CN108875373B - Mobile storage medium file control method, device and system and electronic equipment - Google Patents
Mobile storage medium file control method, device and system and electronic equipment Download PDFInfo
- Publication number
- CN108875373B CN108875373B CN201711498913.0A CN201711498913A CN108875373B CN 108875373 B CN108875373 B CN 108875373B CN 201711498913 A CN201711498913 A CN 201711498913A CN 108875373 B CN108875373 B CN 108875373B
- Authority
- CN
- China
- Prior art keywords
- storage medium
- mobile storage
- file
- identification information
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
Abstract
The embodiment of the invention discloses a method, a device and a system for managing and controlling a file of a mobile storage medium and electronic equipment, relates to the technical field of computer security, and can solve the problem that no effective scheme capable of managing and controlling the copying of the file on a confidential computer by the mobile storage medium exists in the prior art. The file management and control method for the mobile storage medium comprises the following steps: when a client monitors that a registered mobile storage medium is accessed to a data transmission interface, scanning the registered mobile storage medium in a virus searching and killing mode to acquire identification information of a file stored on the registered mobile storage medium; the client sends the scanning information to the remote monitoring center for storage; the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon. The invention is simple to realize, can improve the security of the computer data, and is suitable for various occasions where the computer data need to be safely protected.
Description
Technical Field
The invention relates to the technical field of computer security, in particular to a mobile storage medium file control method, device and system and electronic equipment.
Background
Currently, it is common for a USB flash disk to leak files. Due to various management negligence, a large amount of core data are copied intentionally and unintentionally before staff leave, and the core data often relate to important business information and become important weapons of competitors; because of insufficient knowledge on the importance of information safety, part of confidential personnel can accidentally reveal confidential data, and part of bad people can arbitrarily disclose confidential information to the public and even release the confidential information to any person on the network for browsing; similar events can have very serious consequences.
In the process of implementing the invention, the inventor finds that no effective scheme capable of managing the copy of files on a secure computer by a mobile storage medium exists at present.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, a system, and an electronic device for managing and controlling a file of a mobile storage medium, which facilitate tracing when the file is leaked, so as to effectively manage and control the file on a copy-confidential computer of the mobile storage medium.
In a first aspect, an embodiment of the present invention provides a method for managing and controlling a file of a mobile storage medium, where the method is used for a client, and includes:
when it is monitored that a registered mobile storage medium is accessed to a data transmission interface, scanning the registered mobile storage medium in a virus searching and killing mode to acquire identification information of a file stored on the registered mobile storage medium;
sending the scanning information to the remote monitoring center; the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
With reference to the first aspect, in a first implementation manner of the first aspect, after the sending the scanning information to the remote monitoring center, the method further includes:
when a request for copying the file in the registered mobile storage medium is received, sending the identification information of the file to be copied to a remote monitoring center;
receiving a notice which is sent by the remote monitoring center and matched with the identification information of the file to be copied;
acquiring the identification information of the registered mobile storage medium and sending the identification information to the remote monitoring center;
receiving operation authority information of the registered mobile storage medium to the file to be copied, which is sent by the remote monitoring center;
and according to the operation authority information, allowing or preventing the file to be copied from being copied to the registered mobile storage medium.
With reference to the first implementation manner of the first aspect, in a second implementation manner of the first aspect, after sending the identification information of the file to be copied to the remote monitoring center, the method further includes:
receiving a notice which is sent by the remote monitoring center and does not match the identification information of the file to be copied;
and preventing the file to be copied from being copied to the registered mobile storage medium.
With reference to the second implementation manner of the first aspect, in a third implementation manner of the first aspect, after allowing or preventing the file to be copied from the registered mobile storage medium according to the operation permission information, the method further includes:
sending the operation information to the remote monitoring center; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
With reference to the first aspect, in a fourth implementation manner of the first aspect, when it is monitored that a registered mobile storage medium is accessed to a data transmission interface, scanning the registered mobile storage medium in a virus searching and killing manner includes:
when it is monitored that a mobile storage medium is accessed to a data transmission interface, sending identification information of the mobile storage medium to the remote monitoring center;
receiving registration result information of the mobile storage medium sent by the remote monitoring center; the registration result information comprises two results, namely registered result and unregistered result;
when the mobile storage medium is an unregistered mobile storage medium, prompting a user to register the unregistered mobile storage medium;
receiving a registration request of a user for registering the unregistered mobile storage medium;
acquiring identification information of the unregistered mobile storage medium as registration information and sending the registration information to the remote monitoring center according to the registration request;
when the mobile storage medium is a registered mobile storage medium or a registration success message sent by the remote monitoring center is received, scanning the registered mobile storage medium in a virus checking and killing mode; and if the user abandons the registration of the unregistered mobile storage medium or receives a registration failure message sent by the remote monitoring center, moving the unregistered mobile storage medium out of the data transmission interface.
With reference to any one of the first aspect to the fourth implementation manner of the first aspect, in a fifth possible implementation manner of the first aspect, the identification information of the removable storage medium includes a production serial number of the removable storage medium and user information.
With reference to any one of the first aspect to the fourth implementation manner of the first aspect, in a sixth possible implementation manner of the first aspect, the identification information of the file is a HASH value of the file.
In a second aspect, an embodiment of the present invention provides a method for managing and controlling a file of a mobile storage medium, where the method is used in a remote monitoring center, and includes:
storing the scanning information sent by the client; wherein the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
With reference to the second aspect, in a first implementation manner of the second aspect, after saving the scanning information sent by the client, the method further includes:
receiving identification information of a file to be copied sent by a client;
judging whether the identification information of the file to be copied can be matched in the knowledge base or not according to the identification information of the confidential file pre-stored in the local knowledge base;
sending a notice that the identification information of the file to be copied is matched or not matched to the client;
receiving identification information of a registered mobile storage medium which requests to copy the file to be copied and is sent by a client;
determining the operation authority of the registered mobile storage medium on the file to be copied according to a preset control strategy, and sending operation authority information to the client; and the management and control strategy records the authority of the mobile storage medium for operating the confidential file.
With reference to the first implementation manner of the second aspect, in a second implementation manner of the second aspect, after the sending the operation authority information to the client, the method further includes:
receiving and storing the current operation information sent by the client; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
With reference to the second implementation manner of the second aspect, in a third implementation manner of the second aspect, after the storing the scanning information sent by the client, the method further includes:
receiving a file leakage query instruction;
acquiring identification information of the leakage files pointed by the file leakage query instruction;
and acquiring the identification information of the registered mobile storage medium corresponding to the identification information of the leakage file from the stored scanning information and operation information.
With reference to the second aspect, in a fourth implementation manner of the second aspect, before saving the scanning information sent by the client, the method further includes:
receiving and judging whether the mobile storage medium corresponding to the identification information of the mobile storage medium sent by the client is registered or not;
sending the registration result information of the mobile storage medium to the client; the registration result information comprises two results, namely registered result and unregistered result;
receiving registration information sent by the client, and agreeing or forbidding the unregistered mobile storage medium corresponding to the registration information to register; the registration information includes identification information of the mobile storage medium;
if the unregistered mobile storage medium corresponding to the registration information is forbidden to be registered, sending a registration failure message to the client; if the unregistered mobile storage medium corresponding to the registration information is agreed to be registered, the registration information is saved and a registration success message is sent to the client.
With reference to the first implementation manner of the second aspect, in a fifth implementation manner of the second aspect, the management policy includes: the corresponding relation between the identification information of the mobile storage medium and the allowed operation type and/or the allowed file security level;
and the confidential files pre-stored in the knowledge base comprise file types and file security level attributes.
With reference to any one of the second to fifth implementation manners of the second aspect, in a sixth implementation manner of the second aspect, the identification information of the removable storage medium includes a production serial number of the removable storage medium and user information.
With reference to any one of the second to fifth implementation manners of the second aspect, in a seventh implementation manner of the second aspect, the identification information of the file is a HASH value of the file.
In a third aspect, an embodiment of the present invention provides a mobile storage medium file management and control apparatus, used for a client, including:
the scanning module is used for scanning the registered mobile storage medium in a virus searching and killing mode to acquire identification information of a file stored on the registered mobile storage medium when the fact that the registered mobile storage medium is accessed to the data transmission interface is monitored;
the first sending module is used for sending the scanning information to the remote monitoring center; the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
With reference to the third aspect, in a first implementation manner of the third aspect, the mobile storage medium file management apparatus further includes:
the first receiving module is used for sending the identification information of the file to be copied to a remote monitoring center when receiving a request for copying the file from the registered mobile storage medium; the remote monitoring center is also used for receiving a notice which is sent by the remote monitoring center and matched with the identification information of the file to be copied; the remote monitoring center is also used for receiving the operation authority information of the registered mobile storage medium to the file to be copied from the remote monitoring center;
the first acquisition module is used for acquiring the identification information of the registered mobile storage medium according to the notification matched with the identification information of the file to be copied, which is received by the first receiving module, and sending the identification information to the remote monitoring center;
and the operation control module is used for allowing or preventing the file to be copied from being copied to the registered mobile storage medium according to the operation authority information received by the first receiving module.
With reference to the first implementation manner of the third aspect, in a second implementation manner of the third aspect, the first receiving module is further configured to receive a notification sent by the remote monitoring center that the identification information of the file to be copied is not matched;
the operation control module is further configured to prevent the file to be copied from being copied to the registered mobile storage medium according to the notification that the identification information of the file to be copied is not matched, which is received by the first receiving module.
With reference to the second implementation manner of the third aspect, in a third implementation manner of the third aspect, the operation control module is further configured to send the current operation information to the remote monitoring center through the first sending module; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
With reference to the third aspect, in a fourth implementation manner of the third aspect, the first receiving module is further configured to receive registration result information of the mobile storage medium sent by the remote monitoring center; the registration result information comprises two results, namely registered result and unregistered result;
the scanning module includes:
the monitoring submodule is used for sending the identification information of the mobile storage medium to the remote monitoring center when the data transmission interface is monitored to be accessed by the mobile storage medium;
the prompting sub-module is used for prompting a user to register the unregistered mobile storage medium when the mobile storage medium is recorded as the unregistered mobile storage medium in the registration result information received by the first receiving module;
the registration submodule is used for receiving a registration request of a user for registering the unregistered mobile storage medium;
the acquisition submodule is used for acquiring the identification information of the unregistered mobile storage medium as registration information according to the registration request received by the registration submodule and sending the registration information to the remote monitoring center;
the scanning sub-module is used for scanning the registered mobile storage medium in a virus killing mode to acquire the identification information of the file stored on the registered mobile storage medium when the mobile storage medium is recorded as the registered mobile storage medium in the registration result information received by the first receiving module or a registration success message sent by the remote monitoring center is received;
and the blocking submodule is used for moving the unregistered mobile storage medium out of the data transmission interface when the user abandons the registration of the unregistered mobile storage medium or receives a registration failure message sent by the remote monitoring center.
In a fourth aspect, an embodiment of the present invention provides a mobile storage medium file management and control apparatus, configured to a remote monitoring center, where the apparatus includes:
the storage module is used for storing the scanning information sent by the client; wherein the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
With reference to the fourth aspect, in a first implementation manner of the fourth aspect, the removable storage medium file management and control apparatus further includes:
the second receiving module is used for receiving the identification information of the file to be copied sent by the client; the mobile storage device is also used for receiving the identification information of the registered mobile storage medium which requests to copy the file to be copied and is sent by the client;
the matching module is used for judging whether the identification information of the file to be copied received by the second receiving module can be matched in the knowledge base according to the identification information of the confidential file pre-stored in the local knowledge base;
the first notification module is used for sending a notification that the matching module is matched with or not matched with the identification information of the file to be copied to the client;
the permission determining module is used for determining the operation permission of the registered mobile storage medium corresponding to the identification information received by the second receiving module on the file to be copied according to a preset management and control strategy and sending operation permission information to the client; and the management and control strategy records the authority of the mobile storage medium for operating the confidential file.
With reference to the first implementation manner of the fourth aspect, in a second implementation manner of the fourth aspect, the second receiving module is further configured to receive the current operation information sent by the client and store the current operation information in the storage module; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
With reference to the second implementation manner of the fourth aspect, in a third implementation manner of the fourth aspect, the removable storage medium file management and control apparatus further includes:
the third receiving module is used for receiving a file leakage query instruction;
the second acquisition module is used for acquiring the identification information of the leakage file pointed by the file leakage query instruction;
and the query module is used for acquiring the identification information of the registered mobile storage medium corresponding to the identification information of the leakage file from the scanning information and the operation information stored in the storage module.
With reference to the fourth aspect, in a fourth implementation manner of the fourth aspect, the removable storage medium file management and control apparatus further includes:
the judging module is used for receiving and judging whether the mobile storage medium corresponding to the identification information of the mobile storage medium sent by the client side is registered or not;
the second sending module is used for sending the registration result information of the mobile storage medium obtained by the judging module to the client; the registration result information comprises two results, namely registered result and unregistered result;
the registration module is used for receiving registration information sent by the client and agreeing or forbidding the registration of an unregistered mobile storage medium corresponding to the registration information; the registration information includes identification information of the mobile storage medium;
the second notification module is used for sending a registration failure message to the client when the registration module prohibits the unregistered mobile storage medium corresponding to the registration information from registering; or when the registration module agrees to register the unregistered mobile storage medium corresponding to the registration information, the registration information is saved and a registration success message is sent to the client.
In a fifth aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the mobile storage medium file management and control method for the client according to any one of the foregoing embodiments.
In a sixth aspect, an embodiment of the present invention provides an electronic device, where the electronic device includes: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor reads the executable program codes stored in the memory to run programs corresponding to the executable program codes, and is used for executing the mobile storage medium file management and control method for the remote monitoring center according to any one of the foregoing embodiments.
In a seventh aspect, an embodiment of the present invention provides a system for managing and controlling a mobile storage medium file, including a remote monitoring center and at least one client, where the client includes the device for managing and controlling a mobile storage medium file according to any one of the foregoing embodiments, and the remote monitoring center includes the device for managing and controlling a mobile storage medium file according to any one of the foregoing embodiments.
According to the file management and control method, device and system for the mobile storage medium and the electronic equipment provided by the embodiment of the invention, when the fact that the registered mobile storage medium is accessed into the data transmission interface is monitored, the registered mobile storage medium is scanned in a virus searching and killing mode, the identification information of the file stored on the registered mobile storage medium is obtained, and the scanned information is sent to the remote monitoring center, so that the file can be conveniently traced when the file is leaked, and the file on a copy security computer of the mobile storage medium can be effectively managed and controlled. In addition, through scanning the virus killing process of the mobile storage medium and acquiring the identification information (such as a file hash value) of the file on the mobile storage medium, the time for acquiring the file information again is reduced, the cost of computer resources is reduced, and a data source is provided for the retroactive file leakage. The method can not only clear the virus files of the mobile storage medium and protect the system safety, but also sense the leakage of the files. The invention utilizes the virus searching and killing process, avoids the time and system resources consumed by obtaining the file information for the second time, and improves the file control efficiency. And the remote monitoring center is used for carrying out unified management and control, so that the leakage of the files through the mobile storage medium can be effectively prevented.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flowchart illustrating a first embodiment of a method for managing and controlling a file of a mobile storage medium of a client according to the present invention;
FIG. 2 is a flowchart illustrating a second embodiment of a method for managing and controlling a file of a mobile storage medium for a client according to the present invention;
FIG. 3 is a flowchart illustrating registration confirmation of a client for an accessed mobile storage medium;
FIG. 4 is a flowchart illustrating a first embodiment of a method for managing and controlling a file of a mobile storage medium in a remote monitoring center according to the present invention;
FIG. 5 is a flowchart of a second embodiment of a method for managing and controlling a file of a mobile storage medium in a remote monitoring center according to the present invention;
FIG. 6 is a flowchart of a method for authenticating the registration of the mobile storage medium accessed by the client through the remote monitoring center;
FIG. 7 is a schematic structural diagram illustrating a first embodiment of a removable storage medium file management and control apparatus for a client according to the present invention;
FIG. 8 is a schematic structural diagram illustrating a second embodiment of a mobile storage media file management and control apparatus for a client according to the present invention;
FIG. 9 is a schematic structural diagram of a third embodiment of a mobile storage media file management and control apparatus for a client according to the present invention;
FIG. 10 is a schematic structural diagram of a first embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention;
fig. 11 is a schematic structural diagram of a second embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention;
fig. 12 is a schematic structural diagram of a third embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention;
fig. 13 is a schematic structural diagram of a fourth embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention;
FIG. 14 is a schematic structural diagram of an embodiment of an electronic device of the present invention;
fig. 15 is a schematic structural diagram of another embodiment of an electronic device according to the present invention.
Detailed Description
The traditional method only limits the scanning of the files in the U disk to finding and cleaning the viruses, and does not well utilize useful data information obtained in the process of file scanning. And the computer security technician is concerned with the file information in the flash disk. If the information is not recorded in time during file scanning, the information is acquired when needed, which wastes time and computer resources. The invention utilizes the process of scanning the file on the mobile storage medium during virus checking and killing to obtain and store the file identification information, thereby providing a data source for finding the file leakage afterwards. The following describes a method and an apparatus for managing and controlling a file of a mobile storage medium in detail with reference to the accompanying drawings.
It should be understood that the described embodiments are only some embodiments of the invention, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Fig. 1 is a flowchart of a first embodiment of a method for managing and controlling a file of a mobile storage medium of a client according to the present invention, as shown in fig. 1, the method of the present embodiment may include:
Preferably, the acquired identification information of the file is a HASH value of the file.
And 102, sending the scanning information to the remote monitoring center for storage.
Wherein the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
Preferably, the identification information of the removable storage medium includes a production serial number of the removable storage medium and user (e.g., user name) information.
In this embodiment, when the mobile storage medium is inserted into the data transmission interface, if the mobile storage medium is a registered device, the HASH value of the file is acquired while virus is being checked and killed, and the file is uploaded to the remote monitoring center for storage. The method can not only remove the USB flash disk virus file and protect the system safety, but also sense the file leakage and utilize the virus killing process to avoid the time and system resources consumed by obtaining the file information for the second time and improve the file management and control efficiency.
Fig. 2 is a flowchart of a second embodiment of a method for managing and controlling a file of a mobile storage medium of a client according to the present invention, as shown in fig. 2, the method of the present embodiment may include:
In this embodiment, the process of step 201-202 is similar to that of step 101-102 in the above method embodiment, and is not described herein again.
And 204, judging whether the remote monitoring center is matched with the identification information of the file to be copied, if so, executing the step 205, otherwise, executing the step 208.
In this embodiment, if the remote monitoring center stores the identification information of the confidential file in a preset knowledge base, when a user requests to copy a file in a registered mobile storage medium at a client, the remote monitoring center matches the identification information of the file to be copied in the knowledge base, and if the identification information of the file to be copied is matched, a notification of the identification information of the file to be copied is sent to the client, if the determination result of the step of the client is yes, step 205 is executed, and if the client receives the notification that the identification information of the file to be copied is not matched, the determination result of the step is no, and step 208 is executed.
And step 205, acquiring the identification information of the registered mobile storage medium and sending the identification information to the remote monitoring center.
And step 206, receiving the operation authority information of the file to be copied of the registered mobile storage medium sent by the remote monitoring center.
In this embodiment, the remote monitoring center determines, according to the identification information of the registered mobile storage medium and the identification information of the file to be copied, which are sent by the client, the operation authority of the current registered mobile storage medium on the file to be copied according to a predetermined management and control policy, and sends the operation authority information to the client.
And step 207, allowing or preventing the file to be copied from the registered mobile storage medium according to the operation authority information.
For example: if the operation authority information sent by the remote monitoring center specifies that the current registered mobile storage medium has the copy authority of the file to be copied, the file to be copied is allowed to be copied to the registered mobile storage medium, and if the operation authority information sent by the remote monitoring center specifies that the current registered mobile storage medium only has the browsing authority of the file to be copied or the mobile storage medium is prohibited from performing any operation on the file, the file to be copied in the registered mobile storage medium is prevented from being copied.
And step 208, preventing the file to be copied from being copied to the registered mobile storage medium.
In this embodiment, if the identification information of the file to be copied is not matched in the knowledge base of the remote monitoring center, it is not determined whether the file is a confidential file, so that the current registered mobile storage medium is prevented from copying the file to be copied to the registered mobile storage medium. Further, other operations on the file by the currently registered mobile storage medium can be prevented.
In the embodiment, a knowledge base used for storing identification information of the confidential files is preset in a remote monitoring center, the operation permission of the registered mobile storage medium for each confidential file is preset, when the registered storage medium wants to copy any file on the current client, whether the file currently used for the operation is the confidential file or not and whether the current mobile storage medium has the copy operation permission for the file or not can be judged, the copy operation of the file by the current mobile storage medium is allowed or prevented according to the obtained operation permission, the copying operation of the confidential file by the unauthorized mobile storage medium can be effectively prevented, the file on the confidential computer copied by the mobile storage medium can be effectively controlled, and the data security of the computer is further improved.
Preferably, after step 207 or step 208, the operation information may also be sent to the remote monitoring center; the current operation information includes the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file, and the operation record. That is, regardless of whether the current mobile storage medium is allowed to copy files, a series of data such as identification information of the current mobile storage medium and identification information of copied/copied files need to be transmitted to the remote monitoring center for storage, so as to trace back what person and what device operate on what files or want to operate on what files afterwards.
Preferably, when the client monitors that the data transmission interface has access to the mobile storage medium, a registration confirmation step of the mobile storage medium needs to be performed first, as shown in fig. 3, where the step 101 or 201 may specifically include:
In this embodiment, when it is monitored that the data transmission interface has access to the mobile storage medium, the identification information (such as a factory serial number) of the mobile storage medium is acquired and sent to the remote monitoring center.
Wherein, the registration result information comprises two results of registered result and unregistered result.
In this embodiment, the remote monitoring center pre-stores the identification information of the registered mobile storage medium, so that the registration result of the mobile storage medium can be obtained from the remote monitoring center each time according to the identification information of the currently accessed mobile storage medium.
And step 304, prompting the user to register the unregistered mobile storage medium.
In this embodiment, if the currently accessed mobile storage medium is an unregistered device, the user is prompted to register the device, for example, a registration button requesting registration may be provided to the user through a display screen of the current client.
For example, a user is provided with a registration button requesting registration through a display screen of the current client, and if the user clicks the registration button, the user is considered to initiate a registration request.
And step 306, acquiring the identification information of the unregistered mobile storage medium as registration information according to the registration request, and sending the registration information to a remote monitoring center.
In this embodiment, after the user initiates a registration request for the mobile storage medium, some information filling boxes may be provided for the user to input basic information of the current mobile storage medium, for example, information such as a user name of the mobile storage medium, and obtain information such as a factory serial number of the current mobile storage medium, which is used as identification information of the mobile storage medium, and send the information to the remote monitoring center.
In this embodiment, if a registration success message sent by the remote monitoring center is received, step 308 is executed, and if a registration failure message is received, step 309 is executed.
And 308, scanning the registered mobile storage medium in a virus searching and killing mode to acquire the identification information of the file stored on the registered mobile storage medium.
In this embodiment, if the currently accessed mobile storage medium is a registered device or the request registration is successful after the current access, which indicates that the mobile storage medium has the preliminary access permission, the registered mobile storage medium is scanned in a virus searching and killing manner, and the identification information of the file stored on the registered mobile storage medium is acquired while killing viruses.
In this embodiment, if the currently accessed mobile storage medium is an unregistered mobile storage medium and the user requests to perform registration authentication on the currently accessed mobile storage medium, the currently accessed mobile storage medium is directly moved out of the data transmission interface, and the currently accessed mobile storage medium is directly denied access.
In this embodiment, when the mobile storage medium is accessed, registration authentication is performed on the mobile storage medium first, and whether the mobile storage medium is a registered device is checked, where the registered device indicates that the unique identifier and the owner of the mobile storage medium are both recorded in the remote monitoring center, so as to be used for file leakage detection and subsequent management and control policy authority assignment. Only the registered mobile storage medium has the initial access authority, and after the access, the operation authority is confirmed according to the scheme shown in fig. 1 or fig. 2, so that the security performance of the computer material is further improved, and the condition that the current client material can be operated by accessing the equipment without the authority is prevented.
Corresponding to the method for managing and controlling the mobile storage medium file for the client provided by the embodiment of the invention, the embodiment of the invention also provides a method for managing and controlling the mobile storage medium file for a remote monitoring center, and the method comprises the following steps: storing the scanning information sent by the client; wherein the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon. That is, when the client accesses the registered mobile storage medium, all files on the client are scanned in a virus searching and killing manner, identification information of the files, such as HASH values of the files, is obtained, and the scanned information is uploaded to the remote monitoring center for storage. Therefore, the remote monitoring center stores the identification information of the files on all registered mobile storage media accessed on all monitored clients, and the method is convenient for quickly verifying the divulgence path when the files are divulged.
Fig. 4 is a flowchart of a first embodiment of a method for managing and controlling a file of a mobile storage medium in a remote monitoring center according to the present invention, as shown in fig. 4, the method of the present embodiment may include:
Preferably, the identification information of the removable storage medium includes a production serial number of the removable storage medium and user information.
And 403, judging whether the identification information of the file to be copied can be matched in the knowledge base or not according to the identification information of the confidential file pre-stored in the local knowledge base.
In this embodiment, identification information of a company confidential document, for example, a HASH value of the document, is batch-recorded in a knowledge base in advance.
In this embodiment, the client sends the identification information of the file to be copied of the currently registered mobile storage medium to the remote monitoring center, and the remote monitoring center searches whether the identification information of the file to be copied exists in the local knowledge base, and if the identification information of the file to be copied exists, the file to be copied is proved to be a confidential file and is notified to the client, so that the client further provides the identification information of the currently accessed registered mobile storage medium to authenticate the operation authority of the file.
The management and control strategy records the authority of the mobile storage medium for operating the confidential files, for example, records the corresponding relationship between the identifier of the mobile storage medium and the identifier of the confidential files capable of being operated by the mobile storage medium.
The governing policy may set the protection of file types, such as: managing and controlling office files, and not managing and controlling other files; user rights may also be set, such as: users with different functions can have operation authorities of different files; important file level operation permissions can also be set, such as: the unimportant files can be used by general personnel, and the important files can be used by special personnel. The management and control strategy can be added, deleted and modified in combination with the use scenes.
Preferably, the predetermined governing policy comprises: the corresponding relation between the identification information of the mobile storage medium and the allowed operation type and/or the allowed file security level; and the confidential files pre-stored in the knowledge base comprise file types and file security level attributes. For example, the governing policy may be stored as shown in table 1 below:
TABLE 1
For example, if the currently accessed registered mobile storage medium is the mobile storage medium 1 in table 1 above, the copy operation is allowed to be performed on Word and excel of the security level two, if the format of the current file to be copied recorded in the local repository is the Word file format, but the security level of the file is the security level one, and if the security level number is smaller, the higher the security is, that is, the security requirement of the security level one file is higher than that of the security level two file, it is determined that the mobile storage medium 1 does not have the authority to perform the copy operation on the file to be copied, and the operation authority information that the current mobile storage medium 1 is not allowed to copy the file to be copied is sent to the client.
Preferably, in the embodiment shown in fig. 4, after step 406, the method may further include the steps of: receiving and storing the current operation information sent by the client; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record. Whether the current mobile storage medium is allowed to copy the file or not, a series of data such as identification information of the current mobile storage medium and identification information of the copied/to-be-copied file sent by a client are stored, and aiming at the allowed operation, if the file is found to be leaked later, analysis is carried out on which mobile storage media and personnel according to scanning information and operation information, and the file is used in the operation; aiming at the blocking operation, which mobile storage media and people want to acquire files can be potentially discovered, so that the files can be timely processed and prevented from happening in the bud.
Fig. 5 is a flowchart of a second embodiment of a method for managing and controlling a file of a mobile storage medium in a remote monitoring center, and in this embodiment, on the basis of the embodiment of the method shown in fig. 4, the method further includes a step of how to obtain a possible leakage path after the file is leaked, and as shown in fig. 5, the method in this embodiment may include:
Wherein the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
And step 505, receiving the identification information of the registered mobile storage medium which requests to copy the file to be copied and sent by the client.
And step 507, receiving and storing the current operation information sent by the client.
The current operation information includes identification information of the current registered mobile storage medium, identification information of the current copied/to-be-copied file, and an operation record.
And step 508, receiving a file leakage query instruction.
In this embodiment, when a file is leaked, information (for example, a file name) of the leaked file may be directly input in the remote monitoring center for query.
And 509, acquiring the identification information of the leakage file pointed by the file leakage query instruction.
In this embodiment, the identification information of the leaked file is obtained according to the input information of the leaked file, for example, when the HASH value of the file is saved each time, attribute information such as the name, file format, size, and the like of the corresponding file may be stored correspondingly in advance, so as to facilitate quick acquisition of the identification information of the corresponding file when the query is leaked.
And step 510, acquiring the identification information of the registered mobile storage medium corresponding to the identification information of the leakage file from the stored scanning information and operation information.
Because the identification information of the registered mobile storage medium and the identification information of the file stored on the registered mobile storage medium are correspondingly stored in the scanning information stored each time, and the identification information of the registered mobile storage medium, the identification information of the file to be copied/copied at this time and the operation record are also stored in the operation information, the identification information of the registered mobile storage medium which is stored and/or is wanted to be copied can be obtained from the scanning information and the operation information through the identification information of the leaked file, so that the suspect of the mobile storage device can be quickly locked according to the inquired identification information (including the production serial number, the user name and the like) of the registered mobile storage medium.
Corresponding to the embodiment shown in fig. 3, before the step 401/501, a step of registration authentication of the mobile storage medium accessed by the client may be further included, as shown in fig. 6, including the following steps:
Wherein, the registration result information comprises two results of registered result and unregistered result;
Wherein the registration information includes identification information of the mobile storage medium.
In this step, if the unregistered mobile storage medium corresponding to the registration information is approved to be registered, step 604 is executed, and if the unregistered mobile storage medium corresponding to the registration information is prohibited from being registered, step 605 is executed, for example, the mobile storage medium that has previously leaked information is pre-added to a blacklist, and is prohibited from being registered again.
And step 604, storing the registration information and sending a registration success message to the client.
In this embodiment, the mobile storage medium allowing registration may be preset in the remote monitoring center as required, and the access right of the mobile storage medium at the client is directly controlled, so that the security performance of the computer data is further improved.
For example: by adopting the mobile storage medium file control method provided by the invention, when employees in a company use the USB flash disk to access a computer, viruses are checked and killed, the system safety is protected, and when the files are leaked, the leakage from the position can be sensed. Confidential documents in a company are input into a knowledge base of a remote monitoring center in advance, authority is given to functions of employees, normal operation documents of the employees are not affected, and document leakage caused by unauthorized operation is prevented.
Corresponding to the method for managing and controlling the mobile storage medium file for the client, the embodiment of the invention also provides a device for managing and controlling the mobile storage medium file for the client. Fig. 7 is a schematic structural diagram of a first embodiment of a mobile storage medium file management and control apparatus for a client according to the present invention, as shown in fig. 7, the apparatus of the present embodiment may include: a scanning module 11 and a first transmitting module 12; the scanning module 11 is configured to scan a registered mobile storage medium in a virus searching and killing manner when it is monitored that a registered mobile storage medium is accessed to a data transmission interface, and acquire identification information of a file stored on the registered mobile storage medium; the first sending module 12 is configured to send the scanning information to the remote monitoring center; the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 1, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a second embodiment of a mobile storage media file management and control device for a client according to the present invention, as shown in fig. 8, the device of the present embodiment further includes, based on the device structure shown in fig. 7: a first receiving module 13, a first obtaining module 14 and an operation control module 15; the first receiving module 13 is configured to send identification information of a file to be copied to a remote monitoring center when receiving a request for copying the file from the registered mobile storage medium; the remote monitoring center is also used for receiving a notice which is sent by the remote monitoring center and matched with the identification information of the file to be copied; the remote monitoring center is also used for receiving the operation authority information of the registered mobile storage medium to the file to be copied from the remote monitoring center; a first obtaining module 14, configured to obtain, according to the notification that the identification information of the file to be copied is matched and received by the first receiving module 13, the identification information of the registered mobile storage medium, and send the identification information to the remote monitoring center; and the operation control module 15 is configured to allow or prevent the file to be copied from being copied to the registered mobile storage medium according to the operation permission information received by the first receiving module 13.
The apparatus of this embodiment may be used to implement the technical solutions of the method embodiments shown in fig. 1 or fig. 2, and the implementation principles and technical effects are similar, which are not described herein again.
Preferably, in fig. 8, the first receiving module 13 is further configured to receive a notification sent by the remote monitoring center that the identification information of the file to be copied is not matched; the operation control module 15 is further configured to prevent the file to be copied from being copied to the registered mobile storage medium according to the notification that the identification information of the file to be copied is not matched, which is received by the first receiving module 13.
Preferably, as shown in fig. 8, the operation control module 15 is further configured to send the current operation information to the remote monitoring center through the first sending module 12; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
Fig. 9 is a schematic structural diagram of a third embodiment of a mobile storage medium file management and control apparatus for a client according to the present invention, as shown in fig. 9, the apparatus of this embodiment is based on the apparatus structure shown in fig. 7, and further, the first receiving module 13 is further configured to receive registration result information of the mobile storage medium sent by the remote monitoring center; the registration result information includes both registered and unregistered results. The scanning module 11 may include: a monitoring submodule 111, a prompting submodule 112, a registering submodule 113, an obtaining submodule 114, a scanning submodule 115 and a preventing submodule 116; the monitoring submodule 111 is configured to send identification information of a mobile storage medium to the remote monitoring center when it is monitored that the data transmission interface has access to the mobile storage medium; a prompting submodule 112, configured to prompt a user to register an unregistered mobile storage medium when the mobile storage medium is recorded as the unregistered mobile storage medium in the registration result information received by the first receiving module 13; a registration submodule 113, configured to receive a registration request for registering the unregistered mobile storage medium by a user; an obtaining submodule 114, configured to obtain, according to the registration request received by the registration submodule 113, identification information of the unregistered mobile storage medium, which is used as registration information and sent to the remote monitoring center; the scanning sub-module 114 is configured to scan the registered mobile storage medium in a virus searching and killing manner to obtain identification information of a file stored on the registered mobile storage medium when the mobile storage medium is recorded as the registered mobile storage medium in the registration result information received by the first receiving module 13 or a registration success message sent by the remote monitoring center is received; the blocking sub-module 115 is configured to move the unregistered mobile storage medium out of the data transmission interface when the user abandons registration of the unregistered mobile storage medium or receives a registration failure message sent by the remote monitoring center.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 3, and the implementation principle and the technical effect are similar, which are not described herein again.
Corresponding to the method for managing and controlling the mobile storage medium file for the remote monitoring center provided by the invention, the embodiment of the invention also provides a device for managing and controlling the mobile storage medium file for the remote monitoring center. Fig. 10 is a schematic structural diagram of a first embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention, as shown in fig. 10, the apparatus of the present embodiment may include: a storage module 201, configured to store scanning information sent by a client; wherein the scanning information includes identification information of the registered mobile storage medium and identification information of a file stored thereon.
Fig. 11 is a schematic structural diagram of a second embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention, as shown in fig. 11, the apparatus of the present embodiment further includes, on the basis of the apparatus structure shown in fig. 10: a second receiving module 202, a matching module 203, a first notifying module 204 and a permission determining module 205; the second receiving module 202 is configured to receive identification information of a file to be copied, where the file to be copied is sent from a client; the mobile storage device is also used for receiving the identification information of the registered mobile storage medium which requests to copy the file to be copied and is sent by the client; the matching module 203 is configured to determine whether the identification information of the file to be copied received by the second receiving module 202 can be matched in the local repository according to the identification information of the confidential file pre-stored in the local repository; a first notification module 204, configured to send a notification that the matching module 203 matches/does not match the identification information of the file to be copied to the client; the permission determining module 205 is configured to determine, according to a predetermined management and control policy, an operation permission of the registered mobile storage medium corresponding to the identification information received by the second receiving module 202 for the file to be copied, and send operation permission information to the client; and the management and control strategy records the authority of the mobile storage medium for operating the confidential file.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 4, and the implementation principle and the technical effect are similar, which are not described herein again.
Preferably, the second receiving module 202 is further configured to receive the current operation information sent by the client and store the current operation information in the storage module 201; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
Fig. 12 is a schematic structural diagram of a third embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention, as shown in fig. 12, the apparatus of the present embodiment further includes, on the basis of the apparatus structure shown in fig. 11: a third receiving module 206, a second obtaining module 207 and a query module 208; the third receiving module 206 is configured to receive a file leakage query instruction; a second obtaining module 207, configured to obtain identification information of a leakage file pointed by the file leakage query instruction; and the query module 208 is configured to obtain, from the scan information and the operation information stored in the storage module 201, the identification information of the registered mobile storage medium corresponding to the identification information of the leakage file.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 5, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 13 is a schematic structural diagram of a fourth embodiment of a mobile storage medium file management and control apparatus for a remote monitoring center according to the present invention, as shown in fig. 13, the apparatus of the present embodiment further includes, on the basis of the apparatus structure shown in fig. 10: a judging module 209, a second sending module 210, a registering module 211 and a second notifying module 212; the determining module 209 is configured to receive and determine whether a mobile storage medium corresponding to the identification information of the mobile storage medium sent by the client is registered; a second sending module 210, configured to send the registration result information of the mobile storage medium obtained by the determining module 209 to the client; wherein, the registration result information comprises two results of registered result and unregistered result; a registration module 211, configured to receive registration information sent by the client, and approve or prohibit registration of an unregistered mobile storage medium corresponding to the registration information; the registration information includes identification information of the mobile storage medium; a second notification module 212, configured to send a registration failure message to the client when the registration module 211 prohibits registration of an unregistered mobile storage medium corresponding to the registration information; or when the registration module 211 agrees to register the unregistered mobile storage medium corresponding to the registration information, the registration information is saved and a registration success message is sent to the client.
The apparatus of this embodiment may be used to implement the technical solution of the method embodiment shown in fig. 6, and the implementation principle and the technical effect are similar, which are not described herein again.
The embodiment of the invention also provides the electronic equipment. Fig. 14 is a schematic structural diagram of an embodiment of an electronic device of the present invention, which may implement a flow of an embodiment of a method for managing and controlling a file of a mobile storage medium for a client provided by the present invention, and as shown in fig. 14, the electronic device may include: the device comprises a shell 31, a processor 32, a memory 33, a circuit board 34 and a power circuit 35, wherein the circuit board 34 is arranged inside a space enclosed by the shell 31, and the processor 32 and the memory 33 are arranged on the circuit board 34; a power supply circuit 35 for supplying power to each circuit or device of the electronic apparatus; the memory 33 is used for storing executable program codes; the processor 32 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 33, so as to execute the file management and control method for the mobile storage medium of the client according to any one of the foregoing embodiments.
The invention also provides a mobile storage medium file management and control system, which comprises a client and a remote monitoring center, wherein the client can comprise any one of the mobile storage medium file management and control devices of the user client, and the remote monitoring center can comprise any one of the file management and control devices for the remote monitoring center, which is not described herein again.
The embodiment of the invention also provides another electronic device. Fig. 15 is a schematic structural diagram of another embodiment of an electronic device according to the present invention, which may implement a flow of an embodiment of a method for managing and controlling a file of a mobile storage medium for a remote monitoring center provided by the present invention, and as shown in fig. 15, the electronic device may include: the device comprises a shell 41, a processor 42, a memory 43, a circuit board 44 and a power circuit 45, wherein the circuit board 44 is arranged inside a space enclosed by the shell 41, and the processor 42 and the memory 43 are arranged on the circuit board 44; a power supply circuit 45 for supplying power to each circuit or device of the electronic apparatus; the memory 43 is used for storing executable program code; the processor 42 executes a program corresponding to the executable program code by reading the executable program code stored in the memory 43, so as to execute the method for managing and controlling a file of a mobile storage medium for a remote monitoring center according to any one of the foregoing embodiments.
The above electronic devices exist in a variety of forms, including but not limited to:
(1) a mobile communication device: such devices are characterized by mobile communications capabilities and are primarily targeted at providing voice, data communications. Such terminals include: smart phones (e.g., iphones), multimedia phones, functional phones, and low-end phones, among others.
(2) Ultra mobile personal computer device: the equipment belongs to the category of personal computers, has calculation and processing functions and generally has the characteristic of mobile internet access. Such terminals include: PDA, MID, and UMPC devices, etc., such as ipads.
(3) A portable entertainment device: such devices can display and play multimedia content. This type of device comprises: audio and video playing modules (such as an iPod), handheld game consoles, electronic books, and intelligent toys and portable car navigation devices.
(4) A server: the device for providing the computing service comprises a processor, a hard disk, a memory, a system bus and the like, and the server is similar to a general computer architecture, but has higher requirements on processing capacity, stability, reliability, safety, expandability, manageability and the like because of the need of providing high-reliability service.
(5) And other electronic equipment with data interaction function.
Preferably, the removable storage medium according to any of the above embodiments of the present invention is a usb disk.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. The term "comprising", without further limitation, means that the element so defined is not excluded from the group consisting of additional identical elements in the process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the apparatus embodiment, since it is substantially similar to the method embodiment, the description is relatively simple, and for the relevant points, reference may be made to the partial description of the method embodiment. For convenience of description, the above devices are described separately in terms of functional division into various units/modules. Of course, the functionality of the units/modules may be implemented in one or more software and/or hardware implementations of the invention.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. The storage medium may be a magnetic disk, an optical disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), or the like.
The above description is only for the specific embodiment of the present invention, but the scope of the present invention is not limited thereto, and any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope of the present invention are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (22)
1. A method for managing and controlling a file of a mobile storage medium is used for a client and comprises the following steps:
when it is monitored that a registered mobile storage medium is accessed to a data transmission interface, scanning the registered mobile storage medium in a virus searching and killing mode to acquire identification information of a file stored on the registered mobile storage medium;
sending the scanning information to a remote monitoring center; the scanning information comprises the identification information of the registered mobile storage medium and the identification information of the file stored on the registered mobile storage medium;
when a request for copying the file in the registered mobile storage medium is received, sending the identification information of the file to be copied to a remote monitoring center;
if receiving a notification sent by the remote monitoring center that the identification information of the file to be copied is not matched, preventing the file to be copied from being copied to the registered mobile storage medium, and preventing the current registered mobile storage medium from performing other operations on the file;
if receiving the notice which is sent by the remote monitoring center and matched with the identification information of the file to be copied, executing the following steps:
acquiring the identification information of the registered mobile storage medium and sending the identification information to the remote monitoring center;
receiving operation authority information of the registered mobile storage medium to the file to be copied, which is sent by the remote monitoring center;
and according to the operation authority information, allowing or preventing the file to be copied from being copied to the registered mobile storage medium.
2. The method for managing files in a mobile storage medium according to claim 1, further comprising, after allowing or preventing the files to be copied from being copied to the registered mobile storage medium:
sending the operation information to the remote monitoring center; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
3. The method for managing and controlling the files of the mobile storage media according to claim 1, wherein when it is monitored that the registered mobile storage media are accessed to the data transmission interface, the registered mobile storage media are scanned in a virus searching and killing manner, and the method comprises the following steps:
when it is monitored that a mobile storage medium is accessed to a data transmission interface, sending identification information of the mobile storage medium to the remote monitoring center;
receiving registration result information of the mobile storage medium sent by the remote monitoring center; the registration result information comprises two results, namely registered result and unregistered result;
when the mobile storage medium is an unregistered mobile storage medium, prompting a user to register the unregistered mobile storage medium;
receiving a registration request of a user for registering the unregistered mobile storage medium;
acquiring identification information of the unregistered mobile storage medium as registration information and sending the registration information to the remote monitoring center according to the registration request;
when the mobile storage medium is a registered mobile storage medium or a registration success message sent by the remote monitoring center is received, scanning the registered mobile storage medium in a virus checking and killing mode; and if the user abandons the registration of the unregistered mobile storage medium or receives a registration failure message sent by the remote monitoring center, moving the unregistered mobile storage medium out of the data transmission interface.
4. The method for managing and controlling the files of the mobile storage media according to any one of claims 1 to 3, wherein the identification information of the mobile storage media comprises a production serial number and user information of the mobile storage media.
5. The method for managing and controlling files of a mobile storage medium according to any one of claims 1 to 3, wherein the identification information of the file is a HASH value of the file.
6. A method for managing and controlling a file of a mobile storage medium is used for a remote monitoring center and comprises the following steps:
storing the scanning information sent by the client; wherein, the scanning information comprises the identification information of the registered mobile storage medium and the identification information of the file stored thereon; the identification information of the file stored on the mobile storage medium is obtained by scanning the registered mobile storage medium in a virus searching and killing mode when the client monitors that the registered mobile storage medium is accessed to the data transmission interface;
receiving identification information of a file to be copied sent by a client;
judging whether the identification information of the file to be copied can be matched in the knowledge base or not according to the identification information of the confidential file pre-stored in the local knowledge base;
sending a notification that the identification information of the file to be copied is not matched to the client so that the client prevents the file to be copied from being copied to the registered mobile storage medium and prevents the current registered mobile storage medium from performing other operations on the file; alternatively, the first and second electrodes may be,
sending a notice matched with the identification information of the file to be copied to the client;
receiving identification information of a registered mobile storage medium which requests to copy the file to be copied and is sent by a client;
determining the operation authority of the registered mobile storage medium on the file to be copied according to a preset control strategy, and sending operation authority information to the client; and the management and control strategy records the authority of the mobile storage medium for operating the confidential file.
7. The method for managing and controlling the files of the mobile storage medium according to claim 6, further comprising, after sending the operation authority information to the client:
receiving and storing the current operation information sent by the client; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
8. The method for managing and controlling the files of the mobile storage media according to claim 7, further comprising, after saving the scanning information sent from the client:
receiving a file leakage query instruction;
acquiring identification information of the leakage files pointed by the file leakage query instruction;
and acquiring the identification information of the registered mobile storage medium corresponding to the identification information of the leakage file from the stored scanning information and operation information.
9. The method for managing and controlling the files of the mobile storage media according to claim 6, further comprising, before saving the scanning information sent from the client:
receiving and judging whether the mobile storage medium corresponding to the identification information of the mobile storage medium sent by the client is registered or not;
sending the registration result information of the mobile storage medium to the client; the registration result information comprises two results, namely registered result and unregistered result;
receiving registration information sent by the client, and agreeing or forbidding the unregistered mobile storage medium corresponding to the registration information to register; the registration information includes identification information of the mobile storage medium;
if the unregistered mobile storage medium corresponding to the registration information is forbidden to be registered, sending a registration failure message to the client; if the unregistered mobile storage medium corresponding to the registration information is agreed to be registered, the registration information is saved and a registration success message is sent to the client.
10. The method according to claim 6, wherein the management policy includes: the corresponding relation between the identification information of the mobile storage medium and the allowed operation type and/or the allowed file security level;
and the confidential files pre-stored in the knowledge base comprise file types and file security level attributes.
11. The method for managing and controlling the files of the mobile storage media according to any one of claims 6 to 10, wherein the identification information of the mobile storage media includes a production serial number of the mobile storage media and user information.
12. The method for managing files of a mobile storage medium according to any one of claims 6 to 10, wherein the identification information of the file is a HASH value of the file.
13. A mobile storage medium file management and control device is used for a client and comprises:
the scanning module is used for scanning the registered mobile storage medium in a virus searching and killing mode to acquire identification information of a file stored on the registered mobile storage medium when the fact that the registered mobile storage medium is accessed to the data transmission interface is monitored;
the first sending module is used for sending the scanning information to the remote monitoring center; the scanning information comprises the identification information of the registered mobile storage medium and the identification information of the file stored on the registered mobile storage medium;
the first receiving module is used for sending the identification information of the file to be copied to a remote monitoring center when receiving a request for copying the file from the registered mobile storage medium; the remote monitoring center is also used for receiving a notice which is sent by the remote monitoring center and matched with the identification information of the file to be copied; the remote monitoring center is also used for receiving the operation authority information of the registered mobile storage medium to the file to be copied from the remote monitoring center; the remote monitoring center is also used for receiving a notice which is sent by the remote monitoring center and does not match the identification information of the file to be copied;
the first acquisition module is used for acquiring the identification information of the registered mobile storage medium according to the notification matched with the identification information of the file to be copied, which is received by the first receiving module, and sending the identification information to the remote monitoring center;
the operation control module is used for allowing or preventing the file to be copied from being copied to the registered mobile storage medium according to the operation authority information received by the first receiving module; and the first receiving module is further configured to prevent the file to be copied from being copied to the registered mobile storage medium and prevent the current registered mobile storage medium from performing other operations on the file according to the notification that the identification information of the file to be copied is not matched, and the notification is received by the first receiving module.
14. The device according to claim 13, wherein the operation control module is further configured to send the current operation information to the remote monitoring center through the first sending module; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
15. The apparatus according to claim 13, wherein the first receiving module is further configured to receive registration result information of the mobile storage medium sent from the remote monitoring center; the registration result information comprises two results, namely registered result and unregistered result;
the scanning module includes:
the monitoring submodule is used for sending the identification information of the mobile storage medium to the remote monitoring center when the data transmission interface is monitored to be accessed by the mobile storage medium;
the prompting sub-module is used for prompting a user to register the unregistered mobile storage medium when the mobile storage medium is recorded as the unregistered mobile storage medium in the registration result information received by the first receiving module;
the registration submodule is used for receiving a registration request of a user for registering the unregistered mobile storage medium;
the acquisition submodule is used for acquiring the identification information of the unregistered mobile storage medium as registration information according to the registration request received by the registration submodule and sending the registration information to the remote monitoring center;
the scanning sub-module is used for scanning the registered mobile storage medium in a virus killing mode to acquire the identification information of the file stored on the registered mobile storage medium when the mobile storage medium is recorded as the registered mobile storage medium in the registration result information received by the first receiving module or a registration success message sent by the remote monitoring center is received;
and the blocking submodule is used for moving the unregistered mobile storage medium out of the data transmission interface when the user abandons the registration of the unregistered mobile storage medium or receives a registration failure message sent by the remote monitoring center.
16. The utility model provides a mobile storage medium file management and control device which is used for remote monitoring center, includes:
the storage module is used for storing the scanning information sent by the client; wherein, the scanning information comprises the identification information of the registered mobile storage medium and the identification information of the file stored thereon; the identification information of the file stored on the mobile storage medium is obtained by scanning the registered mobile storage medium in a virus searching and killing mode when the client monitors that the registered mobile storage medium is accessed to the data transmission interface;
the second receiving module is used for receiving the identification information of the file to be copied sent by the client; the mobile storage device is also used for receiving the identification information of the registered mobile storage medium which requests to copy the file to be copied and is sent by the client;
the matching module is used for judging whether the identification information of the file to be copied received by the second receiving module can be matched in the knowledge base according to the identification information of the confidential file pre-stored in the local knowledge base;
the first notification module is used for sending a notification that the matching module is not matched with the identification information of the file to be copied to the client, so that the client prevents the file to be copied from being copied to the registered mobile storage medium and prevents the current registered mobile storage medium from performing other operations on the file; or sending a notification matched with the identification information of the file to be copied to the client;
the permission determining module is used for determining the operation permission of the registered mobile storage medium corresponding to the identification information received by the second receiving module on the file to be copied according to a preset management and control strategy and sending operation permission information to the client; and the management and control strategy records the authority of the mobile storage medium for operating the confidential file.
17. The apparatus according to claim 16, wherein the second receiving module is further configured to receive and store the current operation information sent by the client into the storage module; the current operation information comprises the identification information of the registered mobile storage medium, the identification information of the current copied/to-be-copied file and an operation record.
18. The file management apparatus for a mobile storage medium according to claim 17, further comprising:
the third receiving module is used for receiving a file leakage query instruction;
the second acquisition module is used for acquiring the identification information of the leakage file pointed by the file leakage query instruction;
and the query module is used for acquiring the identification information of the registered mobile storage medium corresponding to the identification information of the leakage file from the scanning information and the operation information stored in the storage module.
19. The file management apparatus according to claim 16, further comprising:
the judging module is used for receiving and judging whether the mobile storage medium corresponding to the identification information of the mobile storage medium sent by the client side is registered or not;
the second sending module is used for sending the registration result information of the mobile storage medium obtained by the judging module to the client; the registration result information comprises two results, namely registered result and unregistered result;
the registration module is used for receiving registration information sent by the client and agreeing or forbidding the registration of an unregistered mobile storage medium corresponding to the registration information; the registration information includes identification information of the mobile storage medium;
the second notification module is used for sending a registration failure message to the client when the registration module prohibits the unregistered mobile storage medium corresponding to the registration information from registering; or when the registration module agrees to register the unregistered mobile storage medium corresponding to the registration information, the registration information is saved and a registration success message is sent to the client.
20. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the mobile storage medium file management and control method of any one of the preceding claims 1 to 5.
21. An electronic device, characterized in that the electronic device comprises: the device comprises a shell, a processor, a memory, a circuit board and a power circuit, wherein the circuit board is arranged in a space enclosed by the shell, and the processor and the memory are arranged on the circuit board; the power supply circuit is used for supplying power to each circuit or device of the electronic equipment; the memory is used for storing executable program codes; the processor executes a program corresponding to the executable program code by reading the executable program code stored in the memory, and is used for executing the mobile storage medium file management and control method of any one of the preceding claims 6 to 12.
22. A mobile storage media file management and control system, comprising a remote monitoring center and at least one client, wherein the client comprises the mobile storage media file management and control device of any one of the preceding claims 13 to 15, and the remote monitoring center comprises the mobile storage media file management and control device of any one of the preceding claims 16 to 19.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711498913.0A CN108875373B (en) | 2017-12-29 | 2017-12-29 | Mobile storage medium file control method, device and system and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711498913.0A CN108875373B (en) | 2017-12-29 | 2017-12-29 | Mobile storage medium file control method, device and system and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108875373A CN108875373A (en) | 2018-11-23 |
| CN108875373B true CN108875373B (en) | 2021-04-20 |
Family
ID=64325889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711498913.0A Active CN108875373B (en) | 2017-12-29 | 2017-12-29 | Mobile storage medium file control method, device and system and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108875373B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109918908A (en) * | 2019-02-13 | 2019-06-21 | 广东华讯网络投资有限公司 | A kind of data safety detection system and business handling method |
| CN110674500B (en) * | 2019-09-04 | 2020-09-01 | 南方电网数字电网研究院有限公司 | Storage medium virus searching and killing method and device, computer equipment and storage medium |
| CN110851880A (en) * | 2019-10-16 | 2020-02-28 | 昆明灵智科技有限公司 | Computer data safety control system |
| CN112861177B (en) * | 2021-02-05 | 2021-11-19 | 深圳市辰星瑞腾科技有限公司 | Computer defense system based on Internet of things |
| CN113032854A (en) * | 2021-03-30 | 2021-06-25 | 杭州华澜微电子股份有限公司 | Electronic data safety transfer method |
| CN115879106A (en) * | 2021-09-28 | 2023-03-31 | 西门子(中国)有限公司 | Method and device for managing and controlling mobile storage equipment |
| CN114329420A (en) * | 2021-12-02 | 2022-04-12 | 杭州立思辰安科科技有限公司 | Access control method, device and system of removable storage equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1845136A (en) * | 2006-05-12 | 2006-10-11 | 曾庆华 | Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device |
| CN102737175A (en) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | Equipment access method and user equipment and device in data security protection and control |
| CN103914665A (en) * | 2012-12-30 | 2014-07-09 | 航天信息股份有限公司 | Method and device for protecting movable storage device data security |
| CN107239691A (en) * | 2017-05-12 | 2017-10-10 | 北京知道创宇信息技术有限公司 | To access computing device external device be controlled method, apparatus and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102063359B (en) * | 2010-11-02 | 2013-05-22 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN102915359B (en) * | 2012-10-16 | 2016-08-10 | 北京奇虎科技有限公司 | File management method and device |
| CN103731431A (en) * | 2014-01-10 | 2014-04-16 | 厦门市美亚柏科信息股份有限公司 | System and method for resource interaction between intranet device and external storage device |
| CN107483434A (en) * | 2017-08-10 | 2017-12-15 | 郑州云海信息技术有限公司 | The management system and method for a kind of movable storage device |
-
2017
- 2017-12-29 CN CN201711498913.0A patent/CN108875373B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1845136A (en) * | 2006-05-12 | 2006-10-11 | 曾庆华 | Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device |
| CN102737175A (en) * | 2011-09-23 | 2012-10-17 | 新奥特(北京)视频技术有限公司 | Equipment access method and user equipment and device in data security protection and control |
| CN103914665A (en) * | 2012-12-30 | 2014-07-09 | 航天信息股份有限公司 | Method and device for protecting movable storage device data security |
| CN107239691A (en) * | 2017-05-12 | 2017-10-10 | 北京知道创宇信息技术有限公司 | To access computing device external device be controlled method, apparatus and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108875373A (en) | 2018-11-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108875373B (en) | Mobile storage medium file control method, device and system and electronic equipment | |
| EP3905078A1 (en) | Identity verification method and system therefor | |
| US11736292B2 (en) | Access token management method, terminal, and server | |
| US10375116B2 (en) | System and method to provide server control for access to mobile client data | |
| CN103959857B (en) | Manage the mobile device application in wireless network | |
| US10084788B2 (en) | Peer to peer enterprise file sharing | |
| CN109756446B (en) | Access method and system for vehicle-mounted equipment | |
| CN110690972B (en) | Token authentication method and device, electronic equipment and storage medium | |
| WO2017143879A1 (en) | File permission management method and device | |
| JP2006085718A (en) | Granting license based on positional information | |
| CN111800273B (en) | Information processing method, electronic device, and storage medium | |
| WO2018126616A1 (en) | Sharing method, apparatus and system | |
| CN104969176B (en) | Method, device and medium for managing access of application to certificate and secret key | |
| CN104753864A (en) | Permission validation system and permission validation method | |
| CN111030982B (en) | Strong management and control method, system and storage medium for confidential files | |
| CN114035812A (en) | Application software installation and/or operation method, device, electronic equipment and storage medium | |
| CN114039779A (en) | Method and device for safely accessing network, electronic equipment and storage medium | |
| KR101249343B1 (en) | Method for protection of a digital rights file | |
| KR101374345B1 (en) | Resource security method, master server performing the same and storage media storing the same | |
| CN111490974B (en) | Cross-terminal registration method, client and registration server | |
| TWI707572B (en) | Intelligent network mobile terminal certification management system | |
| CN113779547A (en) | Management method and device of mobile storage equipment and electronic equipment | |
| CN115543361A (en) | File burning method and device, electronic equipment and storage medium | |
| CN117176367A (en) | Application sharing method based on block chain, file sharing method and device | |
| CN115310111A (en) | Permission white list management method, device, equipment, server and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |