CN108733997B - Mobile power data monitoring system and method based on fingerprint identification - Google Patents
Mobile power data monitoring system and method based on fingerprint identification Download PDFInfo
- Publication number
- CN108733997B CN108733997B CN201810299424.0A CN201810299424A CN108733997B CN 108733997 B CN108733997 B CN 108733997B CN 201810299424 A CN201810299424 A CN 201810299424A CN 108733997 B CN108733997 B CN 108733997B
- Authority
- CN
- China
- Prior art keywords
- fingerprint
- usb flash
- flash disk
- disk
- area
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/44—Program or device authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a mobile power data monitoring system and a mobile power data monitoring method based on fingerprint identification, which relate to the technical field of mobile data storage, wherein the system comprises a fingerprint USB flash disk, a server and a client arranged in a power secondary system computer; the fingerprint USB flash disk is provided with an authentication area, a secret area and a non-secret area; the server side comprises: the system is used for authenticating the secret area of the fingerprint USB flash disk, killing virus of the whole fingerprint USB flash disk, and recording the copying and copying of data; the client side comprises the following steps: after the fingerprint USB flash disk is processed at the server side, the fingerprint USB flash disk is used for identifying and authenticating the fingerprint USB flash disk, and data is copied in and out in a computer of the power secondary system; based on fingerprint biological characteristic identification, fingerprint authentication management can realize mobile medium authorization automation and realize in-place responsibility; the automatic audit can be realized in the background using process; by adopting a hash code technology, the U disk is forced to be authenticated through a server; by adopting the data encryption technology, the risk of data leakage can be prevented.
Description
Technical Field
The invention relates to the technical field of mobile data storage, in particular to a mobile power data monitoring system and method based on fingerprint identification.
Background
The mobile storage media can be used in different areas and different terminals of the power secondary system in a cross mode, various industrial control systems and operation and maintenance terminals basically lack protective measures, and once the USB flash disk copies data on an infected machine, viruses are likely to spread through the USB flash disk.
At present, the management of the mobile medium of the power secondary system is mainly regulated through system management, but power stations of the power secondary system are scattered, and it is difficult to ensure that personnel in each power station can obey the regulation only through the system regulation. In addition, does the user use the removable storage medium without the technical means of cooperation? What operation was performed? Is an unauthorized person stolen for access? Is someone not using the usb flash disk according to the rule? It is difficult to perform effective supervision.
At present, the safety protection management method of an electric power monitoring system and the maintenance operation instruction of a transformer substation make specific requirements on the use of a mobile medium, the No. 14 order on the national level and the corresponding regulations on the protection standards of electric power and the like exist, but most of the electric power monitoring system only stay on the system level, the plants and the stations of an electric power secondary system are dispersed, and the systems are difficult to fall on the ground simply through the system regulations.
Disclosure of Invention
The invention provides a mobile power data monitoring system and method based on fingerprint identification, and aims to solve the problems of easy portability, easy disclosure, difficult management and the like easily occurring in the traditional mobile medium management.
In order to achieve the above object, the present invention provides a mobile power data monitoring system based on fingerprint identification, including: the system comprises a fingerprint USB flash disk, a server and a client arranged in a power secondary system computer; the fingerprint USB flash disk is provided with an authentication area, a secret area and a non-secret area;
the server side comprises: when the fingerprint USB flash disk is accessed for the first time, the fingerprint USB flash disk is used for generating authentication information for the fingerprint USB flash disk and storing the authentication information into an authentication area; when the fingerprint U disk is not accessed for the first time, authentication and whole disk virus killing are carried out; when external data need to be stored, a file to be stored is led into the secret area from the fingerprint U disk non-secret area, and the use record of the fingerprint U disk is stored;
the client side comprises the following steps: the fingerprint USB flash disk is used for identifying and matching the authentication information of the fingerprint USB flash disk after the authentication and the virus killing are carried out at the server side, and copying of data are carried out in the computer of the power secondary system after the authentication information passes the authentication and the virus killing.
Preferably, the authentication area is used for storing a hash code of the fingerprint USB flash disk, user fingerprint information, a hardware identification code and a fingerprint USB flash disk label.
Preferably, the secret area is used for copying data into and out of the client; and receiving the data transmitted by the non-secret area in the server when external data needs to be stored.
Preferably, the secure area is visible only in a computer provided with a server and a client.
Preferably, the data stored in the secret area is encrypted.
Preferably, the non-secret area is used for storing external data; when external data need to be stored, the external data are transmitted to the secret area through the server; the non-secured area cannot be opened in the client.
Preferably, the server comprises a virus killing module, an authentication generating module and an auditing module;
a virus killing module: the anti-virus software is used for carrying out full disk virus killing on the secret area and the non-secret area of the fingerprint USB flash disk;
an authentication generation module: the system comprises a fingerprint USB flash disk, a secret area and an authentication area, wherein the fingerprint USB flash disk is used for generating a hash code for the secret area of the fingerprint USB flash disk and writing the hash code into the authentication area of the fingerprint USB flash disk; collecting a user fingerprint, and writing user fingerprint information, a hardware identification code and a fingerprint USB flash disk label into an authentication area of the fingerprint USB flash disk; when the fingerprint USB flash disk is accessed to the server, authenticating the information of the fingerprint USB flash disk authentication area;
an auditing module: used for storing the usage record of the fingerprint USB flash disk.
Preferably, the client comprises an identification module and an authentication module;
an identification module: the authentication module is used for identifying whether the accessed fingerprint USB flash disk is a special USB flash disk or not according to user fingerprint information, a hardware identification code and a fingerprint USB flash disk label in the fingerprint USB flash disk authentication area, and if so, the authentication module is started; otherwise, access is refused;
an authentication module: the system is used for generating an instant hash code for data in the fingerprint USB flash disk security area, matching the instant hash code with the hash code stored in the fingerprint USB flash disk authentication area, and if so, agreeing to access; otherwise, the access is refused.
The invention provides a data storage method by adopting a mobile power data monitoring system based on fingerprint identification, which comprises the following steps:
inserting the fingerprint USB flash disk into a computer provided with a server;
the server identifies user fingerprint information, hardware identification codes and fingerprint USB flash disk labels in the fingerprint USB flash disk authentication area, judges whether the USB flash disk is a special USB flash disk or not, and conducts full disk virus killing if the USB flash disk is the special USB flash disk; otherwise, access is refused;
storing a file to be stored into a secret area from a non-secret area, and auditing and recording the access time of a U disk, the hardware identification code of the U disk, the virus scanning condition and the file transmission process;
and inserting the fingerprint U disk into a computer provided with a client, opening a secret area to copy a file to be stored into the power secondary system computer after fingerprint identification and hash code matching are passed.
The invention provides a data export method by adopting a mobile power data monitoring system based on fingerprint identification, which comprises the following steps:
inserting the fingerprint USB flash disk into a computer provided with a server;
the server identifies the hardware identification code of the fingerprint USB flash disk, judges whether the USB flash disk is a special USB flash disk or not, and if the USB flash disk is the special USB flash disk, performs full disk virus killing; otherwise, access is refused;
and inserting the fingerprint U disk into a computer provided with a client, copying files in the computer of the power secondary system into a secret area of the fingerprint U disk and encrypting the files after passing fingerprint identification and hash code matching.
The mobile power data monitoring system and method based on fingerprint identification provided by the invention have the following beneficial effects:
based on fingerprint biological characteristic identification, fingerprint authentication management can realize mobile medium authorization automation and realize in-place responsibility; the automatic audit can be realized in the background using process; by adopting a hash code technology, the U disk is forced to be authenticated through a server; by adopting the data encryption technology, the risk of data leakage can be prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
FIG. 1 is a diagram of a mobile power data monitoring system based on fingerprint identification according to an embodiment of the present invention;
FIG. 2 is a diagram illustrating a server-side architecture according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a client architecture according to an embodiment of the present invention;
FIG. 4 is a process diagram of a data logging method according to an embodiment of the present invention;
FIG. 5 is a flow chart of a data logging method according to an embodiment of the present invention;
FIG. 6 is a flow chart of a data export method according to an embodiment of the present invention;
the implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that, if directional indications (such as up, down, left, right, front, and back … …) are involved in the embodiment of the present invention, the directional indications are only used to explain the relative positional relationship between the components, the movement situation, and the like in a specific posture (as shown in the drawing), and if the specific posture is changed, the directional indications are changed accordingly.
In addition, if there is a description of "first", "second", etc. in an embodiment of the present invention, the description of "first", "second", etc. is for descriptive purposes only and is not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In addition, technical solutions between various embodiments may be combined with each other, but must be realized by a person skilled in the art, and when the technical solutions are contradictory or cannot be realized, such a combination should not be considered to exist, and is not within the protection scope of the present invention.
The invention provides a mobile power data monitoring system based on fingerprint identification;
in a preferred embodiment of the present invention, as shown in fig. 1, comprises: the system comprises a fingerprint USB flash disk, a server (not in the same computer with a client) and a client arranged in a computer of the power secondary system;
in the embodiment of the invention, the capacity of the fingerprint U disk is 8g, the encryption read-write speed is more than 5MB/s, the fingerprint characteristics are 50, the identification speed is less than 100ms, and the method is suitable for an operating system Windows2000/XP/2003 and the systems above; the fingerprint USB flash disk is provided with an authentication area, a secret area and a non-secret area;
an authentication area: the system is mainly identified by system client software and system server software, is not used for data transmission, is generally in a hidden state and cannot be read and written by a user; the authentication area is used for storing a USB flash disk hardware identification code, a Hash comparison code, fingerprint information and the like, the hardware identification code is used for being associated with an auditing function of the server, and the Hash code and the fingerprint information are used for matching with the client; the fingerprint function realizes the access control of a user, and the user can allow the U disk to be read and written only when the fingerprint authentication passes no matter in a secret area or a non-secret area;
a secret area: the system is in charge of data transmission in the power secondary system, can be seen only in a computer provided with a system client or a system server and can be used when a check code passes; the data in the area are encrypted, so that even if the USB flash disk is lost, the data leakage is not worried;
non-secure area: the USB flash disk is responsible for the transmission of external data of the secondary system, has basically the same function as a common USB flash disk, and has the function of transmitting the external data to a secret area through a server side and cannot be opened on equipment with system clients in the power secondary system;
in a preferred embodiment of the present invention, the server: when the fingerprint USB flash disk is accessed for the first time, the fingerprint USB flash disk is used for generating authentication information for the fingerprint USB flash disk and storing the authentication information into an authentication area; when the fingerprint U disk is not accessed for the first time, authentication and whole disk virus killing are carried out; when external data need to be stored, a file to be stored is led into the secret area from the fingerprint U disk non-secret area, and the use record of the fingerprint U disk is stored;
in the embodiment of the invention, when the USB flash disk is initialized, a user needs to input fingerprint information into the USB flash disk; the user inserts the U disk into a server provided with a server, opens the server and selects a correct ferry disk; clicking new addition after user management, and filling personal information including job number, name, post, collected fingerprint and remarks according to prompts; the fingerprint input is carried out by acquiring the first fingerprint, and after the fingerprint input is finished, the acquisition of the second fingerprint is clicked, and the fingerprint input of the other finger is carried out; and returning to the main interface after the recording is finished.
In a preferred embodiment of the invention, before the data of the fingerprint USB flash disk needs to be copied in or out, the data of the fingerprint USB flash disk is used for performing compliance operation on the fingerprint USB flash disk; performing automatic antivirus, formatting and log summarizing functions on the fingerprint USB flash disk according to 'southern power grid 500KW transformer substation monitoring background and switch operation instruction book'; in the embodiment of the invention, the customized design is automatically executed according to the specific requirements of the southern power grid company on the mobile medium, so that the user can be ensured to meet the production requirements of the power grid company when using the mobile medium.
In the embodiment of the present invention, as shown in fig. 2, the server includes a virus killing module, an authentication module, and an auditing module;
a virus killing module: the anti-virus software is used for carrying out full disk virus killing on the secret area and the non-secret area of the fingerprint USB flash disk;
the virus checking and killing of the mobile storage medium is mainly realized through an anti-virus module of the server side, and the virus checking and killing is almost equal to that of the client side when the server side is accessed because the special USB flash disk is authenticated by the server side after being operated in the secret area. Combining the requirements of a 5-500kV transformer substation monitoring background and a switchboard maintenance operation instruction, the anti-virus module consists of anti-malicious code software of 2 different manufacturers, the update of the virus library is carried out by the control background, the upgrade package is acquired on line or off line through the control background, and all the service ends are uniformly issued to realize the real-time update of the virus library.
An authentication generation module: the system comprises a fingerprint USB flash disk, a secret area and an authentication area, wherein the fingerprint USB flash disk is used for generating a hash code for the secret area of the fingerprint USB flash disk and writing the hash code into the authentication area of the fingerprint USB flash disk; collecting a user fingerprint, and writing user fingerprint information, a hardware identification code and a fingerprint USB flash disk label into an authentication area of the fingerprint USB flash disk; when the fingerprint USB flash disk is accessed to the server, authenticating the information of the fingerprint USB flash disk authentication area;
the distribution and registration of the USB flash disk are carried out by the control background (or the server side with the control background is responsible), and when the distribution of the USB flash disk or the registration of the special USB flash disk is carried out, the control background can require a user to input a user name and input fingerprint information. After information acquisition is finished, the control background combines the user fingerprint information, the hardware identification code and the special information carried by the mobile medium storage management system to generate a USB flash disk label and stores the USB flash disk label in an authentication area of a special USB flash disk;
an auditing module: used for storing the usage record of the fingerprint USB flash disk.
The audit record of the log information comprises date and time when the user uses the mobile storage medium, use duration, a subject identifier, an object identifier, related operations and the like, and the log content is uniformly stored in the control background (or a server with the control background) so as to facilitate uniform tracking and auditing.
And according to the audit source, the method is divided into two parts of server-side audit and client-side audit. The service end audit mainly comprises information of data exchange between a private area and a non-private area of the special USB flash disk, operation information of a user in the private area of the USB flash disk through the service end and antivirus records when the special USB flash disk is accessed, and log transmission is realized by periodically sending the log to a control background through the service end. The client auditing mainly comprises the steps that a user operates information in a USB flash disk secret area through a client, generally, the client automatically backs up log information into an authentication area when the operation is finished, and the log information is automatically exported when the user interpolates a server in the USB flash disk next time and is periodically sent to a control background through the server to realize the audit.
In a preferred embodiment of the invention, the client (client cannot open the non-secured area): after the fingerprint USB flash disk is processed at the server side, the fingerprint USB flash disk is used for identifying and authenticating the fingerprint USB flash disk, and data is copied in and out in the computer of the power secondary system.
In the embodiment of the present invention, as shown in fig. 3, the client includes an identification module and an authentication module;
an identification module: and whether the accessed U disk is a special U disk or not can be identified, and if not, the access is refused.
An authentication module: an instant hash code can be generated for the data in the private area of the special USB flash disk, and is matched with the existing hash code in the authentication area of the special USB flash disk, and if the hash code is not consistent with the existing hash code, access is refused;
the identification and the authentication are combined through a USB flash disk label and a Hash comparison value, the USB flash disk label is generated when the USB flash disk is registered through a special USB flash disk, the client side compares the user fingerprint input on site, the hard disk identification code in the USB flash disk and the proprietary information carried by the mobile medium storage management system with the USB flash disk label when the client side is accessed to the authentication, and the USB flash disk label is considered to pass through after the three are successfully matched at the same time. The hash comparison value is generated each time after the user operates the secret area, and after the user finishes operating the secret area, the server side automatically generates the hash value for the whole secret area and stores the hash value in the authentication area. When the user needs to copy the written content in the client, the client automatically generates a hash value for the whole disk of the secret area and matches the hash value in the authentication area. Access can be allowed only when the U disk label and the hash comparison pass at the same time, so that a legal user can be ensured to access data on a legal storage medium on a legal machine;
the invention provides a data storage method by adopting a mobile power data monitoring system based on fingerprint identification;
in a preferred embodiment of the present invention, as shown in fig. 4 and 5, the present invention comprises:
s10, inserting the fingerprint U disk into a computer provided with a server;
s20, the server identifies the hardware identification code of the fingerprint USB flash disk, judges whether the USB flash disk is a special USB flash disk or not, and if the USB flash disk is the special USB flash disk, performs full disk virus killing; otherwise, access is refused;
s30, storing the file to be stored into the confidential area from the non-confidential area, and auditing and recording the access time of the U disk, the hardware identification code of the U disk, the virus scanning condition and the file transmission process;
s40, inserting the fingerprint U disk into a computer provided with a client, opening a secret area after fingerprint identification and hash code matching pass, and copying a file to be stored into the power secondary system computer.
The invention provides a data export method by adopting a mobile power data monitoring system based on fingerprint identification;
in a preferred embodiment of the present invention, as shown in fig. 6, the method comprises:
s50, inserting the fingerprint U disk into a computer provided with a server;
s60, the server identifies the hardware identification code of the fingerprint USB flash disk, judges whether the USB flash disk is a special USB flash disk or not, and if the USB flash disk is the special USB flash disk, performs full disk virus killing; otherwise, access is refused;
s70, inserting the fingerprint U disk into a computer provided with a client, copying files in the computer of the power secondary system into a secret area of the fingerprint U disk and encrypting the files after passing fingerprint identification and hash code matching.
In a preferred embodiment of the invention, when the fingerprint USB flash disk is replaced corresponding to a user, the user and the fingerprint USB flash disk are unbound; under the default condition, one USB flash disk is allocated to one shift, and other shifts cannot register users on the USB flash disk; when the USB flash disk needs to be handed over to other duty values for use, the USB flash disk is inserted into the management end, the binding is released by clicking in the main interface of the server end, and the duty value binding is released.
According to the invention, the deployment modes can be divided into an online deployment mode and an offline deployment mode according to different upgrading modes of the malicious code library in the server side, and each transformer substation/converter station can select a proper deployment mode to implement the deployment of the product according to the actual environment of the network.
An online deployment mode:
the online deployment mode is generally suitable for user environments with perfect management of large-area safety protection work and short physical distance between the large area and the large production area. In the deployment mode, the control background and all the service terminals are uniformly accessed into the management large area of the power secondary system and form domains independently, so that the control background is interconnected with each service terminal, and network data exchange between other service areas and the area is prevented.
If the management area has the network version anti-virus software, the existing anti-virus software is preferably used, and the network version anti-virus software is uniformly responsible for controlling the upgrading work of the background and each server malicious code library. If the network version antivirus software is not installed in the management large area or the number of the network version antivirus software is less than 2, the boundary firewall needs to be set, and the external access authority of the background is controlled in an open mode (the anti-virus software manufacturer is recommended to be contacted, the port used for upgrading the virus library and the software is known, and the minimized port configuration is carried out on the firewall). And the control background acquires the virus upgrade package on line and distributes the virus upgrade package to each server.
The online deployment has the advantages that the automatic upgrade of the real-time virus library of the Internet can be realized by means of a large management area, independent networking is not needed, and certain networking cost is reduced. However, the disadvantage is that the online deployment mode requires certain policy changes at the border of the management large area and the core switch area, and the security of the system depends on the security of the management large area to some extent due to the deployment on the management large area.
An off-line deployment mode:
the offline deployment mode is generally applicable to the situation that the safety protection work of a large management area is simple, or each server and a control background are physically distributed and are difficult to form a domain independently. Under the deployment mode, the control background and all the service terminals are independently networked and are not interconnected with the management large area or the production large area.
The malicious code library in the server is upgraded by periodically downloading a virus library upgrade package by an operation and maintenance worker, downloading an offline upgrade package to a control background through an official network of an anti-malicious code product manufacturer, and distributing the acquired virus upgrade package to each server by the control background to realize offline upgrade.
The off-line deployment has the advantages that the system is independently deployed, the influence on the power secondary system is lower compared with the on-line deployment, and in addition, the risk of the system being attacked is reduced to a certain extent. However, the disadvantage is that the automatic update of the virus library cannot be performed, which results in a certain operation and maintenance cost, and it is difficult to update the virus library in time. In addition, since independent networking is deployed offline, certain hardware cost is required for support.
The above description is only a preferred embodiment of the present invention, and is not intended to limit the scope of the present invention, and all modifications and equivalents of the present invention, which are made by the contents of the present specification and the accompanying drawings, or directly/indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (8)
1. A mobile power data monitoring system based on fingerprint identification is characterized by comprising: the system comprises a fingerprint USB flash disk, a server and a client arranged in a power secondary system computer; the fingerprint USB flash disk is provided with an authentication area, a secret area and a non-secret area;
the server side comprises: when the fingerprint USB flash disk is accessed for the first time, the fingerprint USB flash disk is used for generating authentication information for the fingerprint USB flash disk and storing the authentication information into an authentication area; when the fingerprint U disk is not accessed for the first time, authentication and whole disk virus killing are carried out; when external data need to be stored, a file to be stored is led into the secret area from the fingerprint U disk non-secret area, and the use record of the fingerprint U disk is stored;
the client side comprises the following steps: after the fingerprint USB flash disk is authenticated and sterilized at the server side, the fingerprint USB flash disk is used for identifying and matching authentication information of the fingerprint USB flash disk, and copying data in and out of a computer of the power secondary system after the fingerprint USB flash disk passes the authentication information;
the server comprises a virus killing module, an authentication generation module and an auditing module;
a virus killing module: the anti-virus software is used for carrying out full disk virus killing on the secret area and the non-secret area of the fingerprint USB flash disk;
an authentication generation module: the system comprises a fingerprint USB flash disk, a secret area and an authentication area, wherein the fingerprint USB flash disk is used for generating a hash code for the secret area of the fingerprint USB flash disk and writing the hash code into the authentication area of the fingerprint USB flash disk; collecting a user fingerprint, and writing user fingerprint information, a hardware identification code and a fingerprint USB flash disk label into an authentication area of the fingerprint USB flash disk; when the fingerprint USB flash disk is accessed to the server, authenticating the information of the fingerprint USB flash disk authentication area;
an auditing module: the use record of the fingerprint USB flash disk is stored;
the client comprises an identification module and an authentication module;
an identification module: the authentication module is used for identifying whether the accessed fingerprint USB flash disk is a special USB flash disk or not according to user fingerprint information, a hardware identification code and a fingerprint USB flash disk label in the fingerprint USB flash disk authentication area, and if so, the authentication module is started; otherwise, access is refused;
an authentication module: the system is used for generating an instant hash code for data in the fingerprint USB flash disk security area, matching the instant hash code with the hash code stored in the fingerprint USB flash disk authentication area, and if so, agreeing to access; otherwise, the access is refused.
2. The mobile power data monitoring system based on fingerprint identification of claim 1, wherein the authentication area is used for storing a hash code of a fingerprint USB flash disk, user fingerprint information, a hardware identification code and a fingerprint USB flash disk label.
3. The mobile power data monitoring system based on fingerprint identification as claimed in claim 1, wherein the secret area is used for data copy-in and copy-out in the client; and receiving the data transmitted by the non-secret area in the server when external data needs to be stored.
4. The mobile power data monitoring system based on fingerprint identification as claimed in claim 1, wherein the secret area is only visible in the computer provided with the server and the client.
5. The mobile power data monitoring system based on fingerprint identification as claimed in claim 1, wherein the data stored in the security area is encrypted.
6. The mobile power data monitoring system based on fingerprint identification as claimed in claim 1, wherein said non-secret area is used for storing external data; when external data need to be stored, the external data are transmitted to the secret area through the server; the non-secured area cannot be opened in the client.
7. The data storage method based on the fingerprint identification mobile power data monitoring system of claim 1, which comprises the following steps:
inserting the fingerprint USB flash disk into a computer provided with a server;
the server identifies user fingerprint information, hardware identification codes and fingerprint USB flash disk labels in the fingerprint USB flash disk authentication area, judges whether the USB flash disk is a special USB flash disk or not, and conducts full disk virus killing if the USB flash disk is the special USB flash disk; otherwise, access is refused;
storing a file to be stored into a secret area from a non-secret area, and auditing and recording the access time of a U disk, the hardware identification code of the U disk, the virus scanning condition and the file transmission process;
and inserting the fingerprint U disk into a computer provided with a client, opening a secret area to copy a file to be stored into the power secondary system computer after fingerprint identification and hash code matching are passed.
8. The data export method based on the fingerprint identification mobile power data monitoring system of claim 1, which comprises the following steps:
inserting the fingerprint USB flash disk into a computer provided with a server;
the server identifies the hardware identification code of the fingerprint USB flash disk, judges whether the USB flash disk is a special USB flash disk or not, and if the USB flash disk is the special USB flash disk, performs full disk virus killing; otherwise, access is refused;
and inserting the fingerprint U disk into a computer provided with a client, copying files in the computer of the power secondary system into a secret area of the fingerprint U disk and encrypting the files after passing fingerprint identification and hash code matching.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810299424.0A CN108733997B (en) | 2018-04-04 | 2018-04-04 | Mobile power data monitoring system and method based on fingerprint identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810299424.0A CN108733997B (en) | 2018-04-04 | 2018-04-04 | Mobile power data monitoring system and method based on fingerprint identification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108733997A CN108733997A (en) | 2018-11-02 |
| CN108733997B true CN108733997B (en) | 2021-09-24 |
Family
ID=63940733
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810299424.0A Active CN108733997B (en) | 2018-04-04 | 2018-04-04 | Mobile power data monitoring system and method based on fingerprint identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108733997B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109743533B (en) * | 2018-11-23 | 2021-07-23 | 浙江星月安防科技有限公司 | Intelligent anti-theft door |
| EP3997837A4 (en) * | 2019-08-23 | 2023-03-29 | Siemens Aktiengesellschaft | Method and system for security management on a mobile storage device |
| CN110533142A (en) * | 2019-09-24 | 2019-12-03 | 爱国者安全科技(北京)有限公司 | A kind of encrypted U disk and USB flash disk partition method |
| CN113392435A (en) * | 2021-05-24 | 2021-09-14 | 国网湖北省电力有限公司电力科学研究院 | Intelligent substation USB interface safety management and control system and method |
| CN113238896A (en) * | 2021-06-21 | 2021-08-10 | 北京飞思特信息技术有限公司 | Disaster recovery and recovery system of distributed examination service based on USB flash disk |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101082883A (en) * | 2006-05-31 | 2007-12-05 | 朴显泽 | Storage apparatus having multiple layer encrypting protection |
| US20120246460A1 (en) * | 2009-11-05 | 2012-09-27 | Zte Corporation | Encryption device and method for controlling download and access operations performed to a mobile terminal |
| CN104715206A (en) * | 2013-12-13 | 2015-06-17 | 贵州电网公司信息通信分公司 | Data security protection method for mobile storage medium |
| CN106874802A (en) * | 2017-01-19 | 2017-06-20 | 湖北航天技术研究院总体设计所 | A kind of industrial control equipment virus protection system based on drive control |
-
2018
- 2018-04-04 CN CN201810299424.0A patent/CN108733997B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101082883A (en) * | 2006-05-31 | 2007-12-05 | 朴显泽 | Storage apparatus having multiple layer encrypting protection |
| US20120246460A1 (en) * | 2009-11-05 | 2012-09-27 | Zte Corporation | Encryption device and method for controlling download and access operations performed to a mobile terminal |
| CN104715206A (en) * | 2013-12-13 | 2015-06-17 | 贵州电网公司信息通信分公司 | Data security protection method for mobile storage medium |
| CN106874802A (en) * | 2017-01-19 | 2017-06-20 | 湖北航天技术研究院总体设计所 | A kind of industrial control equipment virus protection system based on drive control |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108733997A (en) | 2018-11-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108733997B (en) | Mobile power data monitoring system and method based on fingerprint identification | |
| US8909925B2 (en) | System to secure electronic content, enforce usage policies and provide configurable functionalities | |
| US5548721A (en) | Method of conducting secure operations on an uncontrolled network | |
| CN101364984B (en) | Method for guarantee safety of electronic file | |
| EP2442204B1 (en) | System and method for privilege delegation and control | |
| DE60002893T2 (en) | COMPUTER PLATFORMS AND THEIR OPERATING METHOD | |
| EP1243998B1 (en) | A technique for license management and online software license enforcement | |
| CN102483792B (en) | For the method and apparatus of shared document | |
| US5339403A (en) | Access control in a distributed computer system | |
| EP1842127B1 (en) | Method and system for securely identifying computer storage devices | |
| EP0456386B1 (en) | Access control in a distributed computer system | |
| CN102144193B (en) | Method for granting authorization to access a computer-based object in an automation system, computer program, and automation system | |
| US9118617B1 (en) | Methods and apparatus for adapting the protection level for protected content | |
| KR20020060075A (en) | Method and apparatus for protecting file system based on digital signature certificate | |
| CN110011848A (en) | A kind of mobile O&M auditing system | |
| KR101627078B1 (en) | Apparatus and method for managing password | |
| US20050038790A1 (en) | Device and method for establishing a security policy in a distributed system | |
| CN109977644A (en) | Right management method is classified under a kind of Android platform | |
| JP4587688B2 (en) | Encryption key management server, encryption key management program, encryption key acquisition terminal, encryption key acquisition program, encryption key management system, and encryption key management method | |
| CN108460870B (en) | Intelligent unlocking method and system | |
| CN116305287A (en) | File management method for preventing secret leakage | |
| CN110445804A (en) | A kind of safe handling protection system about outgoing document | |
| KR20200115902A (en) | Method for Providing Secret Security Processing by using Smart Contract | |
| JP3809495B1 (en) | Software management system | |
| JP2007179357A (en) | Method for installing computer program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |