out authentication to the user of client, and authentication, by rear, sets up the secure transmission tunnel of client and server again, server end, virtual desktop after the data processing of data storage area, is transferred in client, is checked for user.Managing and control system in document sets of the invention based on virtualization, on the basis of office efficiency is not influenceed, greatly enhances the security of confidential data.

Description

Managing and control system in a kind of document sets based on virtualization
Technical field
The invention belongs to technical field of network security, particularly a kind of access control system based on virtualization.
Background technology
With the raising of the penetration of information technology, army, party and government or institutional settings have all been set up interior
Portion's network, network is set up, Information System configuration brings many facilities, such as resource-sharing, office to these units Automation and convenient information ` transmission etc., drastically increase operating efficiency.
But the popularization used with personal terminal, generation, editor, storage, the circulation of data lack effective supervision, led During the malicious attacks such as cause classified information is illegally listened, unauthorized access, bootlegging, terminal user can not be found in time, be adopted Effective counter-measure is taken, causes serious accident occur.How these significant data resources, and energy can effectively be managed On the basis of user's use habit is not changed, user efficiently, is easily completed routine work and tut-tuted as network security and wait to solve A significant problem certainly.
Currently for the office automation system, it there is problems:
With the continuous expansion of network size, the storage of data resource more disperses, and scattered node adds attacker Target, each terminal data resource processing, storage and exchange process in be highly susceptible to outside or inside personnel invasion and Destruction;
File lacks the access control measure of fine granularity, overall process during storage, access, circulation, lacks to data The means of the unified management of resource security attribute, rational delegation of power and dynamic supervision are not enough;
Although the technologies such as access control, host monitor can lift the security protection energy of each terminal in the office automation system Power, but facing to the network attack means emerged in an endless stream, multifarious usage scenario and not exclusively controlled terminal user when, Rogue program, network attack, management link leak, the intentional or unintentional faulty operation of user can all cause the loss of data, let out Leak or be tampered.
The content of the invention
It is above-mentioned for solving it is an object of the invention to provide managing and control system in a kind of document sets based on virtualization technology Problem of the prior art.
Managing and control system in a kind of document sets based on virtualization of the present invention, wherein, including:Data storage area, server end And client, server end includes:Virtual opetrating system and security management and control server software;Data storage area is used to store The file of user;Server end is used for the file for the user that management and control data storage area is stored;Security management and control server software is used for Authentication is carried out to the user of client, and authentication, by rear, sets up the safe transmission of client and server again Passage, server end, the virtual desktop after the data processing of data storage area is transferred in client, checked for user.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, security management and control service Device software includes:Authentication module is used to by way of two-way authentication carry out effective identity mirror to client and server end Not;Remote transmission module, the secure transmission tunnel for providing the user encryption;Access control module, for determining that user is led to The data area that virtual opetrating system is able to access that is crossed, the instruction of reading document and store document to user carries out parsing and tested Card;Safety management module, for user management, policy permissions configuration and the storage of identification authentication data, and carrying out daily record pipe Reason and audit;I/O processing modules, the driving stage file encryption-decryption service for providing the user transparence, and monitor in real time empty Intend operating system I/O Processing Interfaces, by interface operation and daily record, be sent to safety management module.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, security management and control service The identification authentication mode that device software is used is:The mode that USBKey, user name, PIN code and CA digital certificates are combined.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, secure transmission tunnel Data transfer including both direction, the data transfer of first direction client to server end, transmission is keyboard and mouse Target logical operation;Second direction is data transfer of the server end to client, and transmission is in the display of virtual desktop Hold, the display content of server end timing acquiring virtual desktop, and by display content in the way of Image Coding, be transferred to client End, then by image decoding, display is on the client.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, authentication and peace After the completion of full transmission channel is set up, client can use the private key in USBKey to count ID and user in data storage area A signature value is generated according to the physical logic drive of storage, signature value is sent to by server end by secure transmission tunnel, this Individual signature value is attached in the instruction of follow-up all access data storage areas, and access control module receives upper layer application and is transmitted through what is come Whether user's id information in data access instruction, checking signature value and data access instruction is identical, if identical, just visits data Ask that instruction is transferred to data storage area, data storage area is believed according to the IP address in instruction, drive number and file storage address Breath finds data, and ciphertext data are returned into virtual opetrating system.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, data access instruction Structure includes:Logical DOS drives, file in ID, instruction type, instruction, operating system IP address, the stove of data storage area Location and signature value.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, I/O processing modules are led to The transparent encryption and decryption for level of overdriving unites the ciphertext data deciphering received, the algorithm and key the whole network of the encryption and decryption of ciphertext data One, I/O processing module are by the data display after decryption on virtual desktop, and virtual opetrating system passes virtual desktop by safety Defeated passage is pushed to client.
According to an embodiment of managing and control system in the document sets based on virtualization of the present invention, wherein, I/O processing modules In data handling procedure, I/O processing modules record data read-write operation, are sent to safety management module, safety management module Daily record is generated according to important operation and stored.
Managing and control system in document sets of the invention based on virtualization, can be by the mouse of foreground user by thin-client It is mapped in real time on the virtual machine of backstage with keyboard operation, and returning the operating result real-time mirror image on virtual machine Thin-client is returned, during operating herein, can realize that all True Datas are stored in background server, stream compression Only circulated between each Virtual User in background server, user is real-time on the important operation of other data such as document Record realizes that user's telecommuting, safe access control, data are centrally stored, document circulation in backstage Log Administration System The functions such as audit, on the basis of office efficiency is not influenceed, greatly enhance the security of confidential data.
Brief description of the drawings
Fig. 1 show the module map of managing and control system in a kind of document sets based on virtualization of the present invention;
Fig. 2 show the module map of security management and control server software;
Fig. 3 show the schematic diagram of another embodiment of managing and control system in the document sets of the invention based on virtualization;
Fig. 4 show data access instruction structure chart.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's Embodiment is described in further detail.
Fig. 1 show the module map of managing and control system in a kind of document sets based on virtualization of the present invention, as shown in figure 1, base The module of managing and control system includes in the document sets of virtualization:Data storage area 10, server end 20 and thin-client 30.Clothes Business device end 20 includes:Virtual opetrating system 21 and security management and control server software 22.
As shown in figure 1, file is by the centralized management of server end 20, being stored on back-end data memory block 10 for file is counted Made a distinction according to by user and type, partitioned storage after encryption.When user needs office, the bursting tube on thin-client 10 is logged in The client of agent software is controlled, is completed with security management and control server software 22 after authentication, sets up secure transmission tunnel, thin visitor Family end 1 is real-time transmitted to client in virtual opetrating system 21 on the logical operation of mouse and keyboard, virtual opetrating system 21 Virtual desktop after data processing is transferred to 1 on thin-client in real time, for user's real time inspection.
Fig. 2 show the module map of security management and control server software, as shown in Figure 1 and Figure 2, and security management and control server is soft Part is made up of 6 subsystems, including:Authentication module 221, remote transmission module 222, access control module 223, at I/O Manage module 224 and safety management module 225.Thin-client 30 is referred to as client 30.Authentication module 221 can pass through The mode of two-way authentication carries out effective identity discriminating to client and server end, it is ensured that user terminal and server end identity it is true Reality and legitimacy;Remote transmission module 222 can be user security, reliable encrypted transmission passage, ensure that Thin clients The uplink and downlink data safety transmitted between end and background server.Access control module 223 is primarily to determine user The data area being able to access that by virtual opetrating system, the instruction of reading document and store document to user carries out parsing and tested Card.And the access of other users can be limited.I/O processing modules 224 mainly provide the user the driving stage file of transparence Encryption and decryption is serviced, and monitor operating system I/O Processing Interfaces in real time, and important interface operation and access log are sent To safety management module.Safety management module 225 is mainly realized to user management, policy permissions configuration and identification authentication data Store, the function such as audit log management, system setting.
Fig. 3 show the schematic diagram of another embodiment of managing and control system in the document sets of the invention based on virtualization, such as Fig. 1 And shown in Fig. 3, the workflow of managing and control system includes in the document sets based on virtualization of the present embodiment:
Step 1:Start client 30, user passes through USBKEY and user name password login security management and control server software 22, server end 20 completes bidirectional identity authentication by authentication module 221 and user.
The identification authentication mode that security management and control server software 22 is used is:USBKey+ user names+PIN code+CA numeral cards The mode of book.Authentication procedures need safety management module to assist, and extract the identification authentication data for being stored in server end.
Have been widely used, and therefore, adopted as information-based basic condition in view of current CA digital certificate systems Recognizing for identity is completed with the bottom storehouse of the authenticating device, Authentication Client and certificate server that provide CA identity authorization systems Card.Meanwhile, the public/private key pair information in user certificate and data protection are combined, man-in-the-middle attack can be resisted.
Step 2:Authentication is by rear, and remote transmission module 222 and the client 30 of server end 20 set up safe number According to transmission channel, safety data transmission passage can use VPN or encryption software to realize that concrete scheme is not required.Safety Data transmission channel mainly includes the data transfer of both direction, and the data of first direction client 30 to server end 20 are passed Defeated, prevailing transmission is the logical operation of keyboard and mouse, for example, open document, editor's operation such as document, client 30 it is soft User is sent to server end 20 by part about the logical operation of mouse and keyboard in real time;Second direction is server end 20 arrive the data transfer of client 30, prevailing transmission be virtual desktop display content, the timing acquiring of server end 20 is virtual The display content of desktop, and by display content in the way of Image Coding, client 30 is transferred to, then by image decoding, show Show on thin-client.Image Coding mode is not required herein.In addition, server end 20 can also deposit user in data The physical logic drive of data storage is sent to client 30 in storage area, for subsequently using.
Step 3:After the completion of authentication and remote channel are set up, client 30 can use the private key pair in USBKey first ID and the user other information such as physical logic drive of data storage in data storage area generate a signature value, pass through Signature value is sent to server end 20 by remote data transmission passage, and this signature value needs is attached to follow-up all access data In the instruction of memory block, access control module 223 receives the data access instruction that upper layer application is transmitted through coming, and signature can be verified first Whether the information such as the ID in value and data access instruction are identical, if identical, data access instruction just is transferred into data and deposited Storage area 10, data storage area 10 is according to the IP address in instruction, drive number, the information searching data such as file storage address, and will Ciphertext data return to virtual opetrating system 21.By data access instruction, access control module 223 can filter out illegal use The data access instruction that family is forged, it is ensured that the Lawful access of data storage area.
Fig. 4 show data access instruction structure chart, as shown in figure 4, data access instruction structure includes:ID, refer to Make logical DOS drives, file address and signature value in type, instruction, operating system IP address, the stove of data storage area.
Step 4:I/O processing modules 224 are by the transparent encryption and decryption of driving stage by the ciphertext data deciphering received, the data The AES and key the whole network of encryption and decryption are unified, key data periodic replacement, and I/O processing modules 224 are by the data after decryption It is transmitted to upper layer application, after the completion of upper layer application processing, result is included on virtual desktop, virtual opetrating system 21 is by void Intend desktop and client is pushed to by telesecurity transmission channel.When be related to two users need transmission data when, for example, work as User 2 need to user 4 transmit a document when, the virtual opetrating system of user 2 can from data storage area user 2 independence Data storage area extracts the ciphertext data that will be sent, and data reach after network interface card 25, will not be transferred to I/O processing modules 224 and solve It is close, the data are directly transmitted to the virtual opetrating system 21 of user 4 by network interface card 25, the virtual opetrating system 21 of user 4 again will The ciphertext stores the independent data memory block of the user 4 into data storage area 10, and during the stream compression, data exist always Circulated in server end 20 and data storage area 10, client will not be sent to.
In the data handling procedure of this step 4, I/O processing modules 224 can record the important operations such as reading and writing data, and Safety management module 225 is sent to, safety management module 225 generates daily record according to these important operations to document and stored.
Managing and control system in document sets of the invention based on virtualization, can be by the mouse of foreground user by thin-client It is mapped in real time on the virtual machine of backstage with keyboard operation, and returning the operating result real-time mirror image on virtual machine Thin-client is returned, during operating herein, can realize that all True Datas are stored in background server, stream compression Only circulated between each Virtual User in background server, user is real-time on the important operation of other data such as document Record realizes that user's telecommuting, safe access control, data are centrally stored, document circulation in backstage Log Administration System The functions such as audit, on the basis of office efficiency is not influenceed, greatly enhance the security of confidential data.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these improve and deformed Also it should be regarded as protection scope of the present invention.

Claims (8)

1. managing and control system in a kind of document sets based on virtualization, it is characterised in that including:
Data storage area, server end and client, server end include:Virtual opetrating system and security management and control server Software;
Data storage area is used for the file for storing user;Server end is used for the file for the user that management and control data storage area is stored; Security management and control server software is used to carry out authentication to the user of client, and authentication, by rear, sets up client again End and the secure transmission tunnel of server end, server end, the virtual desktop after the data processing of data storage area are transferred to visitor On the end of family, checked for user.
2. managing and control system in the document sets as claimed in claim 1 based on virtualization, it is characterised in that security management and control server Software includes:
Authentication module is used to by way of two-way authentication carry out effective identity discriminating to client and server end;
Remote transmission module, the secure transmission tunnel for providing the user encryption;
Access control module, for determining the data area that user is able to access that by virtual opetrating system, the reading to user The instruction of document and store document carries out parsing checking;
Safety management module, for user management, policy permissions configuration and the storage of identification authentication data, and carrying out daily record pipe Reason and audit;
I/O processing modules, for providing the user the driving stage file encryption-decryption service of transparence, and monitor pseudo operation in real time System I/O Processing Interfaces, by interface operation and daily record, are sent to safety management module.
3. managing and control system in the document sets as claimed in claim 1 based on virtualization, it is characterised in that security management and control server The identification authentication mode that software is used is:The mode that USBKey, user name, PIN code and CA digital certificates are combined.
4. managing and control system in the document sets as claimed in claim 1 based on virtualization, it is characterised in that secure transmission tunnel bag Include the data transfer of both direction, the data transfer of first direction client to server end, transmission is keyboard and mouse Logical operation;Second direction is data transfer of the server end to client, transmission be virtual desktop display content, The display content of server end timing acquiring virtual desktop, and by display content in the way of Image Coding, client is transferred to, Again by image decoding, display is on the client.
5. managing and control system in the document sets as claimed in claim 2 based on virtualization, it is characterised in that authentication and safety Transmission channel set up after the completion of, client can use the private key in USBKey to ID and user the data in data storage area The physical logic drive of storage generates a signature value, and signature value is sent into server end by secure transmission tunnel, this Signature value is attached in the instruction of follow-up all access data storage areas, and access control module receives the number that upper layer application is transmitted through coming According to access instruction, verify whether user's id information on signature value and data access instruction is identical, if identical, just by data access Instruction is transferred to data storage area, and data storage area is according to the IP address in instruction, drive number and file storage address information Data are found, and ciphertext data are returned into virtual opetrating system.
6. managing and control system in the document sets as claimed in claim 5 based on virtualization, it is characterised in that data access instruction knot Structure includes:Logical DOS drives, file address in ID, instruction type, instruction, operating system IP address, the stove of data storage area And signature value.
7. managing and control system in the document sets as claimed in claim 5 based on virtualization, it is characterised in that I/O processing modules are led to The transparent encryption and decryption for level of overdriving unites the ciphertext data deciphering received, the algorithm and key the whole network of the encryption and decryption of ciphertext data One, I/O processing module are by the data display after decryption on virtual desktop, and virtual opetrating system passes virtual desktop by safety Defeated passage is pushed to client.
8. managing and control system in the document sets as claimed in claim 7 based on virtualization, it is characterised in that I/O processing modules In data handling procedure, I/O processing modules record data read-write operation, are sent to safety management module, safety management module Daily record is generated according to important operation and stored.
CN201710351556.9A 2017-05-18 2017-05-18 Managing and control system in a kind of document sets based on virtualization Pending CN107196932A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710351556.9A CN107196932A (en) 2017-05-18 2017-05-18 Managing and control system in a kind of document sets based on virtualization

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710351556.9A CN107196932A (en) 2017-05-18 2017-05-18 Managing and control system in a kind of document sets based on virtualization

Publications (1)

Publication Number Publication Date
CN107196932A true CN107196932A (en) 2017-09-22

Family

ID=59875213

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710351556.9A Pending CN107196932A (en) 2017-05-18 2017-05-18 Managing and control system in a kind of document sets based on virtualization

Country Status (1)

Country Link
CN (1) CN107196932A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107749837A (en) * 2017-09-26 2018-03-02 甘肃万维信息技术有限责任公司 A kind of E-Government Resource Security guard system and its method
CN108076064A (en) * 2017-12-25 2018-05-25 北京航空航天大学 A kind of virtualization desktop file leakage prevention method based on secret mark
CN108614711A (en) * 2018-04-20 2018-10-02 北京握奇智能科技有限公司 TA mirrored storages method, apparatus and terminal
WO2019077452A1 (en) * 2017-10-19 2019-04-25 International Business Machines Corporation Secure access management for tools within a secure environment
CN110602118A (en) * 2019-09-20 2019-12-20 南京信同诚信息技术有限公司 Virtualization data remote encryption security system and method
CN111291429A (en) * 2020-01-21 2020-06-16 李岗 Data protection method and system
CN111506321A (en) * 2020-01-21 2020-08-07 李岗 Method and system for loading software running environment

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof
CN103441986A (en) * 2013-07-29 2013-12-11 中国航天科工集团第二研究院七〇六所 Data resource security control method in thin client mode
CN103442117A (en) * 2013-08-26 2013-12-11 厦门亿联网络技术股份有限公司 Method for VOIPs to achieve phone function at thin client terminal
WO2017030607A1 (en) * 2015-08-17 2017-02-23 Five9, Inc. Systems and methods for establishing a control channel between a virtualization server and a client device

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101729550A (en) * 2009-11-09 2010-06-09 西北大学 Digital content safeguard system based on transparent encryption and decryption method thereof
CN103441986A (en) * 2013-07-29 2013-12-11 中国航天科工集团第二研究院七〇六所 Data resource security control method in thin client mode
CN103442117A (en) * 2013-08-26 2013-12-11 厦门亿联网络技术股份有限公司 Method for VOIPs to achieve phone function at thin client terminal
WO2017030607A1 (en) * 2015-08-17 2017-02-23 Five9, Inc. Systems and methods for establishing a control channel between a virtualization server and a client device

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107749837A (en) * 2017-09-26 2018-03-02 甘肃万维信息技术有限责任公司 A kind of E-Government Resource Security guard system and its method
US10924486B2 (en) 2017-10-19 2021-02-16 International Business Machines Corporation Secure access management for tools within a secure environment
WO2019077452A1 (en) * 2017-10-19 2019-04-25 International Business Machines Corporation Secure access management for tools within a secure environment
GB2581721A (en) * 2017-10-19 2020-08-26 Ibm Secure access management for tools within a secure environment
US10834081B2 (en) 2017-10-19 2020-11-10 International Business Machines Corporation Secure access management for tools within a secure environment
GB2581721B (en) * 2017-10-19 2022-05-11 Ibm Secure access management for tools within a secure environment
DE112018004390B4 (en) 2017-10-19 2022-12-08 International Business Machines Corporation SECURE ACCESS MANAGEMENT FOR TOOLS IN A SECURE ENVIRONMENT
US11799861B2 (en) 2017-10-19 2023-10-24 International Business Machines Corporation Secure access management for tools within a secure environment
CN108076064A (en) * 2017-12-25 2018-05-25 北京航空航天大学 A kind of virtualization desktop file leakage prevention method based on secret mark
CN108614711A (en) * 2018-04-20 2018-10-02 北京握奇智能科技有限公司 TA mirrored storages method, apparatus and terminal
CN110602118A (en) * 2019-09-20 2019-12-20 南京信同诚信息技术有限公司 Virtualization data remote encryption security system and method
CN110602118B (en) * 2019-09-20 2022-04-22 南京信易达计算技术有限公司 Virtualization data remote encryption security system and method
CN111291429A (en) * 2020-01-21 2020-06-16 李岗 Data protection method and system
CN111506321A (en) * 2020-01-21 2020-08-07 李岗 Method and system for loading software running environment

Similar Documents

Publication Publication Date Title
CN107196932A (en) Managing and control system in a kind of document sets based on virtualization
CN111147255B (en) Data security service system, method and computer readable storage medium
EP2957063B1 (en) Policy enforcement with associated data
CN109361668A (en) A kind of data trusted transmission method
CN103747036B (en) Trusted security enhancement method in desktop virtualization environment
CN105191207B (en) Federated key management
CN106888084B (en) Quantum fort machine system and authentication method thereof
US9525690B2 (en) Securely integrating third-party applications with banking systems
CN108989346B (en) Third-party valid identity escrow agile authentication access method based on account hiding
CN102624699B (en) Method and system for protecting data
US11372993B2 (en) Automatic key rotation
CN202795383U (en) Device and system for protecting data
CN105282157B (en) A kind of secure communication control method
CN104756127A (en) Secure data handling by a virtual machine
CN113014539B (en) Internet of things equipment safety protection system and method
CN105430000A (en) Cloud computing security management system
CN103310161A (en) Protection method and system for database system
CN103297437A (en) Safety server access method for mobile intelligent terminal
CN102999732A (en) Multi-stage domain protection method and system based on information security level identifiers
US9053343B1 (en) Token-based debugging of access control policies
CN112905965B (en) Financial big data processing system based on block chain
CN101833620A (en) Custom security JDBC driver-based database protective method
CN106533693A (en) Access method and device of railway vehicle monitoring and maintenance system
CN111046405B (en) Data processing method, device, equipment and storage medium
CN114254269B (en) System and method for determining rights of biological digital assets based on block chain technology

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170922

RJ01 Rejection of invention patent application after publication