CN107563175A - A kind of computer information safe Initiative Defense and monitoring system - Google Patents
A kind of computer information safe Initiative Defense and monitoring system Download PDFInfo
- Publication number
- CN107563175A CN107563175A CN201710677933.8A CN201710677933A CN107563175A CN 107563175 A CN107563175 A CN 107563175A CN 201710677933 A CN201710677933 A CN 201710677933A CN 107563175 A CN107563175 A CN 107563175A
- Authority
- CN
- China
- Prior art keywords
- computer
- information
- data
- client
- client computer
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
A kind of computer information safe Initiative Defense and monitoring system, including the encryption system and software monitoring system in client computer, client computer is connected with http protocol with application server, and application server represents that layer data server is connected by wireless network with client.The present invention is by client computer encryption and must fill sequential monitoring double-point information security means, realization is controlled to log into thr computer and monitors the purpose for the program software installed in computer, provided safeguard for the information security during existing electric power system computer use, avoid computer from using with, realize customizations management.
Description
Technical field
The present invention relates to computer security technique field, specifically a kind of computer information safe Initiative Defense is with monitoring
System, for the program software installed in computer to be controlled and monitored to log into thr computer.
Background technology
Power industry is a special energy industry, and generating, transmission of electricity, distribution, electricity consumption must be completed simultaneously, its coverage rate it
Greatly, the complexity of structure, the numerous of level are that any one industry is all incomparable, electric energy and national economy and the people's
Live closely bound up, the safe transmission of electric energy directly affects everyone production and life, and the safe transmission of electric energy according to
Rely the normal work in Power Information Network, with the continuous development of electric power trade information, information security faces increasingly serious
Test, therefore, the foundation of information network security of power system system has considerable meaning.
As the client computer of Power Information Network important component, carrying out the control of information security to it is then
The basic work of whole security information for power system System Construction, in the logon rights and client computer of client computer
The program software of installation, then it is to directly influence one of two big factors of information security, it is necessary to start with from these two aspects and controlled
System.But power industry is not controlled specifically for the two factors at present defence and monitoring system.Need badly above-mentioned
Aspect carries out research and development.
The content of the invention
The technical problem to be solved in the invention is to provide a kind of computer information safe Initiative Defense and monitoring system, real
Now log into thr computer is controlled and monitors the purpose for the program software installed in computer, is existing electric power system computer
Information security during use provides safeguard, and avoids computer from using with, realizes customizations management.
In order to solve the above technical problems, the technical solution adopted in the present invention is:
A kind of computer information safe Initiative Defense and monitoring system, the system include being arranged on adding in client computer
Close system and software monitoring system, the client computer are connected with http protocol with application server, the application
Server represents that layer data server is connected by wireless network with client.
Technical solution of the present invention further improvement is that:Client computer is locked in and logs in boundary by the encryption system
Whether face is simultaneously correctly plugged on the USB interface of client computer with the formal check encryption lock of data exchange, if encryption system
The data and the safety of client's expression layer data server that system can not complete data exchange or encryption system is read from encryption lock
The data stored in logon data module differ, and client computer is still in secure log interface, if encryption system is from adding
The data read in close lock are identical with the data stored in the secure log data module of client's expression layer data server, client
End computer enters normal operating interface.
Technical solution of the present invention further improvement is that:The client represents to set secure log in layer data server
The following information of whole client computers in data module and storage system:Put on record numbering, one-level unit, secondary unit, three
Level unit, device class, device type, device numbering, device name, unit type, equipment state, date of putting into operation, equipment are used
On the way, in the encryption lock in storage system single client computer above- mentioned information.
Technical solution of the present invention further improvement is that:Account management module is set in the application server to safety
The client computer information stored in logon data module is safeguarded, including inquiry details, newly-added information, deletion letter
Breath, import information, derived information.
Technical solution of the present invention further improvement is that:Secure log statistical module pair is set in the application server
The usage history record of client computer is stored, and storage information includes device name, computer name, login user
Name, outer net IP address, IP address of internal network, operating time, operating system, mode of operation.
Technical solution of the present invention further improvement is that:The software monitoring system is with the formal check visitor of data exchange
Mounted program software data in the computer of family end, if the data that software monitoring system is read represent layer data service with client
The data stored in routine data module that must fill of device differ, then store variance data into variance data module and by difference
Heteromerism is shown according to transmission into application server.
Technical solution of the present invention further improvement is that:The client, which represents to set in layer data server, must fill program
Client computer must fill the following information of program in data module and storage system:Program name, program version, program factory
Business, program description, operating system.
Technical solution of the present invention further improvement is that:System setup module in the application server is to that must fill journey
The client computer stored in sequence data module must fill program information and be safeguarded, including inquiry details, newly-built information,
Delete information, modification information.
Technical solution of the present invention further improvement is that:Variance data statistical module pair is set in the application server
The variance data that must fill program of client computer is stored, and the program information that must fill in variance data is included in visitor
The operation interface of family end computer.
By adopting the above-described technical solution, the technological progress that the present invention obtains is:
The computer information safe Initiative Defense and monitoring system of the present invention, encrypted by client computer and program must be filled
Double-point information security means is monitored, realizes the mesh for being controlled to log into thr computer and monitoring the program software installed in computer
, it is that the information security during existing electric power system computer use provides safeguard, avoids computer from using with, realize customizations
Management.
The present invention is controlled by encrypting lock control to the authority of log into thr computer, information security Initiative Defense and monitoring
After system binding computer, user can not be stepped on then without input operation system user name and password with inputting pin mode
Record, can only use encryption lock log in computer, effectively prevent computer cryptography be stolen caused by illegal computers log in, insertion
After encryption lock can login system, after pulling out encryption lock, computer system immediately enters lock-out state, has reached people in system
Open, the protecting effect of people's walking system locking.
The present invention is monitored by that must fill Programmable detection to computer installation software, must be filled sequential monitoring and not only be detected note
Volume table, also detection procedure, the timing of information security Initiative Defense and monitoring system is in the system lower right corner with from ejecting self-hiding shape
Formula prompts this computer is uninstalled must fill program;Untill it must fill program installation completely;Timing, which uploads onto the server, does not install
Must fill program, the Software-Coincidence requirement installed in computer has been effectively ensured, for correct operation computer, has realized equipment etc.
Normal operation provides safeguard.
Embodiment
The invention discloses a kind of computer information safe Initiative Defense and monitoring system, system includes being arranged on client
Encryption system and software monitoring system in computer, client computer are connected with http protocol with application server,
Application server represents that layer data server is connected by wireless network with client.
Encryption system by client computer be locked in login interface and with the formal check encryption lock of data exchange whether
Correctly it is plugged on the USB interface of client computer, if encryption system can not complete data exchange or encryption system from encryption
The data that the data read in lock represent to store in the secure log data module of layer data server with client differ, client
Computer is held still in secure log interface, if the data that encryption system is read from encryption lock represent layer data service with client
The data stored in the secure log data module of device are identical, and client computer enters normal operating interface.
Client represents to set whole clients in secure log data module and storage system to calculate in layer data server
The following information of machine:Put on record numbering, one-level unit, secondary unit, three-level unit, device class, device type, device numbering,
Device name, unit type, equipment state, date of putting into operation, equipment purposes, single client in storage system in the encryption lock
The above- mentioned information of computer.
Account management module is set to believe the client computer stored in secure log data module in application server
Breath is safeguarded, including inquiry details, newly-added information, deletion information, import information, derived information.
Secure log statistical module is set to store the usage history record of client computer in application server,
Storage information includes device name, computer name, login username, outer net IP address, IP address of internal network, operating time, behaviour
Make system, mode of operation.
Software monitoring system with mounted program software data in the formal check client computer of data exchange, if
The data that software monitoring system is read must fill the data stored in routine data module not with client's expression layer data server
It is identical, then variance data is stored into variance data module and sends variance data and shown into application server.
Client, which represents to set in layer data server, must fill in routine data module and storage system that client computer must
Fill the following information of program:Program name, program version, program manufacturer, program description, operating system.
System setup module in application server must fill to that must fill the client computer stored in routine data module
Program information is safeguarded, including inquiry details, newly-built information, deletion information, modification information.
Variance data statistical module is set to enter the variance data that must fill program of client computer in application server
Row storage, and the program information that must fill in variance data is included into the operation interface in client computer.
The present invention is described in further details with reference to embodiment.
The computer information safe Initiative Defense and monitoring system, system of the present invention includes two layers of client and server
Face, wherein client are arranged in client computer, and server is built requirement according to standardized service device and built.This
The server of invention is divided into client and represents layer data storehouse server and application server, and client computer is with http protocol with answering
It is connected with server, application server represents that layer data server is connected by wireless network with client, while in client
Hold and encryption system and software monitoring system are installed in computer.The present embodiment is to use the browser clients based on WEB technologies
The design method of end/WEB application server/database server three-decker realizes system architecture, the operation ring of each Rotating fields
Border requires as follows.
Browser client is arranged in client computer, and running environment is specific as follows:Operating system is Windows
One kind in 95/98/ME/NT/2000/2003/XP/2007/2008;To internal memory and CPU without special
It is required that;Hard drive space is had no special requirements;Network environment is connected using http protocol with application server.By web browser
WEB application server proposes service request on to network, and WEB application server is transmitted to client with http protocol homepage needed for
End, client computer receives the homepage file transmitted, and it is shown in web browser.
WEB application server running environment in server is specific as follows:Operating system is Windows NT/Server
One kind in the Server of/2003/XP/2008;Internal memory is at least 1G, recommends 2G or bigger;The minimum 800MHZ of CPU;Should
It is that IIS is serviced with environment, Microsoft .NET FrameWork4.0, more than IE6.0;Hard drive space at least 10G free spaces
(After the completion of all configurations);Network environment:100M -1000M network interface cards.WEB application server receives the request of user, performs phase
The program answered simultaneously is attached with database, and data processing application is proposed to database server, waits database by data
The result of reason submits to WEB application server, then passes client computer back by WEB server.
Client in server represents layer data storehouse server(Abbreviation database server)Running environment is specific as follows:Behaviour
It must be any Server versions operating system for supporting Oracle10g to make system;Hard drive space at least 1024M hard drive spaces(Installation
After Oracle);Internal memory and CPU are with reference to Oracle10g requirements;Network environment is taken using 100M -1000M express networks and application
Business device is connected.Database server receives the data operation request of WEB application server, realizes to data query, modification, renewal
Etc. function, operation result is submitted to WEB server.
Client computer is locked in login interface and added with the formal check of data exchange by the encryption system of the present invention
Whether close lock is correctly plugged on the USB interface of client computer, if encryption system can not complete data exchange or encryption system
The data read from encryption lock of uniting represent the data stored in the secure log data module of layer data server not with client
Identical, client computer is still in secure log interface, if the data that encryption system is read from encryption lock represent with client
The data stored in the secure log data module of layer data server are identical, and client computer enters normal operating interface.
Client represents to set whole clients in secure log data module and storage system to calculate in layer data server
The following information of machine:Put on record numbering, one-level unit, secondary unit, three-level unit, device class, device type, device numbering,
Device name, unit type, equipment state, date of putting into operation, equipment purposes.
Information such as wherein one client computer in system is as follows, numbering of putting on record:011101043, one-level unit:China
NORTEL net Co., Ltd, secondary unit:Langfang electric company, three-level unit:Langfang our department of electric company, device class:Safety
Equipment, device type:Other safety means, device numbering:Nclfg-11fb-sxxx-intr, device name:Safe handling is eventually
Hold PC 20, unit type:6000+6600, equipment state:Transporting, date of putting into operation:2011-12-28, equipment purposes:Safety
Log in defence.Also the client meter is stored in the encryption lock corresponding with nclfg-11fb-sxxx-intr client computers
The above- mentioned information of calculation machine.
Account management module is set to believe the client computer stored in secure log data module in application server
Breath is safeguarded, including inquiry details, newly-added information, deletion information, import information, derived information.
Account management module is responsible for safeguarding the work of secure log control device " encryption lock " details.Using navigation
Interface is set, into after account management module, safety means interface can be entered by clicking on navigation tree, and user can be as needed
Inquiry details, newly-added information, the operation for deleting information, import information, derived information are carried out, is preserved after the completion of operation
.
Secure log statistical module is set to store the usage history record of client computer in application server,
Storage information includes device name, computer name, login username, outer net IP address, IP address of internal network, operating time, behaviour
Make system, mode of operation.
Secure log statistical module main presentation is gone out login computer eventually safe to use and remembered using the history during computer
Record, the historical record such as a client computer in system is as follows, device name:Use terminal PC 20 safely, calculate
Machine title:JOHN-PC, login username:Administrator, outer net IP address:192.168.173.1, IP address of internal network:
172.27.35.1, the operating time:2015-11-10 15:56:30, operating system:Win7, mode of operation:Log in.
Software monitoring system with mounted program software data in the formal check client computer of data exchange, if
The data that software monitoring system is read must fill the data stored in routine data module not with client's expression layer data server
It is identical, then variance data is stored into variance data module and sends variance data and shown into application server.
Client, which represents to set in layer data server, must fill in routine data module and storage system that client computer must
Fill the following information of program:Program name, program version, program manufacturer, program description, operating system.
Such as follows, the program name that must be filled in program information of a certain client computer in initialization system:It is Sino-British
Literary translation software, program version:V2008, program manufacturer:The sensible development corporation, Ltd. of Hebei Kechuang, program description:Main centering
English word, article intertranslation, operating system:win xp/win7/win10.
System setup module in application server must fill to that must fill the client computer stored in routine data module
Program information is safeguarded, including inquiry details, newly-built information, deletion information, modification information.Set using navigation tree interface
Meter, after entrance must fill routine data module, clicking on navigation tree can be into that must fill program administration interface, and user can be as needed
Inquiry details, newly-built information, the operation for deleting information, modification information are carried out, is preserved after the completion of operation.It is wherein newly-built
Information, which is applied to increase newly, must fill program information, and entrance must fill the program information display page after clicking on newly-increased button, and increase automatically
One the new program that must fill records.Deletion information deletion is selected must to fill program(Current selection record background colour is grey), system
Ask the user whether to determine to delete this record, it is determined that after will delete this record, user will be unable to look into again must fill in program listing
See this information.Modification information is to carry out maintenance of information to the selected program that must fill.
Variance data statistical module is set to enter the variance data that must fill program of client computer in application server
Row storage, and the program information that must fill in variance data is included into the operation interface in client computer.Have differences data
Afterwards, the prompting being timed is installed completely until that must fill program, and alerting pattern is in the lower right corner of desktop in the form of prompting opening
Carry out, and can not manually close.
Claims (9)
1. a kind of computer information safe Initiative Defense and monitoring system, it is characterised in that:The system includes being arranged on client
The encryption system and software monitoring system in computer are held, the client computer is with http protocol and application server phase
Connection, the application server represent that layer data server is connected by wireless network with client.
2. a kind of computer information safe Initiative Defense according to claim 1 and monitoring system, it is characterised in that:It is described
Client computer is locked in login interface and with the whether correct grafting of the formal check encryption lock of data exchange by encryption system
On the USB interface of client computer, if encryption system can not complete data exchange or encryption system is read from encryption lock
Data and the client data that represent to store in the secure log data module of layer data server differ, client computer
Still in secure log interface, if the data that encryption system is read from encryption lock represent the safety of layer data server with client
The data stored in logon data module are identical, and client computer enters normal operating interface.
3. a kind of computer information safe Initiative Defense according to claim 2 and monitoring system, it is characterised in that:It is described
Client represents to set the following of whole client computers in secure log data module and storage system in layer data server
Information:Put on record numbering, one-level unit, secondary unit, three-level unit, device class, device type, device numbering, device name,
Unit type, equipment state, date of putting into operation, equipment purposes, single client computer in storage system in the encryption lock
Above- mentioned information.
4. a kind of computer information safe Initiative Defense according to claim 3 and monitoring system, it is characterised in that:It is described
Account management module is set to tie up the client computer information stored in secure log data module in application server
Shield, including inquiry details, newly-added information, deletion information, import information, derived information.
5. a kind of computer information safe Initiative Defense according to claim 4 and monitoring system, it is characterised in that:It is described
Secure log statistical module is set to store the usage history record of client computer in application server, storage information
Including device name, computer name, login username, outer net IP address, IP address of internal network, operating time, operating system, behaviour
Make mode.
6. a kind of computer information safe Initiative Defense according to claim 1 and monitoring system, it is characterised in that:It is described
Software monitoring system is with mounted program software data in the formal check client computer of data exchange, if software supervision
The data that system is read represent that the data stored in routine data module that must fill of layer data server differ with client, then will
Variance data stores into variance data module and sends variance data and shown into application server.
7. a kind of computer information safe Initiative Defense according to claim 6 and monitoring system, it is characterised in that:It is described
Client computer in routine data module and storage system must be filled by, which being set in client's expression layer data server, must fill program
Following information:Program name, program version, program manufacturer, program description, operating system.
8. a kind of computer information safe Initiative Defense according to claim 7 and monitoring system, it is characterised in that:It is described
System setup module in application server must fill program information to that must fill the client computer stored in routine data module
Safeguarded, including inquiry details, newly-built information, deletion information, modification information.
9. a kind of computer information safe Initiative Defense according to claim 1 and monitoring system, it is characterised in that:It is described
Variance data statistical module is set to store the variance data that must fill program of client computer in application server, and
The program information that must fill in variance data is included into the operation interface in client computer.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710677933.8A CN107563175A (en) | 2017-08-10 | 2017-08-10 | A kind of computer information safe Initiative Defense and monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710677933.8A CN107563175A (en) | 2017-08-10 | 2017-08-10 | A kind of computer information safe Initiative Defense and monitoring system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107563175A true CN107563175A (en) | 2018-01-09 |
Family
ID=60975297
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710677933.8A Pending CN107563175A (en) | 2017-08-10 | 2017-08-10 | A kind of computer information safe Initiative Defense and monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107563175A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114861185A (en) * | 2022-07-05 | 2022-08-05 | 江苏荣泽信息科技股份有限公司 | Consensus mechanism processing method and device for enterprise-level ledger |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120204239A1 (en) * | 2009-10-19 | 2012-08-09 | Junko Suginaka | Terminal management system and terminal management method |
| CN103413083A (en) * | 2013-08-15 | 2013-11-27 | 水利部水利信息中心 | Security defending system for single host |
| CN103927476A (en) * | 2014-05-07 | 2014-07-16 | 上海联彤网络通讯技术有限公司 | Intelligent system and method for achieving application program authority management |
| CN106982228A (en) * | 2017-05-08 | 2017-07-25 | 北京深思数盾科技股份有限公司 | One kind realizes identity authentication method and system |
-
2017
- 2017-08-10 CN CN201710677933.8A patent/CN107563175A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120204239A1 (en) * | 2009-10-19 | 2012-08-09 | Junko Suginaka | Terminal management system and terminal management method |
| CN103413083A (en) * | 2013-08-15 | 2013-11-27 | 水利部水利信息中心 | Security defending system for single host |
| CN103927476A (en) * | 2014-05-07 | 2014-07-16 | 上海联彤网络通讯技术有限公司 | Intelligent system and method for achieving application program authority management |
| CN106982228A (en) * | 2017-05-08 | 2017-07-25 | 北京深思数盾科技股份有限公司 | One kind realizes identity authentication method and system |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114861185A (en) * | 2022-07-05 | 2022-08-05 | 江苏荣泽信息科技股份有限公司 | Consensus mechanism processing method and device for enterprise-level ledger |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP5572705B2 (en) | System and method for managing electronic assets | |
| JP5502198B2 (en) | System and method for performing device serialization | |
| CN102724215B (en) | Method for storing user key safely and improving data security of cloud platform based on user login password | |
| CN102118271B (en) | Method for discovering illegally-accessed equipment | |
| US9647834B2 (en) | Systems and methods with cryptography and tamper resistance software security | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| CN105162808B (en) | A kind of safe login method based on national secret algorithm | |
| CN104991526A (en) | Industrial control system safe support framework and data safe transmission and storage method thereof | |
| CN102693399B (en) | System and method for on-line separation and recovery of electronic documents | |
| CN105915338A (en) | Key generation method and key generation system | |
| CN102202052A (en) | Virtual-machine-technology-based information system password management method | |
| CN105740725A (en) | File protection method and system | |
| CN106603488A (en) | Safety system based on power grid statistical data searching method | |
| CN109936555A (en) | A kind of date storage method based on cloud platform, apparatus and system | |
| CN101833620A (en) | Custom security JDBC driver-based database protective method | |
| CN103970540B (en) | Key Functions secure calling method and device | |
| CN116542637B (en) | Government platform safety control method based on computer | |
| US20120198225A1 (en) | Computer system for accessing confidential data by means of at least one remote unit and remote unit | |
| Verma et al. | Data theft prevention & endpoint protection from unauthorized USB devices—Implementation | |
| Mehak et al. | Security aspects of database-as-a-service (DBaaS) in cloud computing | |
| Pitropakis et al. | It's All in the Cloud: Reviewing Cloud Security | |
| CN104468491A (en) | Virtual desktop system and method based on secure channel | |
| CN107563175A (en) | A kind of computer information safe Initiative Defense and monitoring system | |
| CN102821110B (en) | A kind of password method for retrieving for audio/video storage device | |
| CN112347440A (en) | User access authority separate-setting system of industrial control equipment and use method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180109 |
|
| RJ01 | Rejection of invention patent application after publication |