CN1845136A - Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device - Google Patents
Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device Download PDFInfo
- Publication number
- CN1845136A CN1845136A CNA2006100316442A CN200610031644A CN1845136A CN 1845136 A CN1845136 A CN 1845136A CN A2006100316442 A CNA2006100316442 A CN A2006100316442A CN 200610031644 A CN200610031644 A CN 200610031644A CN 1845136 A CN1845136 A CN 1845136A
- Authority
- CN
- China
- Prior art keywords
- storage device
- movable storage
- confidential document
- unit
- secret
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for detecting the secret file between the computer and the movable memory device. Wherein, said moving memory device has serial label code representing its unique identification; when the moving memory device is connected to the secret computer to operate the secret film of computer, the secret computer will record the operation of moving memory device on the secret files, to be reported to the superior manage part, to realize the detection and management on the secret files. The invention can effectively avoid common worker obtaining secret files illegally, and avoid the secret workers obtaining secret files illegally, to bring them outside the secret area; and it records information that the secret files is brought outside the secret area and the operation on the secret files. The invention can improve the management on the secret files.
Description
Technical field
The present invention is mainly concerned with file safety monitoring system field in the computing machine, refers in particular to the monitoring and managing method and the device of confidential document between a kind of computing machine and the movable storage device.
Background technology
Along with the fast development that the continuous development and the informatization and network of computer technology are built, adopt computer office to become the development trend of present national governments and the office of all kinds of enterprise.The develop rapidly of science and technology also be unable to do without development of computer, Xiang Guan technical information also exists with the form of electronic document in a large number simultaneously, wherein comprised and related to trade secret and state secret in a large number, said nothing of of the requirement of organizational file confidentiality.The management of electronic security level file just becomes when last great research topic.The EDM System that occurs is primarily aimed at government department and requirement of enterprise at present, pay attention to improving the shared resource utilization factor, government and enterprise's office efficiency efficient, do not have a special system at file security, it is not enough that the confidentiality aspect of file is done, compare with the management system of papery level of confidentiality file maturation, do not have operations such as a cover confidential document monitoring and supervising system effectively controls the opening of electronic security level file, edits, copies, moves, deletion, can't track user mobile to the operation of file and file.Constituent parts is to the electronic security level file management at present, compare with papery level of confidentiality file, the electronic security level file management is relatively more chaotic, as long as the user can cross and land relating computer and just can watch All Files on the computing machine, and can open, edit, copy, move, delete this document, the method and the program that do not have a cover systemization, for approach, the scope of level of confidentiality file propagation, and the operation of file content lacks effectively tracking and control device.The user can use a slight flash disk just can with electronic security level file band from, cause secret to leak, and common EDM System is primarily aimed at is the operational efficiency that improves the utilization factor of electronic document and the transparency of society is improved whole unit, though some functions are also arranged at secret aspect, but can not prevent effectively that all the disabled user from copying electron gain level of confidentiality file, more can't control flowing of electronic security level file.
Existing enciphered mobile storage apparatus all is to be stored in the enciphered mobile storage apparatus after adopting software cryptography or software combined with hardware method of encrypting that confidential document is encrypted, and treats just can open after the user inputs password.Its at all be that the personal user manages the personal document, cryptographic object all is to think personally the file of very important need to be keep secret, but is not suitable for system management and monitoring to confidential document.Present enciphered mobile storage apparatus product design purpose is to satisfy often to carry file and go out, to the have certain requirements requirement of management of file security, its starting point is lower, only at the individual, purpose also only is the management function that the encryption of file does not have file, be not suitable as the secret document carrier of relating to of regular secret unit, can not satisfy of the requirement of present secret unit confidential document management control.Army and government department etc. all are limited to rules and regulations for the management that electronics relates to secret file always at present, technical do not have a cover effective method control to relating to secret file operation (comprise and open, edit, copy, delete, move), the information of record associative operation, operation of comprise the computing machine that opens file, open the people, carrying out etc. also fails effectively to control to carry (the taking secret place out of) of confidential document.Compare with papery level of confidentiality file, the electronic security level file management is relatively more chaotic, does not have the method and the program of a cover systemization, and for approach, the scope of level of confidentiality file propagation, and the operation of file content lacks effectively tracking and control device.
Summary of the invention
The technical problem to be solved in the present invention just is: at the technical matters of prior art existence, the invention provides and a kind ofly can effectively stop the ordinary person illegally to obtain confidential document, also can stop improper the obtaining confidential document and take it out of concerning security matters place of secret personnel, write down simultaneously that confidential document is taken out of the relevant information in secret place and to the monitoring and managing method and the device of confidential document between the computing machine of the associative operation of confidential document and the movable storage device, thereby greatly facilitate management confidential document.
In order to solve the problems of the technologies described above, the solution that the present invention proposes is: the monitoring and managing method of confidential document between a kind of computing machine and the movable storage device, it is characterized in that: movable storage device is provided with the sequence identifier sign indicating number of its unique identity of expression, when movable storage device links to each other with relating computer and the confidential document in the relating computer is operated, relating computer gets off movable storage device to the operation note of confidential document, and this operation note is reported upper management department preserve, thereby confidential document is implemented monitoring management.
Confidential document is carried out the concerning security matters grade separation and do corresponding sign on the file of different concerning security matters grades, movable storage device is carried out the concerning security matters grade separation, movable storage device can be operated confidential document corresponding with it.
When movable storage device open, edit, when deleting confidential document corresponding with it, relating computer can be noted with the sequence identifier sign indicating number of this movable storage device and to the concrete operations that confidential document carried out; When movable storage device copy or mobile confidential document corresponding with it, relating computer can be noted with the sequence identifier sign indicating number of this movable storage device and to the concrete operations that confidential document carried out, if the confidential document that copies in the movable storage device or move is deleted on an other relating computer, or during with the deletion of this confidential document in the relating computer, this moment, deleted confidential document can be considered as having given back and being recorded in the relating computer, the relating computer that this operation note is sent to upper management department is preserved, or relating computer and preservation by manually record being given upper management department, higher level department carries out the management of confidential document according to relevant information; When confidential document is copied on the equipment except that corresponding secret movable storage device, this operation will be prevented from.
Set up one or more confidential document folder or one or more concerning security matters subregion on the hard disk of described relating computer separately, the confidential document of also having done corresponding mark according to the concerning security matters grade separation is stored in confidential document folder or the concerning security matters subregion, and the confidential document in this confidential document folder or the concerning security matters subregion can be ordinary file form or special-purpose file layout.
Described movable storage device links to each other with a gate control system, utilize gate control system to monitor in real time to the discrepancy of movable storage device, when movable storage device to relating computer in after the confidential document operation having carried out not being inconsistent with its concerning security matters grade, gate control system will limit the discrepancy of movable storage device or by the mode of radio communication the confidential document on the movable storage device be wiped.
The maintenance device of confidential document between a kind of computing machine and the movable storage device, it is characterized in that: it comprises computing machine and movable storage device, and described movable storage device comprises central control unit, interface unit, Power Management Unit, file storage unit and information memory cell; Central control unit links to each other with computing machine by interface unit, is responsible for finishing and the communicating by letter of computing machine; Power Management Unit links to each other with central control unit, interface unit, file storage unit and information memory cell respectively, guarantees for whole movable storage device provides power supply; File storage unit links to each other with central control unit, is used for and computing machine exchange or storage associated documents; Information memory cell links to each other with central control unit, is used for preserving the sequence identifier sign indicating number and the fileinfo of its unique identity of expression that movable storage device is provided with.
Further be provided with wireless communication unit on the described movable storage device, this wireless communication unit links to each other with central control unit; Described Power Management Unit comprises primary power administrative unit and accessory power supply administrative unit, the primary power administrative unit links to each other with central control unit, interface unit and information memory cell and guarantees for it provides power supply, and the accessory power supply administrative unit links to each other with file storage unit and guarantees for it provides power supply.
Described maintenance device further comprises a gate control system, this gate control system is provided with second wireless communication unit that matches with wireless communication unit on the movable storage device, and this second wireless communication unit and wireless communication unit are used for making movable storage device and gate control system to realize communicating wireless signals.
Compared with prior art, advantage of the present invention just is:
The present invention effectively combines by relating computer, movable storage device and optional gate control system, the complete monitoring user is to the operations such as opening, edit, copy, delete, move of electronics confidential document, the copy source of tracking electronic confidential document, the operation user, and report and gather operation information, guaranteed the safety of electronics confidential document, realized comprehensive tracking confidential document.To accurately obtain the operation of all users by the present invention to the electronics confidential document, comprise document source, the operation user, " borrow " (copy) time, the operational computations machine, whether this document " gives back " (deletion), gives back relevant informations such as time, and can be by soft method or gate control system according to the fileinfo expired confidential document that should " give back " of deletion or the like automatically, also stop the disabled user to read the authority that confidential document or user surpass oneself simultaneously and read confidential document.Go on record because the associative operation information of electronics confidential document all returned, and report administrative authority record to gather by different modes, so administrative authority can clearly grasp the establishment of electronics confidential document by the fileinfo that gathers, whom checked by, whom copied by, which be distributed in now on computer or the movable storage device, both made things convenient for passing round and managing of electronics confidential document, comprehensively guaranteed the safety of electronics confidential document again, solved borrow, convenient management effectively and the contradiction between the secret and safe.By adding the wireless entrance guard system, can stop confidential document to be with without permission from the concerning security matters place, when an internal institution uses, the secret that guarantees our unit can not leak, can be used as believable confidential document carrier when using between unit is not using between the commensurate, stop and illegally take confidential document out of or wipe the confidential document of illegally taking out of, thereby guaranteed the security of confidential document reliably.
Description of drawings
Fig. 1 is the schematic flow sheet of method for supervising of the present invention;
Fig. 2 is the file layout synoptic diagram of confidential document in the specific embodiment of the invention;
Fig. 3 is encryption, the deciphering schematic flow sheet of confidential document of the present invention;
Fig. 4 is the schematic flow sheet of movable storage device of the present invention when confidential document is carried out opening operation;
Fig. 5 is that movable storage device of the present invention moves confidential document or the schematic flow sheet during deletion action;
Fig. 6 is the structural framing principle schematic of supervising device embodiment one of the present invention;
Fig. 7 is the structural framing principle schematic of supervising device embodiment two of the present invention;
Fig. 8 is the circuit theory synoptic diagram of central control unit on the movable storage device in the specific embodiment of the invention;
Fig. 9 is the circuit theory synoptic diagram of wireless communication unit on the movable storage device in the specific embodiment of the invention;
Figure 10 is the circuit theory synoptic diagram of second wireless communication unit in the gate control system in the specific embodiment of the invention;
Figure 11 is the circuit theory synoptic diagram of primary power administrative unit in the specific embodiment of the invention;
Figure 12 is the circuit theory synoptic diagram of accessory power supply administrative unit in the specific embodiment of the invention;
Figure 13 is the circuit theory synoptic diagram of file storage unit in the specific embodiment of the invention;
Figure 14 is the circuit theory synoptic diagram of information memory cell in the specific embodiment of the invention.
Marginal data
1, central control unit 2, interface unit
3, information memory cell 4, file storage unit
5, Power Management Unit 6, primary power administrative unit
7, accessory power supply administrative unit 8, wireless communication unit
9, second wireless communication unit 10, computing machine
11, movable storage device 12, gate control system
Embodiment
Below with reference to the drawings and specific embodiments the present invention is described in further details.
The monitoring and managing method of confidential document between computing machine of the present invention and the movable storage device, movable storage device 11 is provided with the sequence identifier sign indicating number of its unique identity of expression, when movable storage device 11 links to each other with relating computer 10 and the confidential document in the relating computer 10 is operated, relating computer 10 gets off the operation note of 11 pairs of confidential documents of movable storage device, and this operation note is reported upper management department preserve, thereby confidential document is implemented monitoring management.In the preferred embodiment, can further carry out the concerning security matters grade separation and on the file of different concerning security matters grades, do corresponding sign confidential document, movable storage device 11 is carried out the concerning security matters grade separation, movable storage device 11 can be operated confidential document corresponding with it.
When movable storage device 11 open, edit, when deleting confidential document corresponding with it, relating computer 10 can be noted with the sequence identifier sign indicating number of this movable storage device 11 and to the concrete operations that confidential document carried out; When movable storage device 11 copies or mobile confidential document corresponding with it, relating computer 10 can be noted with the sequence identifier sign indicating number of this movable storage device 11 and to the concrete operations that confidential document carried out, if the confidential document that copies in the movable storage device 11 or move is deleted on an other relating computer 10, or during with the deletion of this confidential document in the relating computer 10, deleted confidential document can be considered as having given back and be recorded in the relating computer 10 this moment, the relating computer 10 that this operation note is sent to upper management department is preserved, or relating computer 10 and preservation by manually record being given upper management department, higher level department carries out the management of confidential document according to relevant information; When confidential document is copied on the equipment except that corresponding secret movable storage device 11, this operation will be prevented from.As shown in Figure 1, when movable storage device 11 need be on relating computer 10 be done associative operation to confidential document, relating computer 10 will be compared to the concerning security matters grade of confidential document in the sequence identifier sign indicating number of movable storage device 11 and concerning security matters class letter and the relating computer 10, if conform to, then allow 11 pairs of confidential documents of this movable storage device to carry out operations, and note with the sequence identifier sign indicating number of movable storage device 11 with to the concrete operations of confidential document, the relating computer 10 that sends to upper management department by security network or other modes is preserved, perhaps relating computer 10 and the preservation by manually record being given upper management department, higher level department carries out the management of confidential document according to relevant information.The relating computer 10 of upper management department will be made corresponding processing according to the record under preserving to the confidential document in the movable storage device 11 in certain time limit.Like this, be numbered or do identify label by 10 pairs of movable storage devices 11 of upper management department relating computer, confidential document then can carry out the definition of concerning security matters grade or can do the definition of concerning security matters grade in any relating computer 10 in the upper management department relating computer 10 of some, therefore in whole administrative authority, confidential document is once by 11 operations of which movable storage device, borrow or copy, whether give back (i.e. deletion) after borrowing or copying, specifically finishing problems such as giving back operation on which platform relating computer 10 can both be placed on record and be reported one by one, has realized the tracing management to confidential document.
With an instantiation monitoring and managing method of the present invention is described in further details below.Security management software at first is installed on relating computer 10, and this security software monitoring and managing method according to the present invention designs.The function of security management software be to different files according to whether concerning security matters or concerning security matters grade classify, and the file of different security level is done corresponding mark, show the level of confidentiality of this confidential document and stop confidential document to copy on other relate to fully.And movable storage device 11 can write the sequence identifier sign indicating number of its unique identity of expression in its storage unit when producing, and the concerning security matters grade of movable storage device 11 done accordingly identifies.On the common computer 10 that security software is not installed, can not discern this secret movable storage device 11, perhaps be merely able to be identified as common enciphered mobile storage apparatus 11, can only see non-confidential document during communication, and can read and write non-confidential document in this secret movable storage device 11, but cannot see confidential document, also have no right to read and write confidential document.Have only security management software has been installed after, computing machine 10 just can read this confidential document, security software write down the information of this computing machine 10 automatically and to the operation of this document in secret movable storage device 11.Can on the hard disk of relating computer 10, set up one or more confidential document folder or one or more concerning security matters subregion earlier separately, the confidential document of also having done corresponding mark according to the concerning security matters grade separation is stored in confidential document folder or the concerning security matters subregion, and the confidential document in this confidential document folder or the concerning security matters subregion can be ordinary file form or special-purpose file layout.This mark can only be revised by this management software on the computing machine 10 that this security software is housed, and has got rid of by the possibility of other illegal modifications levels of confidentiality.Management software can operated situation such as open, edits, copies, deletes, move by log file.The file that is marked as concerning security matters can not arbitrarily copy, copy transmissions, and the carrier beyond local hard drive can only copy in the secret movable storage device 11 with certain concerning security matters grade when copying, and other carriers all can not copy this confidential document.If copied confidential document to secret mobile vehicle, security management software will be registered current copy function, when this movable storage device 11 takes the confidential document in it on the other relating computer 10 that security management software is installed, if deleted the confidential document in this movable storage device 11, or during with the deletion of this confidential document in the relating computer 10, will report the relating computer 10 of upper management department by security network (, can regularly collect the copy and the deletion information of confidential document) by secret department if unit does not have network.Owing on the secret mobile vehicle unique sequence identifier sign indicating number is arranged, and therefore secret mobile vehicle, has realized the tracing management of borrowing of electronic security level file by the unified allocation of secret department.In preferred embodiment, movable storage device 11 links to each other with a gate control system 12, is respectively equipped with the wireless communication module that matches on gate control system 12 and the movable storage device 11, can make gate control system 12 and movable storage device 11 carry out radio communication.Utilize gate control system 12 to monitor in real time to the discrepancy of movable storage device 11, after the operation that confidential document has carried out not being inconsistent with its concerning security matters grade in 11 pairs of relating computers 10 of movable storage device, gate control system 12 will limit the discrepancy of movable storage device 11 or by the mode of radio communication the confidential document information on the movable storage device 11 be wiped.For secret mobile device, when secret movable storage device 11 and relating computer 10 disconnects when being communicated with, secret movable storage device 11 is battery-powered, only for wireless communication module received signal use in the secret movable storage device 11.When the time at every turn by the hall, this wireless communication module receives the signal of hall gate control system 12, wake the central control unit of secret movable storage device 11 up, read the confidential document and the relevant information that was operated of record in the secret movable storage device 11 and transmit this hall gate control system 12.Gate control system 12 can write down the sequence identifier sign indicating number of this secret movable storage device 11 and the confidential document information in this secret movable storage device 11 automatically, and operate on it, then Room door is made corresponding switch control, perhaps send order and allow it wipe to secret movable storage device 11 to forbid the confidential document taken out of, thereby prevent illegally taking out of of confidential document.
In preferred embodiment, to the ciphering process of confidential document in two steps, utilize the des encryption algorithm to the confidential document content-encrypt with utilize the RAS cryptographic algorithm that the DES secret key is encrypted respectively.When the user generates a confidential document, application program generates a DES secret key of 64 at random automatically, with this DES secret key the content of confidential document is encrypted, then according to the setting of document creation person to file concerning security matters grade, this DES secret key is carried out RAS encrypts, DES secret key after at last this being encrypted is placed on the password area of confidential document, is received within 72 later content regions (referring to file layout shown in Figure 2) in after confidential document is encrypted.Simultaneously, in movable storage device 11, be provided with the RAS decryption key corresponding with confidential document according to the concerning security matters grade separation, because unique determinacy of the sequence identifier sign indicating number of secret movable storage device 11 identity, it can not be revised, just be merely able to be opened by secret movable storage device 11 users of specified permission so encrypt this confidential document of back, this authority is corresponding with the concerning security matters grade of confidential document.In the present embodiment, file permission and file concerning security matters grade are as shown in table 1.
Table 1
| The concerning security matters grade | Open authority | Could revise | Code |
| Common | Everyone | Be | 0 |
| Secret | All dishes of maintaining secrecy | Be | 1 |
| Secret A | All dishes of maintaining secrecy | Not | 2 |
| Secret | Specific several secret dish | Be | 3 |
| Secret A | Specific several secret dish | Not | 4 |
| Top-secret | The document creation person maintains secrecy and coils | Be | 5 |
| Top-secret A | The document creation person maintains secrecy and coils | Not | 6 |
In preferred embodiment, the suffix of confidential document is .zsf, through after the application program deciphering, and the application call relative program content that opens file.
As shown in Figure 3, when needs carried out opening operation to confidential document, at first the private spoon declassified document head password area that provides according to movable storage device 11 obtained the DES decryption key, according to the content of DES secret key deciphering confidential document, call the confidential document running program simultaneously and open file then; Behind the confidential document end of operation, the user preserves confidential document, generates the DES secret key simultaneously at random, encrypt the confidential document content, according to the sequence identifier code encryption DES secret key of movable storage device 11 identity, form the encrypt file form at last, finally be saved in the relating computer 10.
As shown in Figure 4, in the present embodiment, chosen to carry out by the user when file and open or during editing operation, management software checks at first whether this document is confidential document, if common file, then permitted user is carried out all operations at this document.If this document is a confidential document, so just at first see whether secret movable storage device 11 has been plugged, have only the secret movable storage device 11 of working as to plug, and the identity identity code of this secret movable storage device 11 has the authority of opening this document, then allow the user to open this document, management software meeting simultaneously is computing machine 10 machine name of this confidential document of recording operation at once, the identify label sign indicating number of running time and secret movable storage device 11, and the relating computer 10 that this information sends to upper management department preserved or by manual record and preserve, higher level department carries out the management of confidential document according to relevant information.If the authority that the user only opens file, and the authority of not editing this document, then the operation of all editor's this document of user all can be prevented from, and comprises that other method all can be prevented from the user by all.If the user has editor's authority, then the management software relating computer 10 noting the information such as identify label sign indicating number, operational computations machine 10, running time of the secret movable storage device 11 of filename, security classification, reviser that is modified and send to upper management department is preserved or by manual record and preserve, higher level department carries out the management of confidential document according to relevant information.Operation to confidential document all can go on record like this, has guaranteed the complete of confidential document, security.
As shown in Figure 5, to the management process of the moving of file, deletion action.Management software is at first checked the strong confidential document that whether belongs to of this article, all can carry out if not all operations to this document then.If this document is a confidential document, or but only be in confidential document folder or concerning security matters subregion, to move deletion, so also can carry out.If move out this document folder or subregion, then need to check whether secret movable storage device 11 is arranged, whether secret movable storage device 11 has the authority of move, if do not have, operation failure.If this authority is arranged, management software allows move operation, and file can copy secret movable storage device 11 to and get on.Management software is noted the time that this document is copied then, computer name, information such as Classification Documents grade, preservation is got off, and the relating computer 10 that sends to upper management department is preserved or by manual record and preservation, higher level department carries out the management of confidential document according to relevant information.
As shown in Figure 6, the embodiment one of the maintenance device of confidential document between computing machine of the present invention and the movable storage device, it comprises computing machine 10 and movable storage device 11, and this movable storage device 11 comprises central control unit 1, interface unit 2, Power Management Unit 5, file storage unit 4 and information memory cell 3; Central control unit 1 links to each other with computing machine 10 by interface unit 2, is responsible for finishing and the communicating by letter of computing machine 10; Power Management Unit 5 links to each other with central control unit 1, interface unit 2, file storage unit 4 and information memory cell 3 respectively, guarantees for whole movable storage device 11 provides power supply; File storage unit 4 links to each other with central control unit 1, is used for and computing machine 10 exchanges or storage associated documents information; Information memory cell 3 links to each other with central control unit 1, is used for preserving the sequence identifier sign indicating number and the fileinfo of its unique identity of expression that movable storage device 11 is provided with.Wherein, central control unit 1 is main to be responsible for and the communicating by letter of computing machine 10, and whether verification is secure computer 10, and can the expanded function realization to the function of the superencipher of file.Central control unit 1 also is in charge of the additional information of file, sends or receive the information of processing wireless transmission/reception, communicates by letter with gate control system 12.Movable storage device 11 secret aspect, central control unit 1 can be hidden the partition table of carriers such as FLASH or portable hard drive, and legal usage can read partition table, thereby reads file, the disabled user can not read partition table or can only reading section, can not see confidential document.In preferred embodiment, as shown in Figure 7, embodiment two and embodiment once difference be further to be provided with on the movable storage device 11 wireless communication unit 8, and Power Management Unit 5 comprises primary power administrative unit 6 and accessory power supply administrative unit 7, and this wireless communication unit 8 links to each other with central control unit 1; Power Management Unit 5 comprises primary power administrative unit 6 and accessory power supply administrative unit 7, primary power administrative unit 6 links to each other with central control unit 1, interface unit 2 and information memory cell 3 and guarantees for it provides power supply, and accessory power supply administrative unit 7 links to each other with file storage unit 4 and guarantees for it provides power supply.When primary power administrative unit 6 links to each other with relating computer 10 at movable storage device 11, primary power administrative unit 6 can be central control unit 1, interface unit 2 and information memory cell 3 power supplies, and for the battery of primary power administrative unit 6 partly charges, accessory power supply administrative unit 7 then is separately file storage unit 4 power supplies; When movable storage device 11 and relating computer 10 disconnect is connected after, the battery part of primary power administrative unit 6 can be waken central control unit 1 back up at wireless communication unit 8 and power for central control unit 1, accessory power supply administrative unit 7 is not worked.Like this, just can prevent that the information in the file storage unit 4 is sent out away when movable storage device 11 communicates by wireless communication unit 8 and other equipment.Maintenance device further comprises a gate control system 12, this gate control system 12 is provided with second wireless communication unit 9 that matches with wireless communication unit 8 on the movable storage device 11, and this second wireless communication unit 9 and wireless communication unit 8 are used for making movable storage device 11 and gate control system 12 to realize communicating wireless signals.Wireless communication unit 8 on the movable storage device 11 links to each other with central control unit 1, and this wireless communication unit 8 can be used for carrying out data communication with other equipment, mainly is responsible for the transmitting-receiving of data and to the work that wakes up of central control unit 1.After movable storage device 11 and being connected of computing machine 10 disconnected, total system was by battery-powered operation.At this moment have only wireless communication unit 8 to be responsible for received signal, central control unit 1 is in park mode.When the user who holds movable storage device 11 passes in and out the hall door, movable storage device 11 receives the signal of second wireless communication unit 9 on the gate control system 12, wake central control unit 1 up, central control unit 1 communicates by wireless communication unit 8 and gate control system 12, send confidential document information in the information memory cell 3 of movable storage device 11 and to the relevant information of file operation, and the instruction that central control unit 1 provides by wireless communication unit 8 receiving gate access control systems 12, and can make operation according to this instruction, these operations comprise the relevant information of removing this document itself or file etc.
The movable storage device 11 of present embodiment is an example with the flash disk of USB interface, elaborates in conjunction with each circuit theory diagrams.
As shown in Figure 8, the central control unit in the embodiment of the invention 1 adopts the USB interface chip CY7C68013 of CYPRESS company.It comprises intelligent USB interface, can finish the conversion of usb protocol automatically, has simplified 8051 programming; Enhancement mode 8051 kernels, the instruction cycle had only for 4 clock period, and performance can reach 8051 5~10 times of standard, and is compatible fully with 8051 instructions of standard.Height integrated microprocessor, RAM, SIE (serial interface engine) and DMA.USB2.0 transmission speed actual speed can reach 29MB/s.The 18th, 19 leg connection interface unit 2 of 68013 chips are D+, the D-data port of USB interface, finish usb bus communication; RXD0 and RXD0 are respectively serial input and output mouth, are connected to wireless communication unit 8.VCC on the receiving end of wireless communication unit 8 and the usb bus with after be connected to the WAKEUP mouth of 68013 chips, to wake 68013 chips when flash disk has been connected to up after computing machine 10 or wireless communication unit 8 have received signal, usual it be in dormant state.The SCL of 68013 chips and SDA are its I
2The C bus interface is connected to storage unit 24LC64 chip.The 24LC64 chip is program and the fileinfo that 64K_EEPROM is used for storing 68013 chips.The A0 of 68013 chips~A15 mouth and D0~D7 reserves as outside RAM interface, when doing some complicated cryptographic algorithm if desired, can expand this RAM.
As shown in Figure 9, be located at the wireless communication unit 8 on the movable storage device 11 in the embodiment of the invention, its chip adopts Northern Europe monolithic wireless receiving and dispatching one chip nRF401 of integrated circuit company.This nRF401 chip adopts bluetooth core technical design, has comprised in the chip of one 20 pin that high-frequency emission, high frequency receive, PLL is synthetic, FSK modulation, FSK demodulation, multichannel switching, is present integrated level high product.Shown in figure, the DIN of nRF401 chip, DOUT port are respectively the data receiver and the data of chip and send end, and the data that the serial delivery outlet TXD0 of 68013 chips will send output to the DIN mouth of nRF401 chip, send then; The data that the nRF401 chip receives are given 68013 chips through processing such as chip demodulation back by DOUT.The TXEN of nRF401 chip is the transceiver mode control port, is receiving mode when TXEN=0, and equaling at 1 o'clock is emission mode.Under battery powered mode, the nRF401 chip is a receiving mode, will wake 68013 chips up after it receives signal, and 68013 chips are communicated by letter with the gate control system 12 in hall by nRF401 chip transceive data.
As shown in figure 10, second wireless communication unit 9 on the gate control system 12, its left-hand component is the nRF401 transceiver module, outside connected mode is identical with wireless communication unit 8 on the movable storage device 11, selects 0 passage to communicate.NRF401 is connected on the gate control system 12 by MAX232A.Module is in sending mode in the time of common, in case having received the signal of this emission, flash disk will wake central control unit 1 up, central control unit 1 will send to this module to the relevant information of this flash disk, sending gate control system 12 then to communicates between the two, the information decoding that gate control system 12 meetings send over according to central control unit 1, read the sequence identifier sign indicating number of movable storage device 11 and the information of alternative document, thereby make corresponding action or send the central control unit 1 of order to flash disk, after central control unit 1 receives order, make corresponding action.If the very high confidential document of rank is arranged in the secret flash disk, gate control system 12 does not allow this flash disk to take the hall out of, does not just open the hall door, and sends the sound of warning.If this user gos out by force, gate control system 12 can be given an order to the flash disk single-chip microcomputer, thereby destroys this document fully, stops the illegal outflow of confidential document.
As shown in figure 11, the primary power administrative unit 6 in the embodiment of the invention comprises lithium battery, lithium cell charging chip MAX1811 and voltage stabilizing chip TPS76033.The MAX1811 chip is the charger of Li+ battery, and when SETI was low level, charging current was 100mA, and charging current is 500mA when SETI is high level.Because the electric current that USB port can provide is 500mA to the maximum, but in order to guarantee the operate as normal of other ports, so the SETI end is dragged down, charging current is set at 100mA.The TPS76033 chip is a Voltage stabilizing module, input and output 3.3V voltage, and power supply uses for other chips.When flash disk was connected on the usb bus, bus provided power supply to the Li+ battery charge, and by voltage stabilizing chip TPS76033 voltage was become 3.3V and offer other chips; When flash disk was not connected on the computing machine 10, battery was given other chips (removing the FLASH chip) power supply by the TPS76033 chip power supply.
As shown in figure 12, the accessory power supply administrative unit 7 in the embodiment of the invention is to aim at the FLASH chip power supply is provided.ASM1117 is a DC-DC voltage transitions chip, and it is transformed into 3.3VDC with the DC of the 5V on the usb bus, and the FLASH chip is given in power supply then.In the time of equipment divorced from computer 10, this module is not worked, and the FLASH chip does not have power supply to read and write, thereby has guaranteed in the wireless communication procedure safety of confidential document in the FLASH chip.
As shown in figure 13, the file storage unit 4 in the embodiment of the invention adopts Samsung A+ level storage chip K9K2G08UOMFLASH chip, and its capacity is 256MB, and the overhead provision of 8MB also is provided simultaneously.It can finish the editing operation of 2112 bytes of one page in 400us, can also finish the erase operation of 128kb in 2ms, and the data in the data field can be read with the speed of 50ns/B simultaneously.Instruction, address, data all write by the I/O pin, and are latched at the rising edge of #WE.Because the physical space of chip is 256M, need 29 address wires, be divided into column address and row address, programming needs 5 addressing periods, and concrete operations decide according to instruction length and command function.The PAB0 of 68013 chips of central control unit 1~7 connect the I/O mouth of K9K2G08U0M chip, realize instruction, address, data transmission, change into: RE, WE, CLE, ALE that CTL0~3 connect the K9K2G08U0M chip respectively realize the director data of K9K2G08U0M chip is latched and read and write control, and the continuous output of control data.The RDY0 mouth of 68013 chips of central control unit connects the R/#B mouth of K9K2G08U0M chip, the mode of operation of display chip.#WP is write-protect, connects high level.FLASH adopts the FAT16 format, and its partition table of format back is retained in certain location, can not directly be read by computing machine 10, thus the safety of files that guarantees.Unauthorized connection is can not read partition table also just can not see confidential document, can not read file.
As shown in figure 14, the information memory cell in the embodiment of the invention 3 adopts the 24LC64 chip.The 24LC64 chip is the serial EEPROM of 64K, passes through I
2The C universal serial bus is controlled.68013 chips of central control unit 1 are read and write EEPROM by SCL and SDA, and WP is write-protect control.The firmware of 68013 chips that the 24LC64 chip is used for storing on the one hand, the relevant information that is used for preserving confidential document on the other hand.File storage unit 4 is separated with information memory cell 3 can prevent effectively that confidential document from leaking.
Claims (9)
1, the monitoring and managing method of confidential document between a kind of computing machine and the movable storage device, it is characterized in that: movable storage device is provided with the sequence identifier sign indicating number of its unique identity of expression, when movable storage device links to each other with relating computer and the confidential document in the relating computer is operated, relating computer gets off movable storage device to the operation note of confidential document, and this operation note is reported upper management department preserve, thereby confidential document is implemented monitoring management.
2, the monitoring and managing method of confidential document between computing machine according to claim 1 and the movable storage device, it is characterized in that: confidential document is carried out the concerning security matters grade separation and do corresponding sign on the file of different concerning security matters grades, movable storage device is carried out the concerning security matters grade separation, movable storage device can be operated confidential document corresponding with it.
3, the monitoring and managing method of confidential document between computing machine according to claim 1 and 2 and the movable storage device, it is characterized in that: when movable storage device open, edit, when deleting confidential document corresponding with it, relating computer can be noted with the sequence identifier sign indicating number of this movable storage device and to the concrete operations that confidential document carried out; When movable storage device copy or mobile confidential document corresponding with it, relating computer can be noted with the sequence identifier sign indicating number of this movable storage device and to the concrete operations that confidential document carried out, if the confidential document that copies in the movable storage device or move is deleted on an other relating computer, or during with the deletion of this confidential document in the relating computer, this moment, deleted confidential document can be considered as having given back and being recorded in the relating computer, the relating computer that this operation note is sent to upper management department is preserved, or relating computer and preservation by manually record being given upper management department, higher level department carries out the management of confidential document according to relevant information; When confidential document is copied on the equipment except that corresponding secret movable storage device, this operation will be prevented from.
4, the monitoring and managing method of confidential document between computing machine according to claim 1 and 2 and the movable storage device, it is characterized in that: set up one or more confidential document folder or one or more concerning security matters subregion on the hard disk of described relating computer separately, the confidential document of also having done corresponding mark according to the concerning security matters grade separation is stored in confidential document folder or the concerning security matters subregion, and the confidential document in this confidential document folder or the concerning security matters subregion can be ordinary file form or special-purpose file layout.
5, the monitoring and managing method of confidential document between computing machine according to claim 1 and 2 and the movable storage device, it is characterized in that: described movable storage device links to each other with a gate control system, utilize gate control system to monitor in real time to the discrepancy of movable storage device, when movable storage device to relating computer in after the confidential document operation having carried out not being inconsistent with its concerning security matters grade, gate control system will limit the discrepancy of movable storage device or by the mode of radio communication the confidential document on the movable storage device be wiped.
6, the monitoring and managing method of confidential document between computing machine according to claim 3 and the movable storage device, it is characterized in that: described movable storage device links to each other with a gate control system, utilize gate control system to monitor in real time to the discrepancy of movable storage device, when movable storage device to relating computer in after the confidential document operation having carried out not being inconsistent with its concerning security matters grade, gate control system will limit the discrepancy of movable storage device or by the mode of radio communication the confidential document on the movable storage device be wiped.
7, the maintenance device of confidential document between a kind of computing machine and the movable storage device, it is characterized in that: it comprises computing machine and movable storage device, and described movable storage device comprises central control unit, interface unit, Power Management Unit, file storage unit and information memory cell; Central control unit links to each other with computing machine by interface unit, is responsible for finishing and the communicating by letter of computing machine; Power Management Unit links to each other with central control unit, interface unit, file storage unit and information memory cell respectively, guarantees for whole movable storage device provides power supply; File storage unit links to each other with central control unit, is used for and computing machine exchange or storage associated documents; Information memory cell links to each other with central control unit, is used for preserving the sequence identifier sign indicating number and the fileinfo of its unique identity of expression that movable storage device is provided with.
8, the maintenance device of confidential document between computing machine according to claim 7 and the movable storage device is characterized in that: further be provided with wireless communication unit on the described movable storage device, this wireless communication unit links to each other with central control unit; Described Power Management Unit comprises primary power administrative unit and accessory power supply administrative unit, the primary power administrative unit links to each other with central control unit, interface unit and information memory cell and guarantees for it provides power supply, and the accessory power supply administrative unit links to each other with file storage unit and guarantees for it provides power supply.
9, the maintenance device of confidential document between computing machine according to claim 8 and the movable storage device, it is characterized in that: described maintenance device further comprises a gate control system, this gate control system is provided with second wireless communication unit that matches with wireless communication unit on the movable storage device, and this second wireless communication unit and wireless communication unit are used for making movable storage device and gate control system to realize communicating wireless signals.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100316442A CN1845136A (en) | 2006-05-12 | 2006-05-12 | Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2006100316442A CN1845136A (en) | 2006-05-12 | 2006-05-12 | Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1845136A true CN1845136A (en) | 2006-10-11 |
Family
ID=37064064
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2006100316442A Pending CN1845136A (en) | 2006-05-12 | 2006-05-12 | Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1845136A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102063359A (en) * | 2010-11-02 | 2011-05-18 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN101237353B (en) * | 2007-09-07 | 2011-10-05 | 北京飞天诚信科技有限公司 | A method and system for monitoring mobile storage device based on USBKEY |
| US8493176B2 (en) | 2007-05-29 | 2013-07-23 | Sharp Kabushiki Kaisha | Image data management system |
| CN104183032A (en) * | 2014-07-25 | 2014-12-03 | 陕西千山航空电子有限责任公司 | Cockpit audio caching recorder |
| CN105488379A (en) * | 2015-11-27 | 2016-04-13 | 贵州航天风华精密设备有限公司 | Identity key for test process of classified computer or spacecraft product |
| CN108875373A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Mobile memory medium file management-control method, device, system and electronic equipment |
-
2006
- 2006-05-12 CN CNA2006100316442A patent/CN1845136A/en active Pending
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8493176B2 (en) | 2007-05-29 | 2013-07-23 | Sharp Kabushiki Kaisha | Image data management system |
| CN101237353B (en) * | 2007-09-07 | 2011-10-05 | 北京飞天诚信科技有限公司 | A method and system for monitoring mobile storage device based on USBKEY |
| CN102063359A (en) * | 2010-11-02 | 2011-05-18 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN102063359B (en) * | 2010-11-02 | 2013-05-22 | 北京安天电子设备有限公司 | Method and device for monitoring data for USE mobile storage device |
| CN104183032A (en) * | 2014-07-25 | 2014-12-03 | 陕西千山航空电子有限责任公司 | Cockpit audio caching recorder |
| CN105488379A (en) * | 2015-11-27 | 2016-04-13 | 贵州航天风华精密设备有限公司 | Identity key for test process of classified computer or spacecraft product |
| CN108875373A (en) * | 2017-12-29 | 2018-11-23 | 北京安天网络安全技术有限公司 | Mobile memory medium file management-control method, device, system and electronic equipment |
| CN108875373B (en) * | 2017-12-29 | 2021-04-20 | 北京安天网络安全技术有限公司 | Mobile storage medium file control method, device and system and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101430752B (en) | Sensitive data switching control module and method for computer and movable memory device | |
| CN101853363B (en) | File protection method and system | |
| CN102254117B (en) | Virtualized technology-based data anti-disclosure system | |
| CN101916342A (en) | Secure mobile storage device and method for realizing secure data exchange by using same | |
| CN1845136A (en) | Method and apparatus for monitoring and managing secret-involved file between computer and mobile storage device | |
| CN102855452A (en) | Method for following quick data encryption strategy based on encryption piece | |
| CN1585325A (en) | Zoned based security administration for data items | |
| CN102207912A (en) | Flash memory equipment for realizing partition function on equipment side and access method of flash memory equipment | |
| CN102930216A (en) | Encrypt file management method based on wireless USB (Universal Serial Bus) flash disc | |
| CN102200948A (en) | Multi-partition memory device and access method thereof | |
| CN1234130C (en) | System guiding device base on core and method for realizing said guide | |
| CN114239015B (en) | Data security management method and device, data cloud platform and storage medium | |
| CN102053926A (en) | Storage device and data security control method thereof | |
| CN110874483A (en) | Method and device for preventing personal information from being leaked | |
| CN108287988B (en) | Security management system and method for mobile terminal file | |
| CN202177904U (en) | Intelligent encrypted key based on audio interface | |
| CN102651079B (en) | IC (integrated circuit) card management method occupying memory space for a short time and IC card management system | |
| CN202838313U (en) | Encrypted mobile hard disk of integrated NFC technology | |
| CN102761559B (en) | Network security based on private data shares method and communication terminal | |
| CN201365347Y (en) | Mobile telephone with independent built-in data assistant device | |
| CN201838004U (en) | Hardware encryption card for computer interface | |
| CN114340051A (en) | Portable gateway based on high-speed transmission interface | |
| CN110059507B (en) | System and method for realizing intelligent safety USB flash disk | |
| CN107451456A (en) | Mode control method and related product | |
| CN207924674U (en) | A kind of safety chip encryption of living body finger print identification can manage USB flash drive |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20061011 |