CN108875373A - Mobile memory medium file management-control method, device, system and electronic equipment - Google Patents

Mobile memory medium file management-control method, device, system and electronic equipment Download PDF

Info

Publication number
CN108875373A
CN108875373A CN201711498913.0A CN201711498913A CN108875373A CN 108875373 A CN108875373 A CN 108875373A CN 201711498913 A CN201711498913 A CN 201711498913A CN 108875373 A CN108875373 A CN 108875373A
Authority
CN
China
Prior art keywords
memory medium
mobile memory
file
identification information
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711498913.0A
Other languages
Chinese (zh)
Other versions
CN108875373B (en
Inventor
倪林雨
徐翰隆
王小丰
肖新光
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Ahtech Network Safe Technology Ltd
Original Assignee
Beijing Ahtech Network Safe Technology Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Ahtech Network Safe Technology Ltd filed Critical Beijing Ahtech Network Safe Technology Ltd
Priority to CN201711498913.0A priority Critical patent/CN108875373B/en
Publication of CN108875373A publication Critical patent/CN108875373A/en
Application granted granted Critical
Publication of CN108875373B publication Critical patent/CN108875373B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the present invention discloses a kind of mobile memory medium file management-control method, device, system and electronic equipment, the problem of being related to computer security technical field, being able to solve in the prior art without can effectively manage the scheme of file on mobile memory medium duplication secure computer.The mobile memory medium file management-control method, including:When client monitors to data transmission interface have the access of registered mobile memory medium, the registered mobile memory medium is scanned by checking and killing virus mode, obtains the identification information of the file stored on the registered mobile memory medium;Scanning information is sent to the remote monitoring center and stored by client;The scanning information includes the identification information of the registered mobile memory medium and the identification information of the file stored thereon.The present invention realizes the safety that simply but can be improved computer data, and the occasion of safeguard protection is needed suitable for various computer datas.

Description

Mobile memory medium file management-control method, device, system and electronic equipment
Technical field
The present invention relates to computer security technical field more particularly to a kind of mobile memory medium file management-control methods, dress It sets, system and electronic equipment.
Background technique
Currently, USB flash disk leakage file is very common thing.Due to all kinds of negligent supervisions, personnel before leaving office consciously or unconsciously A large amount of copies walk core data, these core data often relate to important business information, become the important weapon of rival; Since the understanding to information security importance is insufficient, the case where inadvertently revealing private data there are part concerning security matters personnel, and Part undesirable person, wantonly makes public confidential information, or even issues browsing of leting people on the net;Similar incidents may bring non- Normal serious consequence.
In the implementation of the present invention, inventor's discovery is replicated currently without can effectively manage mobile memory medium The scheme of file on secure computer.
Summary of the invention
In view of this, the embodiment of the present invention provides a kind of mobile memory medium file management-control method, device, system and electronics Equipment, it is convenient to be traced in file leakage, thus more efficiently on control mobile memory medium duplication secure computer File.
In a first aspect, the embodiment of the present invention provides a kind of mobile memory medium file management-control method, it to be used for client, packet It includes:
When monitoring that data transmission interface has the access of registered mobile memory medium, institute is scanned by checking and killing virus mode Registered mobile memory medium is stated, the identification information of the file stored on the registered mobile memory medium is obtained;
Scanning information is sent to the remote monitoring center;The scanning information includes that the registered mobile storage is situated between The identification information of the identification information of matter and the file stored thereon.
With reference to first aspect, described long-range scanning information to be sent in the first embodiment of first aspect After monitoring center, further include:
When receiving the request of copied files into the registered mobile memory medium, the mark of file to be copied is believed Breath is sent to remote monitoring center;
Receive the notice for the identification information for being matched to the file to be copied that the remote monitoring center is sent;
It obtains the identification information of the registered mobile memory medium and is sent to the remote monitoring center;
The registered mobile memory medium that the remote monitoring center is sent is received to the behaviour of the file to be copied Make authority information;
According to the operation permission information, allows or prevent to copy into the registered mobile memory medium described wait copy Buddhist script written on pattra leaves part.
The first embodiment with reference to first aspect, in second of embodiment of first aspect, will be to be copied The identification information of file is sent to after remote monitoring center, further includes:
Receive the notice for the identification information for not being matched to the file to be copied that the remote monitoring center is sent;
It prevents to copy the file to be copied into the registered mobile memory medium.
Second of embodiment with reference to first aspect, in the third embodiment of first aspect, according to Operation permission information allows or prevents after copying the file to be copied into the registered mobile memory medium, also wraps It includes:
This operation information is sent to the remote monitoring center;This described operation information includes the registered shifting Identification information, this/file to be copied identification information and the operation note of dynamic storage medium.
With reference to first aspect, described to monitor that data transmission interface has in the 4th kind of embodiment of first aspect When registered mobile memory medium accesses, the registered mobile memory medium is scanned by checking and killing virus mode, including:
When monitoring that data transmission interface has mobile memory medium access, by the identification information of the mobile memory medium It is sent to the remote monitoring center;
Receive the registering result information for the mobile memory medium that the remote monitoring center is sent;The registering result Information includes registered or unregistered two kinds of results;
When the mobile memory medium is unregistered mobile memory medium, prompt user to the unregistered mobile storage Medium is registered;
Receive the registration request that user registers the unregistered mobile memory medium;
According to the registration request, the identification information for obtaining the unregistered mobile memory medium is sent as registration information To the remote monitoring center;
When the mobile memory medium is registered mobile memory medium or receives the note that the remote monitoring center sends When volume success message, the registered mobile memory medium is scanned by checking and killing virus mode;If user abandons not infusing to described It, will be described unregistered when the registration failure message that the remote monitoring center is sent is registered or received to volume mobile memory medium Mobile memory medium removes data transmission interface.
Any embodiment into the 4th kind of first aspect with reference to first aspect, in the 5th kind of possibility of first aspect Implementation in, the identification information of the mobile memory medium include mobile memory medium produce sequence number and user letter Breath.
Any embodiment into the 4th kind of first aspect with reference to first aspect, in the 6th kind of possibility of first aspect Implementation in, the identification information of the file is the Hash HASH value of file.
Second aspect, the embodiment of the present invention provide a kind of mobile memory medium file management-control method, used in remotely monitoring The heart, including:
Save the scanning information that client is sent;Wherein, the scanning information includes the mark of registered mobile memory medium Know the identification information of information and the file stored thereon.
In conjunction with second aspect, in the first embodiment of second aspect, in the scanning information that preservation client is sent Later, further include:
Receive the identification information for the file to be copied that client is sent;
According to the identification information of confidential document pre-stored in local knowledge base, judge whether in the knowledge base It is matched to the identification information of the file to be copied;
The notice for being matched to/not being matched to the identification information of the file to be copied is sent to the client;
Receive the identification information that the request that client is sent copies the registered mobile memory medium of the file to be copied;
According to predetermined control strategy determine the registered mobile memory medium to the operating right of the file to be copied, And operation permission information is sent to the client;Wherein, the control strategy record has mobile memory medium operation concerning security matters text The permission of part.
In conjunction with the first embodiment of second aspect, in second of embodiment of second aspect, to the visitor After family end sends operation permission information, further include:
Receive and store this operation information that the client is sent;This described operation information includes described registered The identification information of mobile memory medium, this/file to be copied identification information and operation note.
In conjunction with second of embodiment of second aspect, in the third embodiment of second aspect, client is being saved After holding the scanning information sent, further include:
It receives file and reveals inquiry instruction;
Obtain the identification information of the file leakage inquiry instruction meaning leakage file;
The identification information that the leakage file is obtained in stored scanning information and operation information is corresponding registered The identification information of mobile memory medium.
In conjunction with second aspect, in the 4th kind of embodiment of second aspect, in the scanning information that preservation client is sent Before, further include:
It receives and judges that the corresponding mobile memory medium of the identification information for the mobile memory medium that the client is sent is It is no registered;
The registering result information of the mobile memory medium is sent to the client;The registering result information includes Registered or unregistered two kinds of results;
The registration information that the client is sent is received, agree to or the corresponding unregistered movement of the registration information is forbidden to deposit Storage media is registered;The registration information includes the identification information of mobile memory medium;
If the corresponding unregistered mobile memory medium of the registration information is forbidden to be registered, sent to the client Registration failure message;If agreeing to, the corresponding unregistered mobile memory medium of the registration information is registered, and saves the note Volume information simultaneously sends the message that succeeds in registration to the client.
In conjunction with the first embodiment of second aspect, in the 5th kind of embodiment of second aspect, the control plan Slightly include:The identification information of mobile memory medium and the action type of permission and/or the file type and/or permission for allowing to operate Corresponding relationship between the file security grade of operation;
Pre-stored confidential document includes that file type and file security are level attributed in the knowledge base.
In conjunction with any embodiment in the 5th kind of second aspect to second aspect, in the 6th kind of implementation of second aspect In mode, the identification information of the identification information of the mobile memory medium includes that mobile memory medium produces sequence number and use Person's information.
In conjunction with any embodiment in the 5th kind of second aspect to second aspect, in the 7th kind of implementation of second aspect In mode, the identification information of the file is the Hash HASH value of file.
The third aspect, the embodiment of the present invention provide a kind of mobile memory medium file control device, are used for client, packet It includes:
Scan module, for passing through virus when monitoring that data transmission interface has the access of registered mobile memory medium Killing mode scans the registered mobile memory medium, obtains the mark of the file stored on the registered mobile memory medium Know information;
First sending module, for scanning information to be sent to the remote monitoring center;The scanning information includes institute The identification information of file stating the identification information of registered mobile memory medium and storing thereon.
In conjunction with the third aspect, in the first embodiment of the third aspect, the mobile memory medium file control dress It sets and further includes:
First receiving module, for inciting somebody to action when receiving the request of copied files into the registered mobile memory medium The identification information of file to be copied is sent to remote monitoring center;It is also used to receive that the remote monitoring center sends is matched to The notice of the identification information of the file to be copied;It is also used to receive the registered movement that the remote monitoring center is sent Operation permission information of the storage medium to the file to be copied;
First obtains module, the mark for being matched to the file to be copied for receiving according to first receiving module The notice of information obtains the identification information of the registered mobile memory medium and is sent to the remote monitoring center;
Control module is operated, the operation permission information for receiving according to first receiving module allows or hinders The file to be copied is only copied into the registered mobile memory medium.
In conjunction with the first embodiment of the third aspect, in second of embodiment of the third aspect, described first is connect Module is received, is also used to receive the logical of the identification information for not being matched to the file to be copied that the remote monitoring center is sent Know;
The operation control module, be also used to according to first receiving module receive described in be not matched to described in wait copy The notice of the identification information of Buddhist script written on pattra leaves part prevents to copy the file to be copied into the registered mobile memory medium.
In conjunction with second of embodiment of the third aspect, in the third embodiment of the third aspect, the operation control Molding block is also used to that this operation information is sent to the remote monitoring center by first sending module;Described Secondary operation information includes the identification information of the registered mobile memory medium, this/file to be copied identification information And operation note.
In conjunction with the third aspect, in the 4th kind of embodiment of the third aspect, first receiving module is also used to receive The registering result information for the mobile memory medium that the remote monitoring center is sent;The registering result information includes having infused Volume or unregistered two kinds of results;
The scan module, including:
Submodule is monitored, for when monitoring that data transmission interface has mobile memory medium access, the movement to be deposited The identification information of storage media is sent to the remote monitoring center;
Prompting submodule records mobile memory medium for working as in the received registering result information of first receiving module When for unregistered mobile memory medium, user is prompted to register the unregistered mobile memory medium;
Register submodule, the registration request registered for receiving user to the unregistered mobile memory medium;
Acquisition submodule, for obtaining the unregistered movement and depositing according to the received registration request of the registration submodule The identification information of storage media is sent to the remote monitoring center as registration information;
Submodule is scanned, records mobile memory medium for working as in the received registering result information of first receiving module For registered mobile memory medium or receive that the remote monitoring center sends succeed in registration message when, by checking and killing virus side Formula scans the registered mobile memory medium, obtains the mark letter of the file stored on the registered mobile memory medium Breath;
Submodule is prevented, it is described remote in user abandoning that the unregistered mobile memory medium is registered or received When the registration failure message that range monitoring center is sent, the unregistered mobile memory medium is removed into data transmission interface.
Fourth aspect, the embodiment of the present invention provide a kind of mobile memory medium file control device, used in remotely monitoring The heart, including:
Memory module, the scanning information sent for saving client;Wherein, the scanning information includes registered movement The identification information of the identification information of storage medium and the file stored thereon.
In conjunction with fourth aspect, in the first embodiment of fourth aspect, the mobile memory medium file control dress It sets and further includes:
Second receiving module, for receiving the identification information for the file to be copied that client is sent;It is also used to receive client The request sent is held to copy the identification information of the registered mobile memory medium of the file to be copied;
Matching module judges for the identification information according to confidential document pre-stored in local knowledge base described Whether the identification information of second receiving module received to be copied file can be matched in knowledge base;
First notification module, it is described wait copy for being matched to/not being matched to the client transmission matching module The notice of the identification information of Buddhist script written on pattra leaves part;
Permission determining module, for determining the received identification information pair of the second receiving module according to predetermined control strategy The registered mobile memory medium answered sends operating right letter to the operating right of the file to be copied, and to the client Breath;Wherein, the control strategy record has the permission of mobile memory medium operation confidential document.
In conjunction with the first embodiment of fourth aspect, in second of embodiment of fourth aspect, described second is connect Module is received, is also used to receive this operation information that the client is sent and is stored into the memory module;It is described This operation information includes the identification information of the registered mobile memory medium, this/file to be copied mark letter Breath and operation note.
In conjunction with second of embodiment of fourth aspect, in the third embodiment of fourth aspect, the movement is deposited Storage media file control device further includes:
Third receiving module, for receiving file leakage inquiry instruction;
Second obtains module, for obtaining the identification information of the file leakage inquiry instruction meaning leakage file;
Enquiry module, for obtaining the leakage text in the stored scanning information of the memory module and operation information The identification information of the corresponding registered mobile memory medium of the identification information of part.
In conjunction with fourth aspect, in the 4th kind of embodiment of fourth aspect, the mobile memory medium file control dress It sets, further includes:
Judgment module, for receiving and judging the corresponding shifting of identification information of mobile memory medium that the client is sent Whether dynamic storage medium is registered;
Second sending module, the registering result information hair of the mobile memory medium for obtaining the judgment module Give the client;The registering result information includes registered or unregistered two kinds of results;
Registration module, the registration information sent for receiving the client are agreed to or forbid the registration information corresponding Unregistered mobile memory medium registered;The registration information includes the identification information of mobile memory medium;
Second notification module, for forbidding the corresponding unregistered mobile storage of the registration information to be situated between in the registration module When matter is registered, registration failure message is sent to the client;Or for agreeing to the registration in the registration module When the corresponding unregistered mobile memory medium of information is registered, saves the registration information and sent to the client and registered Success message.
5th aspect, the embodiment of the present invention provide a kind of electronic equipment, and the electronic equipment includes:Shell, is deposited processor Reservoir, circuit board and power circuit, wherein circuit board is placed in the space interior that shell surrounds, processor and memory setting On circuit boards;Power circuit, for each circuit or the device power supply for the electronic equipment;Memory is for storing and can hold Line program code;Processor is run and executable program code pair by reading the executable program code stored in memory The program answered, for executing the mobile memory medium file management-control method for being used for client described in aforementioned any embodiment.
6th aspect, the embodiment of the present invention provide a kind of electronic equipment, and the electronic equipment includes:Shell, is deposited processor Reservoir, circuit board and power circuit, wherein circuit board is placed in the space interior that shell surrounds, processor and memory setting On circuit boards;Power circuit, for each circuit or the device power supply for the electronic equipment;Memory is for storing and can hold Line program code;Processor is run and executable program code pair by reading the executable program code stored in memory The program answered, for executing the mobile memory medium file control side for being used for remote monitoring center described in aforementioned any embodiment Method.
7th aspect, the embodiment of the present invention provides a kind of mobile memory medium file managing and control system, including remotely monitors The heart and at least one client, the client include the control dress of mobile memory medium file described in aforementioned any embodiment It sets, the remote monitoring center includes mobile memory medium file control device described in aforementioned any embodiment.
A kind of mobile memory medium file management-control method, device, system and electronic equipment provided in an embodiment of the present invention, when When monitoring that data transmission interface has the access of registered mobile memory medium, the registered shifting is scanned by checking and killing virus mode Dynamic storage medium, obtains the identification information of the file stored on the registered mobile memory medium, scanning information is sent to The remote monitoring center in file leakage so that it is convenient to be traced, to more efficiently manage mobile memory medium Replicate the file on secure computer.It is deposited in addition, passing through the checking and killing virus process scanning to mobile memory medium and obtaining movement The identification information (such as file cryptographic Hash) of file on storage media had not only reduced the time for obtaining the file information again, but also had reduced The cost of computer resource, and data source is provided for the leakage retrospect of subsequent file.The method can both remove mobile storage and be situated between The virus document of matter, protection system safety, and source can be perceived when file leaks.The present invention utilizes checking and killing virus process, Time and system resource spent by secondary acquisition the file information are avoided, file control efficiency is improved.And utilize long-range prison Control center is controlled uniformly, and file can effectively be prevented to leak by mobile memory medium.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with Other attached drawings are obtained according to these attached drawings.
Fig. 1 is a kind of flow chart of the mobile memory medium file management-control method embodiment one for client of the present invention;
Fig. 2 is a kind of flow chart of the mobile memory medium file management-control method embodiment two for client of the present invention;
Fig. 3 is accreditation verification flow chart of the client to the mobile memory medium of access;
Fig. 4 is a kind of stream of the mobile memory medium file management-control method embodiment one for remote monitoring center of the present invention Cheng Tu;
Fig. 5 is a kind of stream of the mobile memory medium file management-control method embodiment two for remote monitoring center of the present invention Cheng Tu;
Fig. 6 is the authentication registration method flow diagram for the mobile memory medium that remote monitoring center accesses client;
Fig. 7 is a kind of structural representation of the mobile memory medium file control device embodiment one for client of the present invention Figure;
Fig. 8 is a kind of structural representation of the mobile memory medium file control device embodiment two for client of the present invention Figure;
Fig. 9 is a kind of structural representation of the mobile memory medium file control device embodiment three for client of the present invention Figure;
Figure 10 is a kind of mobile memory medium file control device embodiment one for remote monitoring center of the present invention Structural schematic diagram;
Figure 11 is a kind of mobile memory medium file control device embodiment two for remote monitoring center of the present invention Structural schematic diagram;
Figure 12 is a kind of mobile memory medium file control device embodiment three for remote monitoring center of the present invention Structural schematic diagram;
Figure 13 is a kind of mobile memory medium file control device example IV for remote monitoring center of the present invention Structural schematic diagram;
Figure 14 is the structural schematic diagram of electronic equipment one embodiment of the present invention;
Figure 15 is the structural schematic diagram of another electronic equipment one embodiment of the present invention.
Specific embodiment
Conventional method is scanned for the file in USB flash disk and is only only limited to discovery virus, cleaning virus, without good Utilize this process of file scan useful data information obtained.And the exactly flash disk that computer security technique personnel are concerned about In the file information.If not recording these information in time in file scan, obtaining again when needed, both wasted time Also computer resource is expended.The present invention is using, to the process of the file scan on mobile memory medium, acquisition is literary when checking and killing virus Part identification information simultaneously stores, and provides data source when divulging a secret for subsequent discovery file.With reference to the accompanying drawing to the embodiment of the present invention A kind of mobile memory medium file management-control method and device are described in detail.
It will be appreciated that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.Base Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts it is all its Its embodiment, shall fall within the protection scope of the present invention.
Fig. 1 is a kind of flow chart of the mobile memory medium file management-control method embodiment one for client of the present invention, As shown in Figure 1, the method for the present embodiment may include:
Step 101, when monitor data transmission interface have registered mobile memory medium access when, by checking and killing virus side Formula scans the registered mobile memory medium, obtains the mark letter of the file stored on the registered mobile memory medium Breath.
Preferably, the identification information of the file of acquisition is the Hash HASH value of file.
Scanning information is sent to the remote monitoring center storage by step 102.
Wherein, the scanning information includes the identification information of the registered mobile memory medium and the file that stores thereon Identification information.
Preferably, the identification information of mobile memory medium includes that mobile memory medium produces sequence number and user (such as User's name) information.
The present embodiment, when mobile memory medium is inserted into data transmission interface, if the mobile memory medium is registered sets It is standby, then the HASH value of file is obtained while carrying out checking and killing virus to it, and upload to remote monitoring center and stored, then when When file is divulged a secret, it can know this document existed on which mobile memory medium according to the scanning information of storage, it is convenient The retrospect that file is divulged a secret, thus the more efficiently file on control mobile memory medium duplication secure computer.The method was both It can remove flash disk virus document, protection system safety, and source can be perceived when file leaks, using checking and killing virus process, Time and system resource spent by secondary acquisition the file information are avoided, file control efficiency is improved.
Fig. 2 is a kind of flow chart of the mobile memory medium file management-control method embodiment two for client of the present invention, As shown in Fig. 2, the method for the present embodiment may include:
Step 201, when monitor data transmission interface have registered mobile memory medium access when, by checking and killing virus side Formula scans the registered mobile memory medium, obtains the mark letter of the file stored on the registered mobile memory medium Breath.
Scanning information is sent to the remote monitoring center storage by step 202.
In the present embodiment, the process of step 201-202 and the step 101-102 of above method embodiment are similar, herein not It repeats again.
Step 203, when receiving the request of copied files into the registered mobile memory medium, by file to be copied Identification information be sent to remote monitoring center.
Step 204 judges whether remote monitoring center is matched to the identification information of the file to be copied, if so, holding Otherwise row step 205 executes step 208.
In the present embodiment, if the mark of remote monitoring center pre-stored confidential document in pre-set knowledge base Information, when user is in client request copied files into registered mobile memory medium, remote monitoring center is in knowledge base The identification information of the middle matching file to be copied sends the mark for being matched to file to be copied to client if being matched to The notice of information, this step judging result of client is yes, execution step 205, if client receives remote monitoring center hair The notice of the identification information for not being matched to the file to be copied come, then the judging result of this step is no, jumps and executes step Rapid 208.
Step 205, the identification information for obtaining the registered mobile memory medium are simultaneously sent to the remote monitoring center.
Step 206 receives the operating rights that the registered mobile memory medium that remote monitoring center is sent treats copied files Limit information.
In the present embodiment, remote monitoring center according to the identification information of the registered mobile memory medium sent out in client and The identification information for the file to be copied being matched to before determines current registered mobile memory medium pair according to predetermined control strategy Operation permission information is simultaneously sent to client by the operating right of the file to be copied.
Step 207, according to the operation permission information, allow or prevent to copy into registered mobile memory medium wait copy Buddhist script written on pattra leaves part.
Such as:If providing in the operation permission information that remote monitoring center is sent, current registered mobile memory medium has The duplication permission for treating copied files then allows to copy the file to be copied into the registered mobile memory medium, if It provides that current registered mobile memory medium only has in the operation permission information that remote monitoring center is sent and treats copied files Browse right or forbid the mobile memory medium to carry out any operation to this document, then prevent the registered mobile storage from being situated between The file to be copied is copied in matter.
Step 208 prevents to copy file to be copied into registered mobile memory medium.
In the present embodiment, if matching the identification information less than file to be copied in the knowledge base of remote monitoring center, Whether uncertain this document is classified papers, therefore prevents current registered mobile memory medium toward the registered mobile storage The file to be copied is copied in medium.Further, can also prevent current registered mobile memory medium to this document into Other operations of row.
The present embodiment, by the way that the knowledge base for storing confidential document identification information is arranged in remote monitoring center in advance, Registered mobile memory medium has been preset to the operating right of each confidential document, can have been wanted in registered storage medium When replicating any file on active client, whether it is confidential document and current that first judgement is currently used in the file to be operated Whether mobile memory medium has the duplication operating right to this document, and is allowed according to obtained operating right or prevented current Mobile memory medium carries out copy function to this document, and the mobile memory medium of lack of competence can be effectively prevent to replicate concerning security matters text Part, so that the more efficiently file on control mobile memory medium duplication secure computer, further increases computer data Degree of safety.
Preferably, after step 207 or step 208, this operation information can be also sent in the long-range monitoring The heart;Wherein, this operation information includes the identification information of the registered mobile memory medium, this/file to be copied Identification information and operation note.I.e. in spite of current mobile memory medium copied files are allowed, requiring will be current mobile The volume of data such as the identification information of storage medium and the identification information for having copied/being intended to copied files are passed to remote monitoring center What file is who what equipment storage be to or want to operate what file to trace afterwards.
Preferably, it when client monitors to data transmission interface have mobile memory medium access, needs to be moved first The accreditation verification step of dynamic storage medium, as shown in Figure 3, above-mentioned steps 101 or 201 can specifically include:
Step 301, when monitoring that data transmission interface has mobile memory medium access, by the mobile memory medium Identification information is sent to the remote monitoring center.
In the present embodiment, when monitoring that data transmission interface has mobile memory medium access, obtains movement movement and deposit The identification information (such as factory sequence number) of storage media is sent to the remote monitoring center.
Step 302, the registering result information for receiving the mobile memory medium that the remote monitoring center is sent.
Wherein, the registering result information includes registered or unregistered two kinds of results.
In the present embodiment, remote monitoring center pre-saves the identification information of registered mobile memory medium, therefore, often It is secondary to get the mobile memory medium from remote monitoring center according to the identification information for the mobile memory medium being currently accessed Registering result.
Step 303 judges that the mobile memory medium whether is recorded in registering result information to be situated between for registered mobile storage Matter, if so, directly executing step 308;Otherwise, the mobile memory medium is unregistered mobile memory medium, executes step 304。
Step 304, prompt user register the unregistered mobile memory medium.
In the present embodiment, if the mobile memory medium being currently accessed is unregistered equipment, user is prompted to infuse it Volume, for example, the registration button of request registration can be provided a user by the display screen of active client.
Whether step 305 receives the registration request that user registers the unregistered mobile memory medium, if so, 306 are thened follow the steps, otherwise, user is represented and abandons registering the unregistered mobile memory medium, executes step 309.
For example, the registration button of request registration is provided a user by the display screen of active client, if user clicks The registration button is then considered as initiation registration request.
Step 306, according to the registration request, obtain the identification information of unregistered mobile memory medium as registration information It is sent to remote monitoring center.
It, can be by providing a user after user initiates the registration request of mobile memory medium in the present embodiment The essential information of information solicitation frame current mobile memory medium so that user inputs, such as user's name of mobile memory medium Etc. information, and the information such as factory sequence number for obtaining current mobile memory medium are used as the mark of the mobile memory medium to believe together Breath is sent to remote monitoring center.
Step 307 receives succeed in registration message or registration failure message that remote monitoring center is sent.
In the present embodiment, if receiving the message that succeeds in registration that remote monitoring center is sent, 308 are thened follow the steps, if receiving Registration failure message, thens follow the steps 309.
Step 308 scans the registered mobile memory medium by checking and killing virus mode, obtains registered mobile storage The identification information of the file stored on medium.
In the present embodiment, if the mobile memory medium being currently accessed is registered device or requests note after this access Volume is successful, illustrates that the mobile memory medium is provided with preliminary access authority, then by checking and killing virus mode scan it is described Mobile memory medium is registered, the identification information of the file stored on the registered mobile memory medium is obtained while antivirus.
The unregistered mobile memory medium is removed data transmission interface by step 309.
In the present embodiment, if the mobile memory medium being currently accessed is unregistered mobile memory medium and user is request pair It carries out authentication registration, then the mobile memory medium is directly removed data transmission interface, directly refuse its access.
In the present embodiment, in mobile memory medium access, authentication registration first is carried out to it, checks the mobile memory medium It whether is to have registered equipment, the registered unique identification for indicating the mobile memory medium and the owner are recorded remotely herein Monitoring center, to be distributed for file leak detection and subsequent control policy permissions.Only registered mobile memory medium With initial access authority, permission confirmation is operated on it further according to scheme described in Fig. 1 or Fig. 2 after access, is further mentioned The high security performance of computer data, the case where preventing the access of lack of competence equipment from can operate to active client data Occur.
Corresponding to the mobile memory medium file management-control method provided in an embodiment of the present invention for client, the present invention is real It applies example and a kind of mobile memory medium file management-control method for remote monitoring center is also provided, the method comprising the steps of:It saves The scanning information that client is sent;Wherein, the scanning information includes the identification information and thereon of registered mobile memory medium The identification information of the file of storage.That is, when client has the access of registered mobile memory medium every time, by checking and killing virus side Formula scans All Files thereon and obtains the identification information of file, such as the HASH value of file, and will be sent on scanning information remote Range monitoring central store.In this way, remote monitoring center stores the registered shifting of whole accessed in all clients that it is monitored The identification information of file on dynamic storage medium carries out quickly verifying approach of divulging a secret when convenience file is divulged a secret.
Fig. 4 is a kind of stream of the mobile memory medium file management-control method embodiment one for remote monitoring center of the present invention Cheng Tu, as shown in figure 4, the method for the present embodiment may include:
Step 401 saves the scanning information that client is sent;Wherein, the scanning information includes registered mobile storage The identification information of the identification information of medium and the file stored thereon.
Preferably, the identification information of the identification information of mobile memory medium include mobile memory medium produce sequence number and User's information.
Step 402, the identification information for receiving the file to be copied that client is sent.
Step 403, according to the identification information of confidential document pre-stored in local knowledge base, judge be in knowledge base The no identification information that can be matched to the file to be copied.
In the present embodiment, in advance by the HASH value batch input knowledge base of the identification information of Company Confidential file such as file In.
Step 404 sends the logical of the identification information for being matched to/not being matched to the file to be copied to the client Know.
In the present embodiment, client will be sent to far on the identification information of current registered mobile memory medium file to be copied Range monitoring center, remote monitoring center search whether the identification information of the file to be copied in local knowledge base, if It finds, then proves that the file to be copied is confidential document and informs client, so that client further provides for currently connecing The identification information of the registered mobile memory medium entered is to operate on it purview certification.
Step 405 receives the registered mobile memory medium for requesting to copy the file to be copied that client is sent Identification information.
Step 406 determines the registered mobile memory medium to the file to be copied according to predetermined control strategy Operating right, and operation permission information is sent to the client.
Wherein, the control strategy record has the permission of mobile memory medium operation confidential document, such as record has movement Corresponding relationship between the mark of storage medium and the mark of its confidential document that can be operated.
The protection of file type can be set in control strategy, such as:It is managed for office file, alternative document is not The strategies such as control;User right can also be set, such as:The user of different functions, can there is the operating right of different files; Vital document level operations permission can also be set, such as:Unessential file can use, vital document for general staff, Only special personnel just can be used.Scene, which can be used in combination, in control strategy is increased, is deleted, is modified.
Preferably, making a reservation for control strategy includes:The identification information of mobile memory medium and the action type of permission and/or permit Perhaps the corresponding relationship between the file type operated and/or the file security grade for allowing to operate;It is deposited in advance in the knowledge base The confidential document of storage includes that file type and file security are level attributed.Such as control strategy can be stored as shown in the following table 1:
Table 1
For example, allowing its right if the registered mobile memory medium being currently accessed is the mobile memory medium 1 in upper table 1 Word, excel of secrecy second level carry out duplication operation, if the format of the current file to be copied recorded in local knowledge base is Word file format, but the security classification of this document is secrecy level-one, it is assumed that security classification number is smaller, and confidentiality is higher, i.e., The confidentiality requirement of secrecy first grade file is higher than secrecy second grade file, it is determined that the mobile memory medium 1 does not have to be waited copying to this The permission for carrying out duplication operation of Buddhist script written on pattra leaves part does not allow current mobile memory medium 1 to copy described to be copied to client transmission The operation permission information of file.
Preferably, in embodiment illustrated in fig. 4, after step 406, it may also include step:Receive and store the client Hold this operation information sent;This described operation information includes the identification information of the registered mobile memory medium, sheet It is secondary/identification information of the file to be copied and operation note.I.e. in spite of allowing current mobile memory medium copied files, The identification information for the current mobile memory medium that preservation client is sent and the identification information for having copied/being intended to copied files etc. one Series data, if being later discovered that this document leaks, carries out which is analyzed according to scanning information and operation information for allowing to operate A little mobile memory mediums, which personnel, have operated with this document;For operation is prevented, it potential can find which movement is deposited Storage media, who, it is desirable to file is obtained, to handle in time, is prevented trouble before it happens.
Fig. 5 is a kind of stream of the mobile memory medium file management-control method embodiment two for remote monitoring center of the present invention Cheng Tu further includes how obtaining possible leakage on the way after file leakage on the basis of the present embodiment embodiment of the method shown in Fig. 4 The step of diameter, as shown in figure 5, the method for the present embodiment may include:
Step 501 saves the scanning information that client is sent.
Wherein, the scanning information includes the mark of the identification information of registered mobile memory medium and the file stored thereon Know information.
Step 502, the identification information for receiving the file to be copied that client is sent.
Step 503, according to the identification information of confidential document pre-stored in local knowledge base, judge in the knowledge base In whether can be matched to the identification information of the file to be copied.
Step 504 sends the logical of the identification information for being matched to/not being matched to the file to be copied to the client Know.
Step 505 receives the mark that the request that client is sent copies the registered mobile memory medium of file to be copied Information.
Step 506 determines the registered mobile memory medium to the file to be copied according to predetermined control strategy Operating right, and operation permission information is sent to the client.
Step 507 receives and stores this operation information that client is sent.
Wherein, this operation information include current registered mobile memory medium identification information, this/to be copied The identification information of file and operation note.
Step 508 receives file leakage inquiry instruction.
In the present embodiment, when file leakage, the information (example for the file that can have directly been revealed in remote monitoring center input Such as file name) it is inquired.
Step 509, the identification information for obtaining the file leakage inquiry instruction meaning leakage file.
In the present embodiment, according to the information for the file of input revealed, the identification information of leakage file is obtained, such as can When saving the HASH value of file every time, to correspond to the attributes such as title, file format and size of storage corresponding document in advance Information, the identification information of quick obtaining corresponding document when to facilitate leakage to inquire.
Step 510, the identification information that the leakage file is obtained in stored scanning information and operation information are corresponding Registered mobile memory medium identification information.
Due to the identification information for being stored with registered mobile memory medium corresponding in the scanning information that stores every time and thereon The identification information of the file of storage, be also stored in operation information registered mobile memory medium identification information, this/be intended to The identification information of the file of copy and operation note, therefore, can by having revealed the identification information of file, in scanning information and The mark letter for once storing and/or wanting the registered mobile memory medium of this part of file of copy is got in operation information Breath, thus according to the identification information (including producing sequence number and user's name etc.) of the registered mobile memory medium inquired Quick lock in movable storage device holds suspect.
Corresponding to embodiment illustrated in fig. 3, before above-mentioned steps 401/501, the movement that may also include client access is deposited The authentication registration step of storage media, as shown in fig. 6, including the following steps:
Step 601 receives and judges that the corresponding mobile storage of the identification information for the mobile memory medium that client is sent is situated between Whether matter is registered.
The registering result information of mobile memory medium is sent to client by step 602.
Wherein, the registering result information includes registered or unregistered two kinds of results;
Step 603 receives the registration information that client is sent, and agrees to or forbid the corresponding unregistered shifting of the registration information Dynamic storage medium is registered.
Wherein, the registration information includes the identification information of mobile memory medium.
In this step, if agreeing to, the corresponding unregistered mobile memory medium of the registration information is registered, and executes step Rapid 604, if the corresponding unregistered mobile memory medium of the registration information is forbidden to be registered, then follow the steps 605, such as For revealing the mobile memory medium of information in the past, it is previously added blacklist, it is forbidden to register again.,
Step 604 saves the registration information and sends the message that succeeds in registration to client.
Step 605 sends registration failure message to client.
In the present embodiment, the mobile memory medium for allowing to register can be preset in remote monitoring center as needed, directly Adapter tube control mobile memory medium further improves the security performance of computer data in the access authority of client.
Such as:Using mobile memory medium file management-control method provided by the invention, intra-company employee is accessed using USB flash disk When computer, checking and killing virus is both carried out, protection system is safe, and can be when file leaks, and perceiving is leaked from where. Intra-company's classified papers are entered into the knowledge base of remote monitoring center in advance, give permission for employee's function, neither The normal operating file for influencing employee also prevents the leakage of file caused by having no right to operate.
Corresponding to the mobile memory medium file management-control method provided by the present invention for client, the embodiment of the present invention is also A kind of mobile memory medium file control device for client is provided.Fig. 7 is a kind of movement for client of the present invention The structural schematic diagram of stored medium file control device embodiment one, as shown in fig. 7, the device of the present embodiment may include:It sweeps Retouch module 11 and the first sending module 12;Wherein, scan module 11, for monitoring that data transmission interface has registered movement When storage medium accesses, the registered mobile memory medium is scanned by checking and killing virus mode, obtains the registered movement The identification information of the file stored on storage medium;First sending module 12, for scanning information to be sent to the long-range prison Control center;The scanning information includes the identification information of the registered mobile memory medium and the mark of the file stored thereon Information.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 1, realization principle and skill Art effect is similar, and details are not described herein again.
Fig. 8 is a kind of structural representation of the mobile memory medium file control device embodiment two for client of the present invention Figure, as shown in figure 8, further including on the basis of the device of the present embodiment apparatus structure shown in Fig. 7:First receiving module 13, One obtains module 14 and operation control module 15;Wherein, the first receiving module 13, for depositing toward the registered movement receiving In storage media when the request of copied files, the identification information of file to be copied is sent to remote monitoring center;It is also used to receive What the remote monitoring center was sent is matched to the notice of the identification information of the file to be copied;It is also used to receive described long-range Operation permission information of the registered mobile memory medium that monitoring center is sent to the file to be copied;First obtains mould Block 14 obtains institute for the notice of the identification information for being matched to the file to be copied received according to the first receiving module 13 It states the identification information of registered mobile memory medium and is sent to the remote monitoring center;Control module 15 is operated, root is used for According to the operation permission information that the first receiving module 13 receives, allows or prevent to copy into the registered mobile memory medium File to be copied described in shellfish.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 1 or Fig. 2, realize former Reason is similar with technical effect, and details are not described herein again.
Preferably, in Fig. 8, the first receiving module 13 is also used to receive that the remote monitoring center sends is not matched to The notice of the identification information of the file to be copied;Control module 15 is operated, is also used to be received according to the first receiving module 13 The notice of the identification information for not being matched to the file to be copied prevents to copy into the registered mobile memory medium The file to be copied.
Preferably, as shown in Figure 8, control module 15 is operated, is also used to operate this by the first sending module 12 Information is sent to the remote monitoring center;This described operation information includes the mark letter of the registered mobile memory medium Breath, this/file to be copied identification information and operation note.
Fig. 9 is a kind of structural representation of the mobile memory medium file control device embodiment three for client of the present invention Figure, as shown in figure 9, on the basis of the device of the present embodiment apparatus structure shown in Fig. 7, further, the first receiving module 13, It is also used to receive the registering result information for the mobile memory medium that the remote monitoring center is sent;The registering result letter Breath includes registered or unregistered two kinds of results.Scan module 11 may include:Monitor submodule 111, prompting submodule 112, It registers submodule 113, acquisition submodule 114, scanning submodule 115 and prevents submodule 116;Wherein, submodule 111 is monitored, For when monitoring that data transmission interface has mobile memory medium access, the identification information of the mobile memory medium to be sent To the remote monitoring center;Prompting submodule 112, for being recorded when in the received registering result information of the first receiving module 13 When mobile memory medium is unregistered mobile memory medium, user is prompted to register the unregistered mobile memory medium; Register submodule 113, the registration request registered for receiving user to the unregistered mobile memory medium;Obtain submodule Block 114, for obtaining the mark letter of the unregistered mobile memory medium according to the registration received registration request of submodule 113 Breath is sent to the remote monitoring center as registration information;Submodule 114 is scanned, it is received for working as the first receiving module 13 Mobile memory medium is recorded in registering result information to be registered mobile memory medium or receive the remote monitoring center and send Succeed in registration message when, the registered mobile memory medium is scanned by checking and killing virus mode, obtains the registered shifting The identification information of the file stored on dynamic storage medium;Submodule 115 is prevented, for abandoning in user to the unregistered movement When the registration failure message that the remote monitoring center is sent is registered or received to storage medium, the unregistered movement is deposited Storage media removes data transmission interface.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 3, realization principle and skill Art effect is similar, and details are not described herein again.
Corresponding to the mobile memory medium file management-control method provided by the present invention for remote monitoring center, the present invention is real It applies example and a kind of mobile memory medium file control device for remote monitoring center is also provided.Figure 10 is that one kind of the present invention is used for The structural schematic diagram of the mobile memory medium file control device embodiment one of remote monitoring center, as shown in Figure 10, this implementation Example device may include:Memory module 201, the scanning information sent for saving client;Wherein, the scanning information packet The identification information of file for including the identification information of registered mobile memory medium and storing thereon.
Figure 11 is a kind of mobile memory medium file control device embodiment two for remote monitoring center of the present invention Structural schematic diagram, as shown in figure 11, the device of the present embodiment further, also wrap on the basis of Figure 10 shown device structure It includes:Second receiving module 202, matching module 203, the first notification module 204 and permission determining module 205;Wherein, it second receives Module 202, for receiving the identification information for the file to be copied that client is sent;It is also used to receive the request that client is sent to copy The identification information of the registered mobile memory medium of file to be copied described in shellfish;Matching module 203, for according to local knowledge base In pre-stored confidential document identification information, judge the second receiving module 202 whether can be matched in the knowledge base The identification information of received file to be copied;First notification module 204, for sending matching module 203 to the client It is fitted on/is not matched to the notice of the identification information of the file to be copied;Permission determining module 205, for according to predetermined control The corresponding registered mobile memory medium of the received identification information of determining second receiving module 202 of strategy is to the file to be copied Operating right, and to the client send operation permission information;Wherein, the control strategy record has mobile memory medium Operate the permission of confidential document.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 4, realization principle and skill Art effect is similar, and details are not described herein again.
Preferably, the second receiving module 202 is also used to receive this operation information that the client is sent and is deposited Storage is into memory module 201;This described operation information include the registered mobile memory medium identification information, this / file to be copied identification information and operation note.
Figure 12 is a kind of mobile memory medium file control device embodiment three for remote monitoring center of the present invention Structural schematic diagram, as shown in figure 12, the device of the present embodiment further, also wrap on the basis of Figure 11 shown device structure It includes:Third receiving module 206, second obtains module 207 and enquiry module 208;Wherein, third receiving module 206, for receiving File reveals inquiry instruction;Second obtains module 207, for obtaining the mark of the file leakage inquiry instruction meaning leakage file Know information;Enquiry module 208, for obtaining the leakage in the stored scanning information of memory module 201 and operation information The identification information of the corresponding registered mobile memory medium of the identification information of file.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 5, realization principle and skill Art effect is similar, and details are not described herein again.
Figure 13 is a kind of mobile memory medium file control device example IV for remote monitoring center of the present invention Structural schematic diagram, as shown in figure 13, the device of the present embodiment further, also wrap on the basis of Figure 10 shown device structure It includes:Judgment module 209, the second sending module 210, registration module 211 and the second notification module 212;Wherein, judgment module 209, For whether to receive and judge the corresponding mobile memory medium of identification information of mobile memory medium that the client is sent Registration;Second sending module 210, the registering result information hair of the mobile memory medium for obtaining judgment module 209 Give the client;Wherein, the registering result information includes registered or unregistered two kinds of results;Registration module 211 is used In the registration information that the reception client is sent, the corresponding unregistered mobile memory medium of the registration information is agreed to or forbidden It is registered;The registration information includes the identification information of mobile memory medium;Second notification module 212, in registration mould When block 211 forbids the corresponding unregistered mobile memory medium of the registration information to be registered, sends and register to the client Failed message;Or for agreeing to that the corresponding unregistered mobile memory medium of the registration information is infused in registration module 211 When volume, saves the registration information and send the message that succeeds in registration to the client.
The device of the present embodiment can be used for executing the technical solution of embodiment of the method shown in Fig. 6, realization principle and skill Art effect is similar, and details are not described herein again.
The embodiment of the present invention also provides a kind of electronic equipment.Figure 14 is that the structure of electronic equipment one embodiment of the present invention is shown It is intended to, the process of the mobile memory medium file management-control method embodiment provided by the present invention for client may be implemented, such as Shown in Figure 14, above-mentioned electronic equipment may include:Shell 31, processor 32, memory 33, circuit board 34 and power circuit 35, Wherein, circuit board 34 is placed in the space interior that shell 31 surrounds, and processor 32 and memory 33 are arranged on circuit board 34;Electricity Source circuit 35, for each circuit or the device power supply for above-mentioned electronic equipment;Memory 33 is for storing executable program generation Code;Processor 32 is corresponding with executable program code to run by reading the executable program code stored in memory 33 Program, for executing the mobile memory medium file management-control method for being used for client described in aforementioned any embodiment.
The present invention also provides a kind of mobile memory medium file managing and control system, which includes in client and long-range monitoring The heart, the client may include the mobile memory medium file control device of any of the above-described kind of user client, described long-range Monitoring center may include any of the above-described kind of file control device for being used for remote monitoring center, and details are not described herein again.
The embodiment of the present invention also provides another electronic equipment.Figure 15 is another electronic equipment one embodiment of the present invention Structural schematic diagram, the mobile memory medium file management-control method that may be implemented provided by the present invention for remote monitoring center is real The process of example is applied, as shown in figure 15, above-mentioned electronic equipment may include:Shell 41, processor 42, memory 43, circuit board 44 With power circuit 45, wherein circuit board 44 is placed in the space interior that shell 41 surrounds, and processor 42 and the setting of memory 43 exist On circuit board 44;Power circuit 45, for each circuit or the device power supply for above-mentioned electronic equipment;Memory 43 is for storing Executable program code;Processor 42 is run and executable journey by reading the executable program code stored in memory 43 The corresponding program of sequence code, for executing the mobile memory medium text described in aforementioned any embodiment for remote monitoring center Part management-control method.
Above-mentioned electronic equipment exists in a variety of forms, including but not limited to:
(1) mobile communication equipment:The characteristics of this kind of equipment is that have mobile communication function, and to provide speech, data Communication is main target.This Terminal Type includes:Smart phone (such as iPhone), multimedia handset, functional mobile phone and low Hold mobile phone etc..
(2) super mobile personal computer equipment:This kind of equipment belongs to the scope of personal computer, there is calculating and processing function Can, generally also have mobile Internet access characteristic.This Terminal Type includes:PDA, MID and UMPC equipment etc., such as iPad.
(3) portable entertainment device:This kind of equipment can show and play multimedia content.Such equipment includes:Audio, Video playback module (such as iPod), handheld device, e-book and intelligent toy and portable car-mounted navigation equipment.
(4) server:There is provided the equipment of the service of calculating, the composition of server includes that processor, hard disk, memory, system are total Line etc., server is similar with general computer architecture, but due to needing to provide highly reliable service, in processing energy Power, stability, reliability, safety, scalability, manageability etc. are more demanding.
(5) other electronic equipments with data interaction function.
Preferably, mobile memory medium described in any of the above-described embodiment of the invention is USB flash disk.
It should be noted that, in this document, relational terms such as first and second and the like are used merely to a reality Body or operation are distinguished with another entity or operation, are deposited without necessarily requiring or implying between these entities or operation In any actual relationship or order or sequence.Moreover, the terms "include", "comprise" or its any other variant are intended to Non-exclusive inclusion, so that the process, method, article or equipment including a series of elements is not only wanted including those Element, but also including other elements that are not explicitly listed, or further include for this process, method, article or equipment Intrinsic element.In the absence of more restrictions, the element limited by sentence " including one ... ", it is not excluded that There is also other identical elements in the process, method, article or apparatus that includes the element.
Each embodiment in this specification is all made of relevant mode and describes, same and similar portion between each embodiment Dividing may refer to each other, and each embodiment focuses on the differences from other embodiments.Especially for device reality For applying example, since it is substantially similar to the method embodiment, so being described relatively simple, related place is referring to embodiment of the method Part explanation.For convenience of description, description apparatus above is to be divided into various units/modules with function to describe respectively. Certainly, each unit/module function can be realized in the same or multiple software and or hardware in carrying out the present invention.
Those of ordinary skill in the art will appreciate that realizing all or part of the process in above-described embodiment method, being can be with Relevant hardware is instructed to complete by computer program, the program can be stored in a computer-readable storage medium In, the program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, the storage medium can be magnetic Dish, CD, read-only memory (Read-Only Memory, ROM) or random access memory (Random Access Memory, RAM) etc..
The above description is merely a specific embodiment, but scope of protection of the present invention is not limited thereto, any In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by those familiar with the art, all answers It is included within the scope of the present invention.Therefore, protection scope of the present invention should be subject to the protection scope in claims.

Claims (28)

1. a kind of mobile memory medium file management-control method, which is characterized in that it is used for client, including:
When monitoring that data transmission interface has the access of registered mobile memory medium, by checking and killing virus mode scan it is described Mobile memory medium is registered, the identification information of the file stored on the registered mobile memory medium is obtained;
Scanning information is sent to the remote monitoring center;The scanning information includes the registered mobile memory medium The identification information of identification information and the file stored thereon.
2. mobile memory medium file management-control method according to claim 1, which is characterized in that sent by scanning information After the remote monitoring center, further include:
When receiving the request of copied files into the registered mobile memory medium, the identification information of file to be copied is sent out Give remote monitoring center;
Receive the notice for the identification information for being matched to the file to be copied that the remote monitoring center is sent;
It obtains the identification information of the registered mobile memory medium and is sent to the remote monitoring center;
The registered mobile memory medium that the remote monitoring center is sent is received to the operating rights of the file to be copied Limit information;
According to the operation permission information, allows or prevent to copy the text to be copied into the registered mobile memory medium Part.
3. mobile memory medium file management-control method according to claim 2, which is characterized in that by file to be copied Identification information is sent to after remote monitoring center, further includes:
Receive the notice for the identification information for not being matched to the file to be copied that the remote monitoring center is sent;
It prevents to copy the file to be copied into the registered mobile memory medium.
4. mobile memory medium file management-control method according to claim 3, which is characterized in that allowing or preventing toward institute It states after copying the file to be copied in registered mobile memory medium, further includes:
This operation information is sent to the remote monitoring center;This described operation information includes that the registered movement is deposited The identification information of storage media, this/file to be copied identification information and operation note.
5. mobile memory medium file management-control method according to claim 1, which is characterized in that described to monitor data When coffret has the access of registered mobile memory medium, the registered mobile storage is scanned by checking and killing virus mode and is situated between Matter, including:
When monitoring that data transmission interface has mobile memory medium access, the identification information of the mobile memory medium is sent To the remote monitoring center;
Receive the registering result information for the mobile memory medium that the remote monitoring center is sent;The registering result information Including registered or unregistered two kinds of results;
When the mobile memory medium is unregistered mobile memory medium, prompt user to the unregistered mobile memory medium It is registered;
Receive the registration request that user registers the unregistered mobile memory medium;
According to the registration request, the identification information for obtaining the unregistered mobile memory medium is sent to institute as registration information State remote monitoring center;
When the mobile memory medium is registered mobile memory medium or receive that the remote monitoring center sends register When function message, the registered mobile memory medium is scanned by checking and killing virus mode;If user abandons to the unregistered shifting When the registration failure message that the remote monitoring center is sent is registered or received to dynamic storage medium, by the unregistered movement Storage medium removes data transmission interface.
6. mobile memory medium file management-control method according to claim 1-5, which is characterized in that the movement The identification information of storage medium includes that mobile memory medium produces sequence number and user's information.
7. mobile memory medium file management-control method according to claim 1-5, which is characterized in that the file Identification information be file Hash HASH value.
8. a kind of mobile memory medium file management-control method, which is characterized in that it is used for remote monitoring center, including:
Save the scanning information that client is sent;Wherein, the scanning information includes the mark letter of registered mobile memory medium The identification information of breath and the file stored thereon.
9. mobile memory medium file management-control method according to claim 8, which is characterized in that sent saving client Scanning information after, further include:
Receive the identification information for the file to be copied that client is sent;
According to the identification information of confidential document pre-stored in local knowledge base, judge whether can match in the knowledge base To the identification information of the file to be copied;
The notice for being matched to/not being matched to the identification information of the file to be copied is sent to the client;
Receive the identification information that the request that client is sent copies the registered mobile memory medium of the file to be copied;
According to the predetermined determining registered mobile memory medium of control strategy to the operating right of the file to be copied, and to The client sends operation permission information;Wherein, the control strategy record has mobile memory medium operation confidential document Permission.
10. mobile memory medium file management-control method according to claim 9, which is characterized in that the client After sending operation permission information, further include:
Receive and store this operation information that the client is sent;This described operation information includes the registered movement The identification information of storage medium, this/file to be copied identification information and operation note.
11. mobile memory medium file management-control method according to claim 10, which is characterized in that saving client hair After the scanning information come, further include:
It receives file and reveals inquiry instruction;
Obtain the identification information of the file leakage inquiry instruction meaning leakage file;
The corresponding registered movement of identification information of the leakage file is obtained in stored scanning information and operation information The identification information of storage medium.
12. mobile memory medium file management-control method according to claim 8, which is characterized in that saving client hair Before the scanning information come, further include:
It receives and whether to judge the corresponding mobile memory medium of the identification information for the mobile memory medium that the client is sent Registration;
The registering result information of the mobile memory medium is sent to the client;The registering result information includes having infused Volume or unregistered two kinds of results;
The registration information that the client is sent is received, agree to or the corresponding unregistered mobile storage of the registration information is forbidden to be situated between Matter is registered;The registration information includes the identification information of mobile memory medium;
If the corresponding unregistered mobile memory medium of the registration information is forbidden to be registered, sends and register to the client Failed message;If agreeing to, the corresponding unregistered mobile memory medium of the registration information is registered, and saves the registration letter It ceases and sends the message that succeeds in registration to the client.
13. mobile memory medium file management-control method according to claim 9, which is characterized in that the control strategy packet It includes:The identification information of mobile memory medium and the action type of permission and/or allow operate file type and/or allow to operate File security grade between corresponding relationship;
Pre-stored confidential document includes that file type and file security are level attributed in the knowledge base.
14. the mobile memory medium file management-control method according to any one of claim 8-13, which is characterized in that described The identification information of the identification information of mobile memory medium includes that mobile memory medium produces sequence number and user's information.
15. the mobile memory medium file management-control method according to any one of claim 8-13, which is characterized in that described The identification information of file is the Hash HASH value of file.
16. a kind of mobile memory medium file control device, which is characterized in that it is used for client, including:
Scan module, for passing through checking and killing virus when monitoring that data transmission interface has the access of registered mobile memory medium Mode scans the registered mobile memory medium, obtains the mark letter of the file stored on the registered mobile memory medium Breath;
First sending module, for scanning information to be sent to the remote monitoring center;The scanning information include it is described Register the identification information of mobile memory medium and the identification information of the file stored thereon.
17. mobile memory medium file control device according to claim 16, which is characterized in that further include:
First receiving module will be wait copy for when receiving the request of copied files into the registered mobile memory medium The identification information of Buddhist script written on pattra leaves part is sent to remote monitoring center;Be also used to receive the remote monitoring center sends be matched to it is described The notice of the identification information of file to be copied;It is also used to receive the registered mobile storage that the remote monitoring center is sent Operation permission information of the medium to the file to be copied;
First obtains module, the identification information for being matched to the file to be copied for receiving according to first receiving module Notice, the identification information for obtaining the registered mobile memory medium is simultaneously sent to the remote monitoring center;
Control module is operated, the operation permission information for receiving according to first receiving module allows or prevents past The file to be copied is copied in the registered mobile memory medium.
18. mobile memory medium file management-control method according to claim 17, which is characterized in that described first receives mould Block is also used to receive the notice for the identification information for not being matched to the file to be copied that the remote monitoring center is sent;
The operation control module, be also used to according to first receiving module receive described in be not matched to the text to be copied The notice of the identification information of part prevents to copy the file to be copied into the registered mobile memory medium.
19. mobile memory medium file control device according to claim 18, which is characterized in that the operation controls mould Block is also used to that this operation information is sent to the remote monitoring center by first sending module;This described behaviour It include the identification information, this/file to be copied identification information and behaviour of the registered mobile memory medium as information It notes down.
20. mobile memory medium file management-control method according to claim 16, which is characterized in that described first receives mould Block is also used to receive the registering result information for the mobile memory medium that the remote monitoring center is sent;The registration knot Fruit information includes registered or unregistered two kinds of results;
The scan module, including:
Submodule is monitored, for when monitoring that data transmission interface has mobile memory medium access, the mobile storage to be situated between The identification information of matter is sent to the remote monitoring center;
Prompting submodule, for being not when recording mobile memory medium in the received registering result information of first receiving module When registering mobile memory medium, user is prompted to register the unregistered mobile memory medium;
Register submodule, the registration request registered for receiving user to the unregistered mobile memory medium;
Acquisition submodule, for obtaining the unregistered mobile storage and being situated between according to the received registration request of the registration submodule The identification information of matter is sent to the remote monitoring center as registration information;
Submodule is scanned, for being when recording mobile memory medium in the received registering result information of first receiving module Registration mobile memory medium or receive that the remote monitoring center sends succeed in registration message when, swept by checking and killing virus mode The registered mobile memory medium is retouched, the identification information of the file stored on the registered mobile memory medium is obtained;
Submodule is prevented, registers or receive the long-range prison to the unregistered mobile memory medium for abandoning in user When the registration failure message that control center is sent, the unregistered mobile memory medium is removed into data transmission interface.
21. a kind of mobile memory medium file control device, which is characterized in that it is used for remote monitoring center, including:
Memory module, the scanning information sent for saving client;Wherein, the scanning information includes registered mobile storage The identification information of the identification information of medium and the file stored thereon.
22. mobile memory medium file control device according to claim 21, which is characterized in that further include:
Second receiving module, for receiving the identification information for the file to be copied that client is sent;It is also used to receive client hair The request come copies the identification information of the registered mobile memory medium of the file to be copied;
Matching module judges for the identification information according to confidential document pre-stored in local knowledge base in the knowledge Whether the identification information of second receiving module received to be copied file can be matched in library;
First notification module is matched to/is not matched to the text to be copied for sending the matching module to the client The notice of the identification information of part;
Permission determining module, for determining that the received identification information of the second receiving module is corresponding according to predetermined control strategy Registered mobile memory medium sends operation permission information to the operating right of the file to be copied, and to the client; Wherein, the control strategy record has the permission of mobile memory medium operation confidential document.
23. mobile memory medium file control device according to claim 22, which is characterized in that described second receives mould Block is also used to receive this operation information that the client is sent and is stored into the memory module;It is described this Operation information include the identification information of the registered mobile memory medium, this/file to be copied identification information and Operation note.
24. mobile memory medium file control device according to claim 23, which is characterized in that further include:
Third receiving module, for receiving file leakage inquiry instruction;
Second obtains module, for obtaining the identification information of the file leakage inquiry instruction meaning leakage file;
Enquiry module, for obtaining the leakage file in the stored scanning information of the memory module and operation information The identification information of the corresponding registered mobile memory medium of identification information.
25. mobile memory medium file control device according to claim 21, which is characterized in that further include:
Judgment module, for receiving and judging that the corresponding movement of identification information of mobile memory medium that the client is sent is deposited Whether storage media is registered;
The registering result information of second sending module, the mobile memory medium for obtaining the judgment module is sent to The client;The registering result information includes registered or unregistered two kinds of results;
Registration module, the registration information sent for receiving the client are agreed to or forbid the registration information corresponding not Registration mobile memory medium is registered;The registration information includes the identification information of mobile memory medium;
Second notification module, for the registration module forbid the corresponding unregistered mobile memory medium of the registration information into When row registration, registration failure message is sent to the client;Or for agreeing to the registration information in the registration module When corresponding unregistered mobile memory medium is registered, saves the registration information and succeed in registration to client transmission Message.
26. a kind of electronic equipment, which is characterized in that the electronic equipment includes:Shell, processor, memory, circuit board and electricity Source circuit, wherein circuit board is placed in the space interior that shell surrounds, and processor and memory setting are on circuit boards;Power supply Circuit, for each circuit or the device power supply for the electronic equipment;Memory is for storing executable program code;Processing Device runs program corresponding with executable program code by reading the executable program code stored in memory, for holding The described in any item mobile memory medium file management-control methods of row preceding claims 1-7.
27. a kind of electronic equipment, which is characterized in that the electronic equipment includes:Shell, processor, memory, circuit board and electricity Source circuit, wherein circuit board is placed in the space interior that shell surrounds, and processor and memory setting are on circuit boards;Power supply Circuit, for each circuit or the device power supply for the electronic equipment;Memory is for storing executable program code;Processing Device runs program corresponding with executable program code by reading the executable program code stored in memory, for holding The described in any item mobile memory medium file management-control methods of row preceding claims 8-15.
28. a kind of mobile memory medium file managing and control system, which is characterized in that including remote monitoring center and at least one client End, the client includes the described in any item mobile memory medium file control devices of preceding claims 16-20, described remote Range monitoring center includes the described in any item mobile memory medium file control devices of preceding claims 21-25.
CN201711498913.0A 2017-12-29 2017-12-29 Mobile storage medium file control method, device and system and electronic equipment Active CN108875373B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711498913.0A CN108875373B (en) 2017-12-29 2017-12-29 Mobile storage medium file control method, device and system and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711498913.0A CN108875373B (en) 2017-12-29 2017-12-29 Mobile storage medium file control method, device and system and electronic equipment

Publications (2)

Publication Number Publication Date
CN108875373A true CN108875373A (en) 2018-11-23
CN108875373B CN108875373B (en) 2021-04-20

Family

ID=64325889

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711498913.0A Active CN108875373B (en) 2017-12-29 2017-12-29 Mobile storage medium file control method, device and system and electronic equipment

Country Status (1)

Country Link
CN (1) CN108875373B (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918908A (en) * 2019-02-13 2019-06-21 广东华讯网络投资有限公司 A kind of data safety detection system and business handling method
CN110674500A (en) * 2019-09-04 2020-01-10 南方电网数字电网研究院有限公司 Storage medium virus searching and killing method and device, computer equipment and storage medium
CN110851880A (en) * 2019-10-16 2020-02-28 昆明灵智科技有限公司 Computer data safety control system
CN112861177A (en) * 2021-02-05 2021-05-28 深圳市辰星瑞腾科技有限公司 Computer defense system based on Internet of things
CN113032854A (en) * 2021-03-30 2021-06-25 杭州华澜微电子股份有限公司 Electronic data safety transfer method
CN114329420A (en) * 2021-12-02 2022-04-12 杭州立思辰安科科技有限公司 Access control method, device and system of removable storage equipment and storage medium
WO2023051131A1 (en) * 2021-09-28 2023-04-06 西门子(中国)有限公司 Method and apparatus for managing and controlling mobile storage device

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1845136A (en) * 2006-05-12 2006-10-11 曾庆华 Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device
CN102063359A (en) * 2010-11-02 2011-05-18 北京安天电子设备有限公司 Method and device for monitoring data for USE mobile storage device
CN102737175A (en) * 2011-09-23 2012-10-17 新奥特(北京)视频技术有限公司 Equipment access method and user equipment and device in data security protection and control
CN102915359A (en) * 2012-10-16 2013-02-06 北京奇虎科技有限公司 File management method and device
CN103731431A (en) * 2014-01-10 2014-04-16 厦门市美亚柏科信息股份有限公司 System and method for resource interaction between intranet device and external storage device
CN103914665A (en) * 2012-12-30 2014-07-09 航天信息股份有限公司 Method and device for protecting movable storage device data security
CN107239691A (en) * 2017-05-12 2017-10-10 北京知道创宇信息技术有限公司 To access computing device external device be controlled method, apparatus and system
CN107483434A (en) * 2017-08-10 2017-12-15 郑州云海信息技术有限公司 The management system and method for a kind of movable storage device

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1845136A (en) * 2006-05-12 2006-10-11 曾庆华 Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device
CN102063359A (en) * 2010-11-02 2011-05-18 北京安天电子设备有限公司 Method and device for monitoring data for USE mobile storage device
CN102737175A (en) * 2011-09-23 2012-10-17 新奥特(北京)视频技术有限公司 Equipment access method and user equipment and device in data security protection and control
CN102915359A (en) * 2012-10-16 2013-02-06 北京奇虎科技有限公司 File management method and device
CN103914665A (en) * 2012-12-30 2014-07-09 航天信息股份有限公司 Method and device for protecting movable storage device data security
CN103731431A (en) * 2014-01-10 2014-04-16 厦门市美亚柏科信息股份有限公司 System and method for resource interaction between intranet device and external storage device
CN107239691A (en) * 2017-05-12 2017-10-10 北京知道创宇信息技术有限公司 To access computing device external device be controlled method, apparatus and system
CN107483434A (en) * 2017-08-10 2017-12-15 郑州云海信息技术有限公司 The management system and method for a kind of movable storage device

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109918908A (en) * 2019-02-13 2019-06-21 广东华讯网络投资有限公司 A kind of data safety detection system and business handling method
CN110674500A (en) * 2019-09-04 2020-01-10 南方电网数字电网研究院有限公司 Storage medium virus searching and killing method and device, computer equipment and storage medium
CN110851880A (en) * 2019-10-16 2020-02-28 昆明灵智科技有限公司 Computer data safety control system
CN112861177A (en) * 2021-02-05 2021-05-28 深圳市辰星瑞腾科技有限公司 Computer defense system based on Internet of things
CN112861177B (en) * 2021-02-05 2021-11-19 深圳市辰星瑞腾科技有限公司 Computer defense system based on Internet of things
CN113032854A (en) * 2021-03-30 2021-06-25 杭州华澜微电子股份有限公司 Electronic data safety transfer method
WO2023051131A1 (en) * 2021-09-28 2023-04-06 西门子(中国)有限公司 Method and apparatus for managing and controlling mobile storage device
CN114329420A (en) * 2021-12-02 2022-04-12 杭州立思辰安科科技有限公司 Access control method, device and system of removable storage equipment and storage medium

Also Published As

Publication number Publication date
CN108875373B (en) 2021-04-20

Similar Documents

Publication Publication Date Title
CN108875373A (en) Mobile memory medium file management-control method, device, system and electronic equipment
US20240126895A1 (en) Data security using request-supplied keys
Chang et al. Untraceable dynamic‐identity‐based remote user authentication scheme with verifiable password update
KR102217916B1 (en) System and method for biometric protocol standards
US20140075493A1 (en) System and method for location-based protection of mobile data
US9767299B2 (en) Secure cloud data sharing
US9256725B2 (en) Credential recovery with the assistance of trusted entities
US20170346851A1 (en) Mutual authentication security system with detection and mitigation of active man-in-the-middle browser attacks, phishing, and malware and other security improvements.
US10084789B2 (en) Peer to peer enterprise file sharing
CN107103245B (en) File authority management method and device
CN103297413A (en) Sharable online file secure safe
CN111277573A (en) Resource locator with key
US11329817B2 (en) Protecting data using controlled corruption in computer networks
CN107464121A (en) Electronic account is reported the loss, solves extension, business management method, device and equipment
JP2011176435A (en) Secret key sharing system, method, data processor, management server, and program
CN106453321A (en) Authentication server, system and method, and to-be-authenticated terminal
CN110233850A (en) Register method, application server, user terminal and system based on alliance's chain
CN109617703B (en) Key management method and device, electronic equipment and storage medium
CN109740319A (en) Digital identity verification method and server
Ferdous et al. Portable personal identity provider in mobile phones
KR101523629B1 (en) Apparatus and method for login authentication, and storage media storing the same
US11330003B1 (en) Enterprise messaging platform
EP1901196A2 (en) Method of and system for security and privacy protection in medical forms
Jacobino et al. TrustVault: A privacy-first data wallet for the European Blockchain Services Infrastructure
Rasmussen A usability study of fido2 roaming software tokens as a password replacement

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant