CN107483462B - Operation authority management system and method of outgoing USB flash disk - Google Patents

Operation authority management system and method of outgoing USB flash disk Download PDF

Info

Publication number
CN107483462B
CN107483462B CN201710762881.4A CN201710762881A CN107483462B CN 107483462 B CN107483462 B CN 107483462B CN 201710762881 A CN201710762881 A CN 201710762881A CN 107483462 B CN107483462 B CN 107483462B
Authority
CN
China
Prior art keywords
outgoing
file
disk
management system
usb flash
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710762881.4A
Other languages
Chinese (zh)
Other versions
CN107483462A (en
Inventor
邱志斌
涂高元
王慧东
郭永兴
陆云燕
陈雅贤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
XIAMEN TIPRAY TECHNOLOGY Co Ltd
Original Assignee
XIAMEN TIPRAY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by XIAMEN TIPRAY TECHNOLOGY Co Ltd filed Critical XIAMEN TIPRAY TECHNOLOGY Co Ltd
Priority to CN201710762881.4A priority Critical patent/CN107483462B/en
Publication of CN107483462A publication Critical patent/CN107483462A/en
Application granted granted Critical
Publication of CN107483462B publication Critical patent/CN107483462B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/303Terminal profiles

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an operation authority management system of an outgoing USB flash disk, which comprises an authority information file generation module, an authority information file verification module and an authority information file reading module. The invention also discloses an operation authority management method of the outgoing U disk, which comprises the following steps: the method comprises the steps that authentication binding is carried out on an outgoing U disk, the unique equipment serial number of the outgoing U disk is obtained, and the unique ID of a management system and an encrypted private key are written into the outgoing U disk; configuring authority for the outgoing USB flash disk, generating a policy file, and encrypting the policy file; and importing the policy file into an outgoing U disk, decrypting the policy file by using a private key of a management system by the outgoing U disk, verifying the integrity of the file, reading authentication information of the policy file, judging validity and legality, reading permission change information of the policy file if the verification is passed, and updating the permission information of the outgoing U disk device according to the read permission change information. The technical scheme can reduce the use cost and has strong timeliness.

Description

Operation authority management system and method of outgoing USB flash disk
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a system and a method for changing file operation authority in an outgoing U disk.
Background
The outgoing U disk is a file outgoing medium integrating software and hardware, and is used for protecting the security and confidentiality of outgoing files of enterprises and preventing the secondary diffusion of the files. The outgoing U disk provides an identity authentication access mechanism, and can be used only by a legal user, so that the safety and controllability of data in the U disk are ensured. For enterprises, in order to prevent a file from being tampered or copied arbitrarily to cause leakage, the operation authority of the file is set for an outgoing U disk, however, the set file operation authority cannot meet the use requirements of clients necessarily, and the U disk is sent to the clients and cannot be changed directly, so that a method is needed for solving the problem of file operation authority modification.
This situation is currently encountered in two modifications:
the first is to modify the USB flash disk by mailing, when the outgoing USB flash disk can not meet the use requirements of the customers, the customers send the outgoing USB flash disk back to the enterprise, and the enterprise modifies the USB flash disk, but the use cost of the customers is increased, and the mailing timeliness is slow;
the second is to use the networking application mode to modify, when the operation authority of the outgoing USB flash disk needs to be modified, the client and the enterprise are networked, and the enterprise performs remote operation on the outgoing USB flash disk through the network, so that the use convenience is improved, but the enterprise needs to deploy a public network server when networking, so that the USB flash disk can be connected to the server, and the use cost of the enterprise is increased; moreover, some clients have the property that the clients cannot be directly used in a network environment, so that the modification mode is poor in universality.
Disclosure of Invention
The invention aims to provide an operation authority management system and method of an outgoing U disk, which can reduce the use cost and have strong timeliness.
In order to achieve the above purpose, the solution of the invention is:
an operation authority management system of an outgoing U disk comprises an authority information file generating module, an authority information file verifying module and an authority information file reading module, wherein the authority information file generating module is used for generating a strategy file, the authority information file verifying module is used for verifying the validity and the legality of the received strategy file, and the authority information file reading module is used for reading the content of the authority information file passing the verification and updating the authority information of the outgoing U disk.
An operation authority management method of an outgoing U disk comprises the following steps:
step 1, authenticating and binding the outgoing USB flash disk, acquiring a unique equipment serial number of the outgoing USB flash disk, and writing a unique ID of a management system and an encrypted private key into the outgoing USB flash disk;
step 2, configuring authority for an outgoing U disk of which the operation authority is to be changed, generating a policy file, and encrypting the policy file through a public key of a management system to ensure the security of the policy file information;
step 3, importing the strategy file generated in the step 2 into an outgoing U disk, decrypting the strategy file by using a private key of a management system and verifying the integrity of the file by the outgoing U disk, reading authentication information of the strategy file, verifying the validity and legality according to the authentication information, directly ending the process if the verification fails, and executing the step 4 if the verification passes;
and 4, reading the permission change information of the strategy file, and updating the permission information of the outgoing USB flash disk device according to the read permission change information.
In step 1, one management system can manage multiple outgoing usb disks simultaneously, and the same outgoing usb disk can only be used by one management system.
In step 2, the policy file includes authentication information and permission change information.
The authentication information comprises the use time range of the policy file, the serial number of the target U disk device and the unique ID of the management system.
The permission change information includes at least one of the following permissions: print enable/disable, save file modification enable/disable screen capture, open times, open time range, and import enable/disable file to the outgoing U disk.
In the step 2, the same policy file can be simultaneously imported and used by a plurality of outgoing U disks.
After the scheme is adopted, the file operation authority of the remote USB flash disk device is changed by applying the off-line file containing the strategy information and utilizing the unique property of the hardware ID, the function of changing the file operation authority of the remote outgoing USB flash disk is realized based on software and the existing hardware environment, the cost is low, and the use convenience is improved on the premise of ensuring the safety.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a flow chart of the present invention for generating a policy file.
Detailed Description
The technical solution and the advantages of the present invention will be described in detail with reference to the accompanying drawings.
As shown in fig. 1 and fig. 2, the present invention provides an operation authority management system for an outgoing usb disk, which includes an authority information file generating module, an authority information file verifying module and an authority information file reading module, wherein the authority information file generating module is configured to generate an authority information file (i.e. a policy file), the authority information file verifying module is configured to verify validity and validity of the received authority information file, and the authority information file reading module is configured to read contents of the authority information file that passes the verification, and update authority information of the outgoing usb disk.
The invention provides an operation authority management method of an outgoing U disk, which comprises the following steps:
step 1, authenticating and binding the outgoing USB flash disk, acquiring a unique equipment serial number of the outgoing USB flash disk, and writing a unique ID of a management system and an encrypted private key into the outgoing USB flash disk, wherein the private key is the private key of the management system, and the private keys of the USB flash disks under the same management system are the same; when the outgoing U disk is authenticated and bound, the administrator password of the outgoing U disk needs to be verified to confirm that the outgoing U disk has the highest authority, and after authentication and binding are carried out, the outgoing U disk can be managed through the management system; it should be noted that, in actual operation, one management system can be designed to manage multiple outgoing usb disks simultaneously, and the same outgoing usb disk can only be used under one management system;
step 2, configuring the authority for the outgoing U disk with the operation authority to be changed, generating a policy file, encrypting the policy file through a public key of a management system, and ensuring the security of the information of the policy file, wherein the policy file comprises authentication information (referring to the use time range of the policy file, the serial number of a target U disk device and the unique ID of the management system) and authority change information (at least comprising one of permission/prohibition of printing, permission/prohibition of storing file modification content, permission/prohibition of screen capturing, opening times, opening time range, permission/prohibition of importing the file to the outgoing U disk, and the like); in specific application, the same policy file can be simultaneously imported and used by a plurality of outgoing U disks, the policy file contains the equipment serial number of a target U disk, and the management system acquires the unique equipment serial number of the U disk when binding and authenticating the U disk, so that the application range of the file, namely the equipment serial number, is selected when the policy file is manufactured, the serial numbers are written into the file, and the judgment can be carried out only by verifying whether the serial number of the equipment exists in the file during import;
step 3, importing the policy file generated in the step 2 into an outgoing U disk, decrypting the policy file by using a private key of a management system and verifying the integrity of the file by the outgoing U disk, then reading authentication information of the policy file, and judging validity and legality according to the authentication information (such as whether to verify the serial number of the equipment, whether to include the serial number of the equipment, whether to pass the use time range), if not, directly ending the flow, indicating that the permission modification is unsuccessful, and if to modify the permission, restarting from the step 1; if the verification is passed, executing the step 4;
and 4, reading the permission change information of the strategy file, and updating the permission information of the outgoing USB flash disk device according to the read permission change information.
The above embodiments are only for illustrating the technical idea of the present invention, and the protection scope of the present invention is not limited thereby, and any modifications made on the basis of the technical scheme according to the technical idea of the present invention fall within the protection scope of the present invention.

Claims (6)

1. A management method of an operation authority management system of an outgoing U disk is characterized in that:
the management system comprises a permission information file generation module, a permission information file verification module and a permission information file reading module, wherein the permission information file generation module is used for generating a strategy file, the permission information file verification module is used for verifying the validity and the legality of the received strategy file, and the permission information file reading module is used for reading the content of the permission information file which passes the verification and updating the permission information of an outgoing USB flash disk;
the management method comprises the following steps:
step 1, authenticating and binding the outgoing USB flash disk, acquiring a unique equipment serial number of the outgoing USB flash disk, and writing a unique ID of a management system and an encrypted private key into the outgoing USB flash disk;
step 2, configuring authority for an outgoing U disk of which the operation authority is to be changed, generating a policy file, and encrypting the policy file through a public key of a management system to ensure the security of the policy file information;
step 3, importing the strategy file generated in the step 2 into an outgoing U disk, decrypting the strategy file by using a private key of a management system and verifying the integrity of the file by the outgoing U disk, reading authentication information of the strategy file, verifying the validity and legality according to the authentication information, directly ending the process if the verification fails, and executing the step 4 if the verification passes;
and 4, reading the permission change information of the strategy file, and updating the permission information of the outgoing USB flash disk device according to the read permission change information.
2. The method for managing the operation right management system of the outgoing USB flash disk as claimed in claim 1, wherein: in step 1, one management system can simultaneously manage a plurality of outgoing usb disks, and the same outgoing usb disk can only be used by one management system.
3. The method for managing the operation right management system of the outgoing USB flash disk as claimed in claim 1, wherein: in step 2, the policy file includes authentication information and permission change information.
4. The method for managing the operation right management system of the outgoing USB flash disk as claimed in claim 3, wherein: the authentication information comprises the use time range of the policy file, the serial number of the target U disk device and the unique ID of the management system.
5. The method for managing the operation right management system of the outgoing USB flash disk as claimed in claim 3, wherein: the permission change information contains at least one of the following permissions: print enable/disable, save file modification enable/disable screen capture, open times, open time range, and import enable/disable file to the outgoing U disk.
6. The method for managing the operation right management system of the outgoing USB flash disk as claimed in claim 1, wherein: in the step 2, the same policy file can be simultaneously imported and used by a plurality of outgoing U disks.
CN201710762881.4A 2017-08-30 2017-08-30 Operation authority management system and method of outgoing USB flash disk Active CN107483462B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710762881.4A CN107483462B (en) 2017-08-30 2017-08-30 Operation authority management system and method of outgoing USB flash disk

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710762881.4A CN107483462B (en) 2017-08-30 2017-08-30 Operation authority management system and method of outgoing USB flash disk

Publications (2)

Publication Number Publication Date
CN107483462A CN107483462A (en) 2017-12-15
CN107483462B true CN107483462B (en) 2020-02-14

Family

ID=60603182

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710762881.4A Active CN107483462B (en) 2017-08-30 2017-08-30 Operation authority management system and method of outgoing USB flash disk

Country Status (1)

Country Link
CN (1) CN107483462B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111008395B (en) * 2019-10-31 2022-07-12 苏州浪潮智能科技有限公司 Method and device for protecting USB flash disk

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626378A (en) * 2009-08-14 2010-01-13 成都市华为赛门铁克科技有限公司 Method, device and system for managing authority information
CN102214283A (en) * 2011-07-27 2011-10-12 厦门天锐科技有限公司 Virtual disk-based file protection system and method
CN102521548A (en) * 2011-11-24 2012-06-27 中兴通讯股份有限公司 Method for managing using rights of function and mobile terminal
CN102902900A (en) * 2012-09-19 2013-01-30 无锡华御信息技术有限公司 Method and system for changing operation authority of outgoing file
CN106126977A (en) * 2016-06-26 2016-11-16 厦门天锐科技股份有限公司 A kind of efficient electronic document permission inheritance and transmission method
CN106203187A (en) * 2016-06-26 2016-12-07 厦门天锐科技股份有限公司 The USB storage device method for limiting of a kind of filter Driver on FSD and system
CN106790243A (en) * 2017-01-21 2017-05-31 厦门天锐科技股份有限公司 A kind of password remapping method of safe U disc
CN107018194A (en) * 2017-04-07 2017-08-04 厦门天锐科技股份有限公司 The implementation method that a kind of strategy is correctly downloaded in time

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101626378A (en) * 2009-08-14 2010-01-13 成都市华为赛门铁克科技有限公司 Method, device and system for managing authority information
CN102214283A (en) * 2011-07-27 2011-10-12 厦门天锐科技有限公司 Virtual disk-based file protection system and method
CN102521548A (en) * 2011-11-24 2012-06-27 中兴通讯股份有限公司 Method for managing using rights of function and mobile terminal
CN102902900A (en) * 2012-09-19 2013-01-30 无锡华御信息技术有限公司 Method and system for changing operation authority of outgoing file
CN106126977A (en) * 2016-06-26 2016-11-16 厦门天锐科技股份有限公司 A kind of efficient electronic document permission inheritance and transmission method
CN106203187A (en) * 2016-06-26 2016-12-07 厦门天锐科技股份有限公司 The USB storage device method for limiting of a kind of filter Driver on FSD and system
CN106790243A (en) * 2017-01-21 2017-05-31 厦门天锐科技股份有限公司 A kind of password remapping method of safe U disc
CN107018194A (en) * 2017-04-07 2017-08-04 厦门天锐科技股份有限公司 The implementation method that a kind of strategy is correctly downloaded in time

Also Published As

Publication number Publication date
CN107483462A (en) 2017-12-15

Similar Documents

Publication Publication Date Title
CN108768988B (en) Block chain access control method, block chain access control equipment and computer readable storage medium
CN108684041B (en) System and method for login authentication
JP6275653B2 (en) Data protection method and system
CN101572660B (en) Comprehensive control method for preventing leakage of data
CN106888084B (en) Quantum fort machine system and authentication method thereof
CN101547199B (en) Electronic document safety guarantee system and method
CN108833114A (en) A kind of decentralization identity authorization system and method based on block chain
AU2013312578A1 (en) Data security management system
CN106533693B (en) Access method and device of railway vehicle monitoring and overhauling system
CN102546664A (en) User and authority management method and system for distributed file system
CN101827101A (en) Information asset protection method based on credible isolated operating environment
CN101841525A (en) Secure access method, system and client
CN106953732B (en) Key management system and method for chip card
CN113420319A (en) Data privacy protection method and system based on block chain and permission contract
CN103095482B (en) Program development maintenance system
CN111901360B (en) Control system and method suitable for safe access of intranet data
CN112540957B (en) File secure storage and sharing system based on mixed block chain and implementation method
CN105915338A (en) Key generation method and key generation system
CN101739361A (en) Access control method, access control device and terminal device
CN111464561B (en) Data ferry management system
CN104333545A (en) Method for encrypting cloud storage file data
CN111460420A (en) Method, device and medium for using electronic seal based on block chain
CN111399980A (en) Safety authentication method, device and system for container organizer
CN104506480A (en) Cross-domain access control method and system based on marking and auditing combination
CN104104650A (en) Data file visit method and terminal equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant