CN202171805U - Computer confidential management system - Google Patents
Computer confidential management system Download PDFInfo
- Publication number
- CN202171805U CN202171805U CN2011202050276U CN201120205027U CN202171805U CN 202171805 U CN202171805 U CN 202171805U CN 2011202050276 U CN2011202050276 U CN 2011202050276U CN 201120205027 U CN201120205027 U CN 201120205027U CN 202171805 U CN202171805 U CN 202171805U
- Authority
- CN
- China
- Prior art keywords
- flash disk
- concerning security
- security matters
- gatherer
- connects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Lifetime
Links
Images
Abstract
The utility model discloses a computer confidential management system, which relates to the field of information security and comprises a management terminal, a network device and a plurality of user terminals connected with the management terminal through the network device. Each user terminal is matched with a multifunctional leading-in device with a bidirectional data transmission channel and a unidirectional data transmission channel. Security protection of sensitive data of confidential industries is improved by managing and controlling interaction of confidential data of a mobile storage device and illegal external-connection prying of each user terminal, and disclosure of confidential information caused by illegal connection to the internet of a confidential computer or interactive utilization of the mobile device is effectively avoided.
Description
Technical field
The utility model relates to information security field, relates in particular to a kind of computer security management system.
Background technology
The continuous progress of the Along with computer technology and the network information technology, information security issue are severe more.
At present; The inner net computer of concerning security matters connects internet, mobile memory medium in violation of rules and regulations and intersects that to use be that the main cause of a lot of classified information system leakage of a state or party secret takes place in China in recent years, also is two approach of mainly divulging a secret finding in central government and state organs' censorship simultaneously; And the important need that the unidirectional importing relating computer of external information is a concerning security matters unit.To the classified information system secrecy safety management status of above-mentioned sternness, how to strengthen the management and the monitoring of inner net computer and movable storage device operating position, become the key that prevents that the inner leakage of a state or party secret from taking place.
Summary of the invention
The purpose of the utility model is to provide a kind of computer security management system, can better solve the problem that confidential data is leaked.
According to an aspect of the utility model, said computer security management system comprises management end, the network equipment, via a plurality of user sides that the network equipment is connected with said management end, also comprises:
Each user side is furnished with a multi-functional gatherer with data double-way transmission channel and data sheet to transmission channel.
Further, the data double-way transmission channel of said multi-functional gatherer comprises:
The concerning security matters USB interface that connects the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit that connects said concerning security matters USB interface.
Further, the data sheet of said multi-functional gatherer comprises to transmission channel:
The generic USB interface that connects common flash disk;
The transmitting terminal that connects said generic USB interface;
The receiving end that connects said transmitting terminal via optical fiber.
Further, said multi-functional gatherer also comprises:
The USB HUB chip that connects said concerning security matters flash disk authentication circuit and said receiving end;
The special-purpose multifunctional gatherer interface that connects said USB HUB chip.
Further, said user side comprises the user side illegal external connection module that is used to monitor and report the illegal external connection operation.
Further, said user side also comprises and is used for the concerning security matters flash disk that management and control inserts and the user side medium management module of common flash disk.
Further, said user side also comprises the multi-functional importing module of user side that is used to import confidential data.
Further, said management end is furnished with a multi-functional gatherer.
Further, said management end comprises management end illegal external connection module, management end medium management module, the multi-functional importing module of management end.
Compared with prior art, the beneficial effect of the utility model is:
The utility model is through carrying out the illegal external connection detection and movable storage device being carried out the mutual management and control of confidential data to user side; Improved of the security protection of concerning security matters industry, effectively prevented because of relating computer connects the internet in violation of rules and regulations, the movable storage device intersection is used the classified information leakage of a state or party secret that causes to sensitive data.
Description of drawings
Fig. 1 is a kind of computer security management systematic schematic diagram of the utility model;
Fig. 2 is a kind of computer security management system schematic of the utility model embodiment;
Fig. 3 is the multi-functional gatherer structural representation of the utility model;
Fig. 4 is the user side inner structure synoptic diagram of the utility model;
Fig. 5 is the management end inner structure synoptic diagram of the utility model.
Embodiment
Be elaborated below in conjunction with the preferred embodiment of accompanying drawing, should be appreciated that following illustrated preferred embodiment only is used for explanation and explains the utility model, is not limited to the utility model the utility model.
Fig. 1 has shown a kind of computer security management systematic schematic diagram that the utility model provides; As shown in Figure 1; Said computer security management system comprises management end 1, the network equipment 2, via a plurality of user sides 3 that the network equipment is connected with said management end, also comprise:
Each user side is furnished with one and has data double-way transmission channel and data sheet to the multi-functional gatherer 4 of transmission channel, is used between flash disk and user side 3, transmitting confidential data.
Said flash disk comprises special-purpose flash disk of concerning security matters and common flash disk.Wherein, Profile, interface, internal data format, unique ID and authentication mode that the special-purpose flash disk of said concerning security matters has regulation; Its usable range of may command; For example only limit to me and use, be used for and multi-functional gatherer to be used the two-way confidential data of accomplishing between special-purpose flash disk of concerning security matters and the user side 3 mutual.The special-purpose flash disk of concerning security matters at first inserts multi-functional gatherer 4 in use, verifies user password then.Because the data read-write operation process of the special-purpose flash disk of concerning security matters comprises the encapsulation or the analyzing step of data, and the data field adopted the private file form, therefore; In illegal environment; Can not be by the operating system Direct Recognition, the special-purpose flash disk of concerning security matters can't the normal load drive, promptly can't normally use.In addition, the private file form of said data field also can't be converted into Standard File Format.
Further, the data double-way transmission channel of said multi-functional gatherer 4 comprises:
The concerning security matters USB interface 41 that connects the special-purpose flash disk of concerning security matters is used to insert the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit 42 that connects said concerning security matters USB interface is used for the special-purpose flash disk of the concerning security matters that insert is carried out authentication.
Further, the data sheet of said multi-functional gatherer 4 comprises to transmission channel:
Connect the generic USB interface 43 of common flash disk, be used to insert common flash disk;
The transmitting terminal 44 that connects said generic USB interface;
The receiving end 45 that connects said transmitting terminal via optical fiber.
Said data sheet is utilized in the optical fiber between transmitting terminal 44 and the receiving end 45 to transmission channel, realizes the one-way transmission of data.
Further, said multi-functional gatherer 4 also comprises:
Connect the USB HUB chip 46 of said concerning security matters flash disk authentication circuit 42 and said receiving end 45, be used to receive confidential data from bidirectional data path and one-way data passage;
Connect the special-purpose multifunctional gatherer interface 47 of said USB HUB chip 46, be used for said confidential data is sent to user side 3.
Further, said user side 3 comprises the user side illegal external connection module 31 that is used to monitor and report the illegal external connection operation.
Further, said user side 3 also comprises and is used for the concerning security matters flash disk that management and control inserts and the user side medium management module 32 of common flash disk.
Further, said user side 3 also comprises the multi-functional importing module 33 of user side that is used to import confidential data.
Said management end 1 also is furnished with a multi-functional gatherer 4.
Said management end 1 comprises the management end illegal external connection module 11 that is used for management audit user side 3 and management end medium management module 12 and the multi-functional importing module 13 of management end that is used to import confidential data.
Fig. 2 has shown a kind of computer security management system schematic of the utility model embodiment; As shown in Figure 2, a plurality of user sides 3, multi-functional gatherer 4 that said computer security management system comprises management end 1, the network equipment 2, is connected with said management end 1 through the network equipment 2.
The management end software of said management end 1 is installed on Windows 2000/2003 operating system; Have management end software, can be placed in the machine room, control by control desk; With contact directly through the network equipment 2 and user side 3, and with all information stores in database.The keeper realizes the management to system through its keeper's identity key login system, comprises to the issuing of the control strategy of user side 3, like the CD of control user side 3, the use or the forbidding of floppy disk.The auditor can pass through its auditor's identity key login system, realizes the audit to system, for example to the usage log audit of user side 3, the audit etc. of reporting to the police.
The user side software of said user side 3 is installed in each user side, is used for user side is monitored.Said user side comprises the concerning security matters network terminal and concerning security matters unit, and wherein, said concerning security matters unit is the portable computer that user side software is installed.
Said multi-functional gatherer is at the management end 1 of installation administration end software and/or be equipped with on each user side 3 of user side software and use.Its concerning security matters USB interface connects the special-purpose flash disk of concerning security matters, realizes the data access of the special-purpose flash disk of concerning security matters; Its generic USB interface connects common flash disk, with unidirectional management end and/or the user side that imports to concerning security matters of the non-confidential data in the common flash disk of non-concerning security matters.Wherein, Profile, interface, internal data format, unique ID and authentication mode that the special-purpose flash disk of said concerning security matters has regulation; Its usable range of may command; For example only limit to me and use, be used for and multi-functional gatherer to be used the two-way confidential data of accomplishing between special-purpose flash disk of concerning security matters and user side 3/ management end 1 mutual.The special-purpose flash disk of concerning security matters at first inserts multi-functional gatherer 4 in use, verifies user password then.Because the data read-write operation process of the special-purpose flash disk of concerning security matters comprises the encapsulation or the analyzing step of data, and the data field adopted the private file form, therefore; In illegal environment; Can not be by the operating system Direct Recognition, the special-purpose flash disk of concerning security matters can't the normal load drive, promptly can't normally use.In addition, the private file form of said data field also can't be converted into Standard File Format.
Fig. 3 has shown the multi-functional gatherer structural representation of the utility model, and is as shown in Figure 3, and said multi-functional gatherer 4 has data double-way transmission channel and data sheet to transmission channel, wherein:
The data double-way transmission channel of said multi-functional gatherer 4 comprises:
The concerning security matters USB interface 41 that connects the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit 42 that connects said concerning security matters USB interface.
The data sheet of said multi-functional gatherer 4 comprises to transmission channel:
The generic USB interface 43 that connects common flash disk;
The transmitting terminal 44 that connects said generic USB interface;
The receiving end 45 that connects said transmitting terminal via optical fiber.
Said multi-functional gatherer also comprises:
The USB HUB chip 46 that connects said concerning security matters flash disk authentication circuit 42 and said receiving end 45;
The special-purpose multifunctional gatherer interface 47 that connects said USB HUB chip 46.
This device imports in the concerning security matters environment the external information in the common flash disk is unidirectional to transmission channel through data sheet; Through the confidential data of the special-purpose flash disk of the mutual concerning security matters of data double-way transmission channel and user side/management end, effectively avoid the information in the concerning security matters environment to lose and leakage through common flash disk.Compare with common flash disk, the special-purpose flash disk of concerning security matters has characteristics such as internal data format, unique ID and authentication mode, uses on the user side 3 that the special-purpose flash disk of concerning security matters can only the management end 1 in Intranet be set.
Through this device; The user can freely select the file in common flash disk and/or the concerning security matters flash disk; Want to pass which file and promptly can pass which file; Remove the user from and be and avoid importing unwanted information and have to file in common flash disk and/or the concerning security matters flash disk is carried out regular deletion repeatedly or empties operation, uses easylier, its importing efficient and dirigibility improve greatly; The import operation of All Files all can be accomplished through the button on the panel, need not keyboard and mouse, and is easy-to-use; When being imported into file selection mistake or error of transmission, all can stop file transfer at any time, use more flexible.
The data rate of this device is adjustable, and BMB24-2010 requires transmission speed to be not less than 500KB/S.This device is regulated and control the data boot speed according to the actual requirements, and speed is divided into 5 grades; Default rate is 1 grade, can reach 900KB/S, and the highest 5 grades can reach 4MKB/S; The rate adjusted joint has more compatible when the new and old computing machine that disposes in the face of various height.
This device is realized the parsing to common flash disk and/or concerning security matters flash disk file directory from hardware bottom layer; Comprise filename, file size, file attribute are resolved; And the unidirectional concerning security matters host side (user side or management end) that uploads to; The user is through document directory structure viewing files directly perceived just like this, and technology is bottom more; Key function really realizes at inner nuclear layer, as to peripheral hardware control, illegal external connection monitoring etc., the inner nuclear layer security higher, compatible better, control is more accurate, program run efficient is higher, the monitoring feedback is safer quick.
Fig. 4 has shown the user side inner structure synoptic diagram of the utility model, and is as shown in Figure 4, comprising:
Said user side 3 comprises the user side illegal external connection module 31 that is used to monitor and report the illegal external connection operation; Whether said user side illegal external connection module 31 real-time supervisory user ends connect the internet in violation of rules and regulations; If unlawful practice occurring reports warning message immediately, and the blocking-up network connects.
Said user side 3 also comprises and is used for the concerning security matters flash disk that management and control inserts and the user side medium management module 32 of common flash disk; Said user side medium management module 32 realizes functions such as the registration, inquiry of the special-purpose flash disks of concerning security matters, and prevents the illegal or the forgery of the special-purpose flash disk log-on message of concerning security matters.
Said user side 3 also comprises the multi-functional importing module 33 of user side that is used to import confidential data.
Fig. 5 has shown the management end inner structure synoptic diagram of the utility model, and is as shown in Figure 5, and said management end 1 comprises management end illegal external connection module 11, management end medium management module 12, the multi-functional importing module 13 of management end.
Said management end illegal external connection module 11 is used for the Real-time Monitor Management end and whether connects the internet in violation of rules and regulations, if unlawful practice occurring sends warning message immediately, and the blocking-up network connects; Also be used for the illegal external connection operation of user side is audited.
Said management end medium management module 12 is used to realize functions such as the registration, inquiry of the special-purpose flash disk of concerning security matters; And preventing the illegal or the forgery of the special-purpose flash disk log-on message of concerning security matters, use or the forbidding that also is used for the special-purpose flash disk of common flash disk, concerning security matters, CD-ROM drive or floppy drive to user side managed and audited.
The multi-functional importing module 13 of said management end is used for the multi-functional gatherer 4 that matching management end 1 is furnished with, and carries out the mutual of confidential data, and the unidirectional importing of general data.
That is to say that management end is also managed user side and audited except the management of the monitoring of self being carried out illegal external connection and mobile memory medium, comprising reports to the police is provided with, daily record audit, strategy are provided etc.
In sum, the utlity model has following technique effect:
1, the illegal external connection module of the present invention through user side realizes that illegal external connection surveys, and that avoids that the interception of common fire wall causes fails to report, and prevents the wrong report that the destruction of rogue program is caused, and can reach the barrier effect that outreaches of Millisecond;
2, the present invention has realized the unidirectional importing of non-confidential data in the common flash disk through multi-functional gatherer, makes user side and/or the management end can leak data;
3, the present invention cooperates multi-functional gatherer through using the special-purpose flash disk of concerning security matters, realizes the mutual of user side and/or management end data and concerning security matters flash disk data;
4, management end of the present invention is through setting authority to user side, and the use or the forbidding of control ustomer premises access equipment avoid user side to walk around the device control strategy through the killing process.
Above-mentioned specific embodiment is used for the described technology of more detailed description the utility model; Be not used in restriction the utility model; Therefore, all any modification, improvement and replacements of on the basis of the utility model, being made are included within the protection domain of the utility model.
Claims (5)
1. computer security management system; The a plurality of user sides (3) that comprise management end (1), the network equipment (2), are connected with said management end via the network equipment; It is characterized in that each user side is furnished with a multi-functional gatherer (4) with data double-way transmission channel and data sheet to transmission channel.
2. system according to claim 1 is characterized in that, the data double-way transmission channel of said multi-functional gatherer (4) comprising:
The concerning security matters USB interface (41) that connects the special-purpose flash disk of concerning security matters;
The concerning security matters flash disk authentication circuit (42) that connects said concerning security matters USB interface.
3. system according to claim 1 is characterized in that, the data sheet of said multi-functional gatherer (4) comprises to transmission channel:
The generic USB interface (43) that connects common flash disk;
The transmitting terminal (44) that connects said generic USB interface;
The receiving end (45) that connects said transmitting terminal via optical fiber.
4. according to any described system of claim 1-3, it is characterized in that said multi-functional gatherer also comprises:
The USB HUB chip (46) that connects said concerning security matters flash disk authentication circuit (42) and said receiving end (45);
The special-purpose multifunctional gatherer interface (47) that connects said USB HUB chip (46).
5. system according to claim 4 is characterized in that, said management end (1) is furnished with a multi-functional gatherer (4).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011202050276U CN202171805U (en) | 2011-06-17 | 2011-06-17 | Computer confidential management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011202050276U CN202171805U (en) | 2011-06-17 | 2011-06-17 | Computer confidential management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202171805U true CN202171805U (en) | 2012-03-21 |
Family
ID=45829997
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011202050276U Expired - Lifetime CN202171805U (en) | 2011-06-17 | 2011-06-17 | Computer confidential management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202171805U (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632068A (en) * | 2013-11-19 | 2014-03-12 | 国网河南省电力公司南阳供电公司 | Internet-violation-preventing device for electric power information system |
| CN104579626A (en) * | 2014-08-13 | 2015-04-29 | 中铁信安(北京)信息安全技术有限公司 | Unidirectional transmission based electronic document output management and control system and method |
| CN109299604A (en) * | 2018-08-16 | 2019-02-01 | 中国电子科技集团公司电子科学研究院 | A kind of data exporting system, method and storage medium |
| CN109753832A (en) * | 2017-11-08 | 2019-05-14 | 山东超越数控电子股份有限公司 | A kind of safe Ferrying machine system and its implementation |
-
2011
- 2011-06-17 CN CN2011202050276U patent/CN202171805U/en not_active Expired - Lifetime
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103632068A (en) * | 2013-11-19 | 2014-03-12 | 国网河南省电力公司南阳供电公司 | Internet-violation-preventing device for electric power information system |
| CN103632068B (en) * | 2013-11-19 | 2016-08-24 | 国网河南省电力公司南阳供电公司 | Power information system anti-illegal external connection device |
| CN106372494A (en) * | 2013-11-19 | 2017-02-01 | 国网河南省电力公司南阳供电公司 | Anti-violation external connection apparatus |
| CN106372494B (en) * | 2013-11-19 | 2019-03-19 | 国网河南省电力公司南阳供电公司 | Anti- illegal external connection device |
| CN104579626A (en) * | 2014-08-13 | 2015-04-29 | 中铁信安(北京)信息安全技术有限公司 | Unidirectional transmission based electronic document output management and control system and method |
| CN104579626B (en) * | 2014-08-13 | 2017-08-25 | 中铁信安(北京)信息安全技术有限公司 | A kind of electronic document output management and control system and method based on one-way transmission |
| CN109753832A (en) * | 2017-11-08 | 2019-05-14 | 山东超越数控电子股份有限公司 | A kind of safe Ferrying machine system and its implementation |
| CN109299604A (en) * | 2018-08-16 | 2019-02-01 | 中国电子科技集团公司电子科学研究院 | A kind of data exporting system, method and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101430752B (en) | Sensitive data switching control module and method for computer and movable memory device | |
| CN101901315B (en) | Security isolation and monitoring management method of USB mobile storage media | |
| CN201479143U (en) | Intranet safety management system | |
| CN102195991A (en) | Terminal security management and authentication method and system | |
| CN103391216A (en) | Alarm and blocking method for illegal external connections | |
| CN102156844A (en) | Implementation method of electronic document on-line/off-line safety management system | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN103942478A (en) | Method and device for identity verification and authority management | |
| KR101276261B1 (en) | Security System For Remote Connection | |
| CN202171805U (en) | Computer confidential management system | |
| CN105027498A (en) | A method, system and device for securely storing data files at a remote location by splitting and reassembling said files | |
| CN101127069A (en) | System, apparatus and method for providing data security using USB device | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| KR20010078840A (en) | Security System detecting the leak of information using computer storage device | |
| CN101667934A (en) | Centralized supervision device and supervision method of USB interface equipment networking | |
| CN101894242A (en) | System and method for protecting information safety of mobile electronic equipment | |
| CN102110201A (en) | System for monitoring and auditing compact disc burning | |
| CN111680900A (en) | Work order issuing method and device, electronic equipment and storage medium | |
| CN112837194A (en) | Intelligent system | |
| CN201491036U (en) | Host monitoring and auditing system | |
| US20030131261A1 (en) | Second storage system equipped with security system and a method of controlling the second storage system | |
| CN101247618B (en) | Terminal validity detecting method and system | |
| CN202009397U (en) | Remote fingerprint USB (Universal Serial Bus) flash disk erasion system | |
| CN103488949B (en) | A kind of electronic document security system | |
| CN100590569C (en) | Computer I/O port control program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of utility model: Computer confidential management system Effective date of registration: 20150205 Granted publication date: 20120321 Pledgee: Industrial Commercial Bank of China Ltd Zhongguancun Beijing branch Pledgor: Beijing Tip Technology Co ., Ltd. Registration number: 2015990000105 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20150608 Granted publication date: 20120321 Pledgee: Industrial Commercial Bank of China Ltd Zhongguancun Beijing branch Pledgor: Beijing Tip Technology Co ., Ltd. Registration number: 2015990000105 |
|
| PLDC | Enforcement, change and cancellation of contracts on pledge of patent right or utility model | ||
| CX01 | Expiry of patent term |
Granted publication date: 20120321 |
|
| CX01 | Expiry of patent term |