CN112016130A - Terminal data leakage protection method - Google Patents

Terminal data leakage protection method Download PDF

Info

Publication number
CN112016130A
CN112016130A CN202010842278.9A CN202010842278A CN112016130A CN 112016130 A CN112016130 A CN 112016130A CN 202010842278 A CN202010842278 A CN 202010842278A CN 112016130 A CN112016130 A CN 112016130A
Authority
CN
China
Prior art keywords
file
terminal
encryption
data leakage
files
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010842278.9A
Other languages
Chinese (zh)
Inventor
郭希红
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Yinhe Storage Blockchain Co ltd
Original Assignee
Hangzhou Yinhe Storage Blockchain Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Yinhe Storage Blockchain Co ltd filed Critical Hangzhou Yinhe Storage Blockchain Co ltd
Priority to CN202010842278.9A priority Critical patent/CN112016130A/en
Publication of CN112016130A publication Critical patent/CN112016130A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a terminal data leakage protection method, which is characterized in that a UUID identification code is installed on a terminal, an installation path is hidden, and installation directory access and tampering are limited; opening a file at a terminal provided with the UUID identification code, and decrypting the file; encrypting the function of the file generated in operation automatically in real time; when the file in the terminal is opened by separating from the terminal environment, the opening is invalid, and if a malicious program is used for forcibly opening the file, the file is immediately and automatically destroyed or opened or is messy code. The method can implement automatic encryption protection on the whole process of the file, has the characteristics of forced encryption, automatic encryption, real-time encryption, dynamic encryption, invisible encryption and lossless encryption, and can automatically encrypt and decrypt the file without user intervention in the editing and using processes of the file.

Description

Terminal data leakage protection method
Technical Field
The invention relates to the field of data protection, in particular to a terminal data leakage protection method.
Background
Generally, an information security protection system consists of three links of a server, a network and a terminal,
the security loss of any link makes the security protection similar to the nominal one. That is, the server, the network and the terminal must form a secure closed loop.
However, in the information security system, the weakest link is the terminal security protection. At present, the technical means of terminal safety protection is very limited, and a plurality of potential safety hazards exist in a terminal, wherein the biggest problem is that the terminal generally has a data leakage risk.
In recent years, most of all security breaches are "internal breaches" rather than "external hacks". Statistically, more than 80% of information leakage events are caused by internal employee data leakage.
Therefore, it is important to prevent internal personnel data leakage in the information security solution, that is, if terminal data leakage protection, especially data leakage protection of internal personnel, is missing in an information security system, that is, the scheme is incomplete, and great potential safety hazards exist.
Disclosure of Invention
The invention aims to provide a terminal data leakage protection method aiming at the defects of the prior art.
In order to achieve the purpose, the invention adopts the following technical scheme:
a terminal data leakage protection method comprises the following steps:
s1, installing a UUID identification code at the terminal, hiding the installation path, limiting the access of the installation directory and limiting the tampering;
s2, opening the file at the terminal with the UUID identification code installed, and decrypting the file;
s3, encrypting the function of the file generated in the operation automatically in real time;
s4, when the file in the terminal is opened out of the terminal environment, displaying the opening invalidity,
s5, if the file is forced to be opened by the malicious program in the step S4, the file is immediately and automatically destroyed or opened or is messy code.
Further, the operation files in step S3 include a temporary file, a random file, an export file, and a saved file.
Further, the terminal also comprises a set authority white list and a document grouping white list.
Further, the permission white list comprises a list of different level groups according to the administrative level. The high-level group may review the low-level group ciphertext and the low-level group may not open the high-level group ciphertext.
Further, the document grouping white list comprises a top level management group, a department group and an instant project group.
Furthermore, the file in the terminal also comprises a specified file outgoing management step, which comprises the steps of setting the opening password, the opening times and the expiration time of the file outside the terminal.
Further, the UUID identification code in the terminal corresponds to a unique decoding key.
By adopting the technical scheme of the invention, the invention has the beneficial effects that: the method can implement automatic encryption protection on the whole process of the file, has the characteristics of forced encryption, automatic encryption, real-time encryption, dynamic encryption, invisible encryption and lossless encryption, and can automatically encrypt and decrypt the file without user intervention in the editing and using processes of the file. The method facilitates the operation of the terminal file with different authorities through the setting of various authorities. Meanwhile, the method also enables the terminal to have the function of preventing the files from leaking, and further avoids the leakage of the files.
Drawings
Fig. 1 is a flowchart of a terminal data leakage protection method provided by the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
The first embodiment,
As shown in the figure, a terminal data leakage protection method includes the following steps:
s1, installing a UUID identification code at the terminal, hiding the installation path, limiting the access of the installation directory and limiting the tampering;
s2, opening the file at the terminal with the UUID identification code installed, and decrypting the file;
s3, encrypting the function of the file generated in the operation automatically in real time; the operation files in the step S3 include a temporary file, a random file, an export file, and a saved file.
S4, when the file in the terminal is opened out of the terminal environment, displaying the opening invalidity,
s5, if the file is forced to be opened by the malicious program in the step S4, the file is immediately and automatically destroyed or opened or is messy code.
The method is strictly encrypted and protected no matter what file name is stored and what file format is converted, and even if some file recovery tools are used, the plaintext content of the encrypted document cannot be obtained. Without authorization, even the document author himself cannot obtain the document contents.
The document of the method is used after the terminal is authorized by the authority, and can not be used outside without manual encryption and decryption, so that the document is prevented from leaking fundamentally, and the encrypted document is normally used in the environment and is invalid when leaving the environment.
The method effectively prevents data leakage of internal personnel, particularly prevents data leakage protection of the internal personnel, and avoids potential safety hazards of secret-related files. The method is particularly suitable for program source codes of software companies, drawing files of engineering design companies, processes and formulas of manufacturing enterprises, military secrets related to military enterprises and the like, and once the program source codes are lost outside the enterprises, competitors or hostile forces, immeasurable loss is caused.
The method realizes a non-sensitive automatic encryption function, can implement automatic encryption protection on the whole process of the file, has the characteristics of forced encryption, automatic encryption, real-time encryption, dynamic encryption, invisible encryption and lossless encryption, and is characterized in that encryption and decryption are automatically carried out in the file editing and using processes without user intervention, so that a user is unconscious in practice. And the sensible decryption does not need plaintext transition, and plaintext is not generated on the disk. Once the encrypted file leaves the use environment, the file cannot be opened or the file cannot be opened without the use environment. The problem of document security is solved fundamentally by the non-inductive encryption.
UUID is an abbreviation for universal Unique Identifier (Universally Unique Identifier), a standard for software construction, and is also part of the open software foundation organization in the field of distributed computing environments. The aim is to enable all elements in the distributed system to have unique identification information without specifying the identification information through a central control end. In this way, everyone can create a UUID that does not conflict with others. In such a case, the name duplication problem at the time of database creation does not need to be considered. And the UUID identification code in the terminal corresponds to a unique decoding secret key.
Example II,
And installing the UUID identification code on the terminal, hiding the installation path, limiting the access of the installation directory and limiting the tampering, and then setting an authority white list and a document grouping white list by the terminal.
Preferably, the two are arranged simultaneously, so that not only daily operation but also document management are facilitated, and grading coordination is direct to operators.
The permission white list comprises different level group lists which are divided according to administrative levels. For example, a high-level group may review a low-level group's ciphertext, and a low-level group may not be able to open the high-level group's ciphertext. And can also set different levels of modification rights, whether to allow out-taking file rights, and the like between different kinds of operations. Different operations at various different levels may be set one-to-one, depending on the nature of the document itself.
The document grouping white list comprises a top level management group, a department group and an instant project group. For example, the ciphertext in the group can be intercommunicated or not communicated with different working groups according to division, and the ciphertext can not be accessed with each other. For another example, the highest-level management group is used for performing controlled ciphertext exchange between different working groups, and people who participate in the exchange group can access the files of the exchange group, and the exchange group can be created as required, so that the project work of cross-department can be conveniently developed.
Example III,
On the basis of the first or second embodiment, the file in the terminal further includes a step of specifying file outgoing management, including setting an open password, open times, and expiration time of the file outside the terminal. The cipher text protection method is very convenient for outgoing office needs of cipher texts, can carry documents to work, and constantly ensures that the documents are only stored on the protected compact disc.
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.

Claims (7)

1. A terminal data leakage protection method is characterized by comprising the following steps:
s1, installing a UUID identification code at the terminal, hiding the installation path, limiting the access of the installation directory and limiting the tampering;
s2, opening the file at the terminal with the UUID identification code installed, and decrypting the file;
s3, encrypting the function of the file generated in the operation automatically in real time;
s4, when the file in the terminal is opened out of the terminal environment, displaying the opening invalidity,
s5, if the file is forced to be opened by the malicious program in the step S4, the file is immediately and automatically destroyed or opened or is messy code.
2. The method for protecting terminal data leakage according to claim 1, wherein the operation files in step S3 include temporary files, random files, export files and saved files.
3. The method for protecting data leakage of a terminal according to claim 1, wherein the terminal further comprises a set authority white list and a document grouping white list.
4. The method as claimed in claim 3, wherein the permission white list includes different hierarchical group lists according to administrative levels.
5. The method as claimed in claim 3, wherein the document grouping white list includes a top management group, a department group and an instant project group.
6. The method for protecting data leakage of a terminal according to claim 1, wherein the file in the terminal further comprises a step of specifying file outgoing management, which comprises setting an open password, open times and expiration time of the file outside the terminal.
7. The method as claimed in claim 1, wherein the UUID id of the terminal is associated with a unique decoding key.
CN202010842278.9A 2020-08-20 2020-08-20 Terminal data leakage protection method Pending CN112016130A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010842278.9A CN112016130A (en) 2020-08-20 2020-08-20 Terminal data leakage protection method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010842278.9A CN112016130A (en) 2020-08-20 2020-08-20 Terminal data leakage protection method

Publications (1)

Publication Number Publication Date
CN112016130A true CN112016130A (en) 2020-12-01

Family

ID=73505300

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010842278.9A Pending CN112016130A (en) 2020-08-20 2020-08-20 Terminal data leakage protection method

Country Status (1)

Country Link
CN (1) CN112016130A (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716354A (en) * 2012-10-09 2014-04-09 苏州慧盾信息安全科技有限公司 Security protection system and method for information system
CN103778384A (en) * 2014-02-24 2014-05-07 北京明朝万达科技有限公司 Identity authentication based virtual terminal safety environment protection method and system
CN105631357A (en) * 2015-12-22 2016-06-01 洛阳师范学院 System and method for protecting information security of mobile terminals
CN110896400A (en) * 2019-12-03 2020-03-20 厦门一通灵信息科技有限公司 Data anti-disclosure access system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103716354A (en) * 2012-10-09 2014-04-09 苏州慧盾信息安全科技有限公司 Security protection system and method for information system
CN103778384A (en) * 2014-02-24 2014-05-07 北京明朝万达科技有限公司 Identity authentication based virtual terminal safety environment protection method and system
CN105631357A (en) * 2015-12-22 2016-06-01 洛阳师范学院 System and method for protecting information security of mobile terminals
CN110896400A (en) * 2019-12-03 2020-03-20 厦门一通灵信息科技有限公司 Data anti-disclosure access system

Similar Documents

Publication Publication Date Title
CN100568251C (en) The guard method of security files under cooperative working environment
CN101944168B (en) Electronic file authority control and management system
CN101341490B (en) Method for control access of file system, related system, SIM card and computer program product used therein
US20070136572A1 (en) Encrypting system to protect digital data and method thereof
Pub Data encryption standard (des)
KR20010088917A (en) Method of protecting digital information and system thereof
CN103530570A (en) Electronic document safety management system and method
CN101098224B (en) Method for encrypting/deciphering dynamically data file
CN112540957B (en) File secure storage and sharing system based on mixed block chain and implementation method
CN112115199A (en) Data management system based on block chain technology
CN105740725A (en) File protection method and system
CN116542637B (en) Government platform safety control method based on computer
CN104778954B (en) A kind of CD subregion encryption method and system
CN109388952A (en) A kind of method and apparatus of confidential document and security level identification binding
CN109063499A (en) A kind of electronic record area authorization method and system that flexibly can configure
CN110896400A (en) Data anti-disclosure access system
CN202872828U (en) A circulation control system of files
KR100819382B1 (en) Digital Information Storage System, Digital Information Security System, Method for Storing Digital Information and Method for Service Digital Information
CN109995735A (en) Downloading and application method, server, client, system, equipment and medium
CN107194269A (en) A kind of cipher machine and access control method based on RBAC
CN112016130A (en) Terminal data leakage protection method
CN101826964A (en) Outgoing document security management system supporting collaboration
CN106650492B (en) A kind of multiple device file guard method and device based on security catalog
CN112199688A (en) File encryption protection method and access control system
CN1617487A (en) Preventing system for information leakage under cooperative work environment and its realizing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination