CN107786500A - Terminal security module centralized management system - Google Patents
Terminal security module centralized management system Download PDFInfo
- Publication number
- CN107786500A CN107786500A CN201610725956.7A CN201610725956A CN107786500A CN 107786500 A CN107786500 A CN 107786500A CN 201610725956 A CN201610725956 A CN 201610725956A CN 107786500 A CN107786500 A CN 107786500A
- Authority
- CN
- China
- Prior art keywords
- module
- terminal
- security
- data
- interface
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
A kind of terminal security centralized management system of the present invention, wherein, including:Messaging bus, database, physical layer interface module, security module and interface module;The messaging bus is used for the communication interaction with management terminal, routes data to management terminal, while receives the data feedback of management terminal, gives the data of return to physical layer interface module;The physical layer interface module is the transitional module between messaging bus and security module, by the data feedback for receiving management terminal to each submodule in security module, receives the instruction of the security module, and broadcast data to the messaging bus;The security module is integrated with a variety of safety verification functions, for carrying out security protection to place terminal;The interface module, for providing human-computer interaction interface.Terminal security module centralized management system of the present invention can improve module service efficiency, convenient for the user to operate for terminal security module centralized management system terminal.
Description
Technical field
The invention belongs to computer security technique field, is a kind of terminal security module centralized management system.
Background technology
The security protection product of current generation is independent operating mostly, managed alone, but with terminal security product kind
Class is various, method of operation variation, a variety of security modules on ordinary terminal is managed and monitored into serious burden,
So needing the running environment that can be managed collectively and monitor to them, and identical function of safety protection is completed,
The content of the invention
It is an object of the invention to provide a kind of terminal security module centralized management system, for solving the peace of current generation
Full protection product is independent operating mostly, the problem of managing alone.
A kind of terminal security centralized management system of the present invention, wherein, including:Messaging bus, database, physical layer interface mould
Block, security module and interface module;The messaging bus is used for the communication interaction with management terminal, routes data to management eventually
End, while the data feedback of management terminal is received, give the data of return to physical layer interface module;The physical layer interface module is to be situated between
Transitional module between messaging bus and security module, the data feedback of management terminal will be received to each son in security module
Module, receives the instruction of the security module, and broadcasts data to the messaging bus;The security module is integrated with a variety of safety verifications
Function, for carrying out security protection to place terminal;The interface module, for providing human-computer interaction interface.
According to the present invention terminal security centralized management system an embodiment, wherein, the messaging bus can also with it is outer
Portion's management terminal carries out two-way authentication.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the physical layer interface module includes plan
Slightly interface, control interface, log interface and state interface;The control interface is used for the control command for receiving management terminal, will
Order passes to security module;The log interface is used for the call instruction for receiving management terminal, and the daily record of security module is sent out
Give management terminal;The state interface is used for the instruction for receiving management terminal, and the reality of current safety module is fed back to management terminal
When state.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the security module includes:It is outer in violation of rules and regulations
Join control module, peripheral port control module, network control module, antivirus module, secure log module;The illegal external connection controls
Module is used to judge whether terminal is connected to network in violation of rules and regulations;Peripheral port control module is used to judge whether terminal accesses in violation of rules and regulations
External equipment;The network control module, the packet for terminal to be sent and received carry out traffic organising;The antivirus module is used
It is viral in removing terminal;The secure log module is used to verify terminal landing information.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the network control module, with five yuan
The packet that group form sends and receives terminal carries out traffic organising.
According to the present invention terminal security centralized management system an embodiment, wherein, the messaging bus can also with it is outer
Portion's management terminal, which carries out two-way authentication, to be included:Identity information is sent to management terminal by the messaging bus, and management terminal foundation obtains
The identity information taken, judge the legitimacy of information, if legal, management terminal can send one to the messaging bus and contain identity
Confirm mark, the key of user encryption and need the random sequence number returned next time;, will after the messaging bus receives data
The data to be sent, this is after whether the key that end of identification and random sequence number are sent with server is encrypted, and sends
To management terminal, management terminal returns to the random sequence number for receiving result mark and sending next time after receiving;The message is total
Line receives follow-up supervention and send data, circulates successively, until data are sent.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, management terminal safeguards a time-out
Mechanism, does not receive the data of the messaging bus in time-out time, and the messaging bus needs to restart identifying procedure.
According to an embodiment of the terminal security centralized management system of the present invention, wherein, the interface module includes:Submodule
Run shape module, submodule resource occupation module, security function scan module, submodule maintenance module, log audit module, plan
Slightly control module and safe scoring modules;Submodule operation shape module is used to show security module state;The submodule provides
Source takes the dynamic occupied information that module is used to obtain security module;The security function scan module is used in query safe module
The quantity of submodule;The submodule maintenance module is used for the control operation for carrying out security module;The log audit module is used to show
Show the Operation Log in terminal;In the strategy that the security module that the strategic control module is used for during display is currently running uses
Hold;The safe scoring modules are used to be based on the security module situation, carry out composite rating.
Among all kinds of security modules are uniformly operated in security system by terminal security module centralized management system of the present invention, collection
Into all kinds of security modules, realize that module is managed collectively, uniformly report daily record, Unified Policy to issue;Break information island, fusion is more
The data of kind security module, there is provided integrated relational analysis is carried out based on Various types of data;Module service efficiency is improved, is pacified for terminal
Full module centralized management system terminal, it is convenient for the user to operate.
Brief description of the drawings
Fig. 1 show terminal security centralized management system module map of the present invention;
Fig. 2 show the flow chart of handshake procedure;
Fig. 3 show the flow chart that terminal security module centralized management system processing management end sends data;
Fig. 4 show the upgrading flow chart of security module.
Embodiment
To make the purpose of the present invention, content and advantage clearer, with reference to the accompanying drawings and examples, to the present invention's
Embodiment is described in further detail.
Fig. 1 show terminal security centralized management system module map of the present invention, as shown in figure 1, the present invention is for current interior
The a variety of security protection generic module independent operatings of portion's network, the present situation managed alone, design a kind of the new of centralized management security module
The system of theory.Terminal security module centralized management system and management end two parts can be divided.
As shown in figure 1, terminal security module centralized management system includes:Messaging bus 1, database 2, physical layer interface module
3, security module 4 and interface module 5.
As shown in figure 1, messaging bus 1 is used for the communication interaction with management end, management end is routed data to, is received simultaneously
The data feedback of management end, give the data of return to physical layer interface module 3, it is ensured that the reliable secrecy transmission of data.Messaging bus 1
Need to be shaken hands before data are sent, whole handshake procedure is completed by messaging bus 1, it is not necessary to which physical layer interface module 3 is carried out
Any processing.
Fig. 2 show the flow chart of handshake procedure, as shown in Fig. 2 handshake procedure includes:Terminal security module is managed concentratedly
System is sent to management end before transmitting data, by identity information, and management end judges information according to the identity information obtained
Legitimacy, if legal, management end can send one containing identity validation mark, use to terminal security module centralized management system
The key and need the random sequence number returned next time that family is encrypted;
After terminal security module centralized management system receives data, the data that will send, this whether end of identification with
And after the key that is sent with server of random sequence number is encrypted, management end is sent to, management end returns after receiving and receives knot
The random sequence number that fruit identifies and sent next time;
Terminal security module centralized management system receives follow-up supervention and send data, circulates successively, until data are sent;
Need to illustrate a bit, management end can safeguard a timeout mechanism, give tacit consent to 30 seconds, if do not received in 30 seconds
The data of terminal security module centralized management system, terminal security module centralized management system need to walk identifying procedure again.
As shown in figure 1, physical layer interface module 3 includes:Policy interface 31, control interface 32, log interface 33 and state
Interface 34.
Physical layer interface module 3 is the transition between messaging bus 1 and security module 4, will receive the data of management end
Each submodule in security module 4 is fed back to, while receives the instruction of security module 4, message is passed to through physical layer interface module 3
Bus 1, management end is sent data to by messaging bus 1.
Fig. 3 show the flow chart that terminal security module centralized management system processing management end sends data, such as Fig. 3 institutes
Show, physical layer interface module 3 includes policy interface 31, control interface 32, log interface 33 and state interface 34.Policy interface 31
Strategy for management end to be formulated carries out Preliminary Analysis, gives security module 4.
As shown in figure 3, control interface 32 is used for the control command for receiving management end, order is passed into security module 4, it is real
Enabling and disables etc. for the submodule of existing remote secure module 4 operates.Log interface 33 is used for the call instruction for receiving management end,
The daily record of security module 4 is sent to management end.State interface 34 is used for the instruction for receiving management end, is fed back to management end current
The real-time status of security module 4.It should be noted that physical layer interface module 3 is general only to carry out Preliminary Analysis, specific data still by
The grade of security module 4 handles logical analysis.
Table 1 is the structure that terminal security module centralized management system sends packet, and the centralized management of terminal security module is
System returns data to the package of management end, including packet header and data two parts.
Table 1
Data host type:The big Type division of current data, integer representation, strategy are that 1, control is 2, daily record 3, state
For 4, can be extended again according to being actually needed;
Data subtypes:Specific division under a certain major class, integer representation, distribution thinking is with reference to host type;
System identifier:Terminal security module centralized management system ID values are identified, during by system registry to management end, by management end
Unique ID of generation;
Send the time:The time that data are sent;
Send IP:The IP address of host side where security system;
Send MAC Address:The IP address of host side where security system;
Active user:Main frame current user information where system.
It should be noted that physical layer interface module 3 is completed without parsing, parsing work by security module 4.
As shown in figure 1, security module 4 includes:Illegal external connection control module 41, peripheral port control module 42, network control
Molding block 43, antivirus module 44, secure log module 45.Whether illegal external connection control module 41 is used for main frame where judging system
It is connected in violation of rules and regulations on network.Peripheral port control module 42 is used to judge whether main frame where system accesses external equipment in violation of rules and regulations.
Network control module 43, will be main where system for five-tuple (source IP, purpose IP, source port, destination interface, agreement) form
The packet that machine sends and receives carries out traffic organising.Antivirus module 44 is used to remove main frame virus.Secure log module 45 is used
Verified in place main frame logon information.
As shown in figure 1, security module 4 be responsible for realizing the installation of all kinds of submodules, startup, stopping, restarting, upgrading,
The control functions such as unloading and offer report and submit the data interaction function such as data according to submodule running situation to management end.
Fig. 4 show the upgrading flow chart of security module, as shown in figure 4, before upgrading, it is necessary to be with management end confirmation
No to have AKU, the result returned according to management end carries out the download and installation of AKU.
Except above-mentioned control function, the interactive function when runtime system of security module 4 provides submodule operation, these functions
Including:Report and submit submodule bulk state:Each submodule running status of real-time report, including to management end and local graphical interfaces;Receive
And perform control strategy:The long-range sending strategy of management end is received, and performs corresponding strategy;Receiving submodule runs control command:
Receive control command, executive control operation;Control command may be from management end, it is also possible to come from local graphical interfaces;
Receive log query condition and return to log recording:Querying command is received, returns to Query Result;Querying command may be from pipe
Manage end, it is also possible to come from local graphical interfaces.
As shown in figure 1, interface module 5, for providing human-computer interaction interface, concrete function is to send call instruction to operation
When system, then by data display on graphical interfaces.Interface module 5 includes submodule operation shape module 51 and is used to show safety
Submodule bulk state, enable, disable.Submodule resource occupation module 52 is used to obtain the dynamic such as CPU, internal memory of safe submodule
Occupied information.Security function scan module 53 is used for inquiring about how much safe submodules are mounted with current system.Submodule is safeguarded
Module 54 such as is used to realizing the startup of safe submodule, deactivation, upgrades, restarts at the control operation.Log audit module 55 is used to show
Show the Operation Log in the machine.Strategic control module 56 is used for the strategy for showing that the safe submodule in being currently running uses
Content.Safe scoring modules are used to be based on current safety submodule situation, carry out comprehensive grading.
Among all kinds of security modules are uniformly operated in security system by terminal security module centralized management system of the present invention, by
Management end is unified to be provided to each submodule policy control, the external O&M of log audit and displaying.Terminal security module is managed concentratedly
System supports all security protection products to exist in the form of system sub-modules and driving, and has security system to carry out them
The function such as control, audit log collection and association analysis during operation, and security system also provides end host running status,
It is the solution of a, audit safe to termination set and monitoring.All kinds of security modules are integrated, realize that module is managed collectively, system
One reports daily record, Unified Policy to issue;Break information island, merge the data of a variety of security modules, there is provided based on Various types of data
Carry out integrated relational analysis;Module service efficiency is improved, for terminal security module centralized management system main frame, is easy to user to grasp
Make.
Described above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the technical principles of the invention, some improvement and deformation can also be made, these are improved and deformation
Also it should be regarded as protection scope of the present invention.
Claims (8)
- A kind of 1. terminal security centralized management system, it is characterised in that including:Messaging bus, database, physical layer interface module, Security module and interface module;The messaging bus is used for the communication interaction with management terminal, routes data to management terminal, while receive management terminal Data feedback, give the data of return to physical layer interface module;The physical layer interface module is the transitional module between messaging bus and security module, will receive the data of management terminal Each submodule in security module is fed back to, receives the instruction of the security module, and broadcasts data to the messaging bus;The security module is integrated with a variety of safety verification functions, for carrying out security protection to place terminal;The interface module, for providing human-computer interaction interface.
- 2. terminal security centralized management system as claimed in claim 1, it is characterised in that the messaging bus can also be with outside Management terminal carries out two-way authentication.
- 3. terminal security centralized management system as claimed in claim 1, it is characterised in that the physical layer interface module includes strategy Interface, control interface, log interface and state interface;The control interface is used for the control command for receiving management terminal, will order Order passes to security module;The log interface is used for the call instruction for receiving management terminal, and the daily record of security module is sent To management terminal;The state interface is used for the instruction for receiving management terminal, feeds back the real-time of current safety module to management terminal State.
- 4. terminal security centralized management system as claimed in claim 1, it is characterised in that the security module includes:It is outer in violation of rules and regulations Join control module, peripheral port control module, network control module, antivirus module, secure log module;The illegal external connection controls Module is used to judge whether terminal is connected to network in violation of rules and regulations;Peripheral port control module is used to judge whether terminal accesses in violation of rules and regulations External equipment;The network control module, the packet for terminal to be sent and received carry out traffic organising;The antivirus module is used It is viral in removing terminal;The secure log module is used to verify terminal landing information.
- 5. terminal security centralized management system as claimed in claim 1, it is characterised in that the network control module, with five yuan The packet that group form sends and receives terminal carries out traffic organising.
- 6. terminal security centralized management system as claimed in claim 1, it is characterised in that the messaging bus can also be with outside Management terminal, which carries out two-way authentication, to be included:Identity information is sent to management terminal by the messaging bus, and management terminal is according to acquisition Identity information, judge the legitimacy of information, if legal, management terminal can be sent to the messaging bus one it is true containing identity Recognize mark, the key of user encryption and need the random sequence number returned next time;, will after the messaging bus receives data The data of transmission, this is after whether the key that end of identification and random sequence number are sent with server is encrypted, and is sent to Management terminal, management terminal return to the random sequence number for receiving result mark and sending next time after receiving;The messaging bus Receive follow-up supervention and send data, circulate successively, until data are sent.
- 7. terminal security centralized management system as claimed in claim 6, it is characterised in that management terminal safeguards an overtime machine Make, do not receive the data of the messaging bus in time-out time, the messaging bus needs to restart identifying procedure.
- 8. terminal security centralized management system as claimed in claim 1, it is characterised in that the interface module includes:Submodule Run shape module, submodule resource occupation module, security function scan module, submodule maintenance module, log audit module, plan Slightly control module and safe scoring modules;Submodule operation shape module is used to show security module state;The submodule resource occupation module is used to obtain safe mould The dynamic occupied information of block;The security function scan module is used for the quantity of query safe module Neutron module;The submodule is tieed up Shield module is used for the control operation for carrying out security module;The Operation Log that the log audit module is used on display terminal;The plan Slightly control module is used for the policy content for showing that the security module in being currently running uses;The safe scoring modules are used for base In the security module situation, composite rating is carried out.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610725956.7A CN107786500A (en) | 2016-08-25 | 2016-08-25 | Terminal security module centralized management system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201610725956.7A CN107786500A (en) | 2016-08-25 | 2016-08-25 | Terminal security module centralized management system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107786500A true CN107786500A (en) | 2018-03-09 |
Family
ID=61438767
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201610725956.7A Pending CN107786500A (en) | 2016-08-25 | 2016-08-25 | Terminal security module centralized management system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107786500A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113919863A (en) * | 2021-09-09 | 2022-01-11 | 江苏盛启数字科技有限公司 | Data processing method and device based on full-channel widely-announced information |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101052046A (en) * | 2007-05-22 | 2007-10-10 | 网御神州科技(北京)有限公司 | Anti-virus method and device for fire-proof wall |
US20080109903A1 (en) * | 2006-11-07 | 2008-05-08 | Spansion Llc | Secure co-processing memory controller integrated into an embedded memory subsystem |
CN102571786A (en) * | 2011-12-30 | 2012-07-11 | 深信服网络科技(深圳)有限公司 | Method for linkage defense among multiple safety modules in firewall and firewall |
CN103049383A (en) * | 2012-12-31 | 2013-04-17 | 博彦科技(上海)有限公司 | Development and testing cloud system |
-
2016
- 2016-08-25 CN CN201610725956.7A patent/CN107786500A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080109903A1 (en) * | 2006-11-07 | 2008-05-08 | Spansion Llc | Secure co-processing memory controller integrated into an embedded memory subsystem |
CN101052046A (en) * | 2007-05-22 | 2007-10-10 | 网御神州科技(北京)有限公司 | Anti-virus method and device for fire-proof wall |
CN102571786A (en) * | 2011-12-30 | 2012-07-11 | 深信服网络科技(深圳)有限公司 | Method for linkage defense among multiple safety modules in firewall and firewall |
CN103049383A (en) * | 2012-12-31 | 2013-04-17 | 博彦科技(上海)有限公司 | Development and testing cloud system |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113919863A (en) * | 2021-09-09 | 2022-01-11 | 江苏盛启数字科技有限公司 | Data processing method and device based on full-channel widely-announced information |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102724175B (en) | The telecommunication safety management framework of ubiquitous green community net control and method | |
CN110535653A (en) | A kind of safe distribution terminal and its means of communication | |
CN107770182A (en) | The date storage method and home gateway of home gateway | |
WO2019047631A1 (en) | Blockchain-based micro-base station communication management method, system and device | |
CN100492991C (en) | Network element management method, system and network element | |
CN201479143U (en) | Intranet safety management system | |
CN105490839B (en) | A kind of alarm method and device of website data safety | |
CN101388903B (en) | Mobile enterprise IT standardization management platform | |
CN106941516A (en) | Isomery field apparatus Control management system based on industry internet operating system | |
CN103020861A (en) | Intermediate business platform system used for financial securities industry | |
CN104636678B (en) | The method and system of management and control is carried out under a kind of cloud computing environment to terminal device | |
CN101160773A (en) | Method and system of obtaining secure shell host key of managed device | |
CN108966216B (en) | Mobile communication method and system applied to power distribution network | |
CN102315992A (en) | Detection method for illegal external connection | |
CN106850690A (en) | A kind of honey jar building method and system | |
CN204465588U (en) | A kind of host monitor based on server architecture and auditing system | |
CN107864162A (en) | Convergence gateway dual system and its communication security guard method | |
CN109617875A (en) | A kind of the secure accessing platform and its implementation of terminal communication network | |
CN201491036U (en) | Host monitoring and auditing system | |
CN102970166A (en) | Method and system for monitoring alarm event of network element equipment | |
CN103139201B (en) | A kind of network strategy acquisition methods and data center switchboard | |
CN114531942A (en) | Intelligent power grid measuring method | |
CN107786500A (en) | Terminal security module centralized management system | |
CN103957173B (en) | semantic switch | |
CN103501298B (en) | A kind of non-interrupting service escalation process ensures the method and apparatus that link does not stop |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20180309 |