CN104601559B - Cloud terminal data guard system and means of defence - Google Patents

Cloud terminal data guard system and means of defence Download PDF

Info

Publication number
CN104601559B
CN104601559B CN201410855117.8A CN201410855117A CN104601559B CN 104601559 B CN104601559 B CN 104601559B CN 201410855117 A CN201410855117 A CN 201410855117A CN 104601559 B CN104601559 B CN 104601559B
Authority
CN
China
Prior art keywords
data
user
module
terminal
management
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410855117.8A
Other languages
Chinese (zh)
Other versions
CN104601559A (en
Inventor
王兴华
丁星
武静
朱宏涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CLP SECTION HUAYUN INFORMATION TECHNOLOGY Co Ltd
Original Assignee
CLP SECTION HUAYUN INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CLP SECTION HUAYUN INFORMATION TECHNOLOGY Co Ltd filed Critical CLP SECTION HUAYUN INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410855117.8A priority Critical patent/CN104601559B/en
Publication of CN104601559A publication Critical patent/CN104601559A/en
Application granted granted Critical
Publication of CN104601559B publication Critical patent/CN104601559B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a kind of cloud terminal data guard system and means of defence, cloud terminal data guard system includes:Terminal data memory module:For storing terminal configuration data;Terminal data protection module:For protecting terminal data, mainly including data encrypting and deciphering, the realization and management and control of data protection.The present invention coordinates the access control realized in many ways, terminal data only authorized user is checked and is changed, improve the security of terminal data by the way that terminal data is encrypted.

Description

Cloud terminal data guard system and means of defence
Technical field
The present invention relates to a kind of guard system and means of defence, in particular it relates to a kind of cloud terminal data guard system and Means of defence.
Background technology
In current cloud desktop system, terminal needs to preserve and safeguard its terminal data, such as terminal configuration information, service Device configuration information, connection configuration parameter etc., common store method is that configuration data is stored directly in terminal storage equipment. This store method has the disadvantages that:One, terminal data without read-write security protection, can the terminal data of write state be more vulnerable to Improper scene or the infringement of operation, cause terminal data mistake, and then make terminal can not normal use;Two, terminal data can Checked and changed without authorized user, terminal can be caused to be set and connect non-security service end, there is potential safety hazard.
The content of the invention
For in the prior art the defects of, it is an object of the invention to provide a kind of cloud terminal data guard system and protection side Method, it coordinates the access control realized in many ways, terminal data is only authorized to by the way that terminal data is encrypted User checks and changed, and improves the security of terminal data.
According to an aspect of the present invention, there is provided a kind of cloud terminal data guard system, it is characterised in that including:Terminal Data memory module:For storing terminal configuration data;Terminal data protection module:It is main for protecting terminal data To include data encrypting and deciphering, the realization and management and control of data protection.
Preferably, the terminal data protection module includes following submodule:
Data dynamic encryption and decryption module:Dynamic encryption or decryption are carried out to terminal data;
Data protection realizes module:Realize the real-time protection of terminal data, the predominantly read-only realization of data and access control Realize;
Data protection management and control module:Control is managed to data protection, predominantly whether is encrypted, if read-only management With control;
SIM:Current user identities are verified, whether obtain user's operation allows.
Preferably, the data dynamic encryption and decryption module information of write-in can be encrypted under write state, read letter The information that decryption is read during breath.
Preferably, the data protection management and control module obtains the current user identities that SIM obtains, root According to current user identities and user's request modification data protection strategy.
Preferably, the SIM is by reading the subscriber identity information of management console, or UKey Subscriber identity information in physical equipment, determine user identity and whether allow authorized user to repair data protection management Change.
Preferably, the SIM calls following module to complete subscriber authentication function:
Default user authority module:In the system and user right open system newly installed, it is allowed to default user Authority is authorized user, configuration data can be read out and be changed;
UKEY authentication modules:User identity is verified by UKEY, is authorized user by the user of checking, can To be read out and change to configuration data;
Network verification module:By network and management console UNICOM, the mandate of active user in management console is obtained Information, if user is authorized user, configuration data can be read out and be changed.
The present invention also provides a kind of cloud terminal data means of defence, it is characterised in that comprises the following steps:
Step 1, user start terminal device, and data protection realizes that module adds terminal configuration data according to only reading mode Carry, data are read from terminal data memory module, are used after the decryption of data dynamic encryption and decryption module;
Step 2, user apply for modification configuration data, and this application is received by data protection management and control module, data protection management and control Module calls SIM to verify user identity:
Step 3, local terminal default user authority is checked, return to default subscriber identity the result;
Step 4, user insert UKEY equipment, UKEY authentication modules checking UKEY and PIN, return to subscriber authentication knot Fruit;
Step 5, user's selection are returned by managing console verifying authorization, network verification module and management console communication Return subscriber authentication result;
Step 6, if the subscriber authentication result returned shows that user is unauthorized user, modification configuration data Shen It please fail, configuration data continues to load in the form of read-only;
Step 7, if the subscriber authentication result returned shows that user is authorized user, data protection realizes module Customer protection state is changed, configuration data is changed to writeable carry;
Step 8, user modify and preserved to terminal configuration data, and the data changed pass through data dynamic plus solution Terminal data memory module is stored in after close module encryption.
Compared with prior art, the present invention has following beneficial effect:The present invention pacifies cloud desktop terminal data content Full property improves.The present invention makes the managed control of cloud desktop terminal reading and writing data.The present invention protects the data encryption of cloud desktop terminal Deposit, cloud desktop terminal data are used with read-only mode, and cloud desktop terminal data only allow authorized user to change, and cloud desktop terminal is used A variety of authorizations at family.
Brief description of the drawings
The detailed description made by reading with reference to the following drawings to non-limiting example, further feature of the invention, Objects and advantages will become more apparent upon:
Fig. 1 is the theory diagram of cloud terminal data guard system of the present invention.
Embodiment
With reference to specific embodiment, the present invention is described in detail.Following examples will be helpful to the technology of this area Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill to this area For personnel, without departing from the inventive concept of the premise, various modifications and improvements can be made.These belong to the present invention Protection domain.
As shown in figure 1, cloud terminal data guard system of the present invention includes:
Terminal data memory module:For storing terminal configuration data;
Terminal data protection module:For protecting terminal data, mainly including data encrypting and deciphering, data protection Realization and management and control.
Wherein, terminal data protection module includes following submodule:
Data dynamic encryption and decryption module:Dynamic encryption or decryption are carried out to terminal data;Data dynamic encryption and decryption module exists The information of write-in can be encrypted under write state, the information that decryption is read when reading information;
Data protection realizes module:Realize the real-time protection of terminal data, the predominantly read-only realization of data and access control Realize;
Data protection management and control module:Control is managed to data protection, predominantly whether is encrypted, if read-only management With control;Data protection management and control module obtains the current user identities that SIM obtains, according to active user's body Part and user's request modification data protection strategy;
SIM:Current user identities are verified, whether obtain user's operation allows.Subscriber authentication mould Block by reading the subscriber identity information of management console, or UKey (UKey be it is a kind of by USB directly with computer phase Even, there is cryptographic authorization functions, the small memory device of reliable high speed) subscriber identity information in physical equipment, determine user Identity and authorized user whether is allowed to modify data protection management.
SIM calls following module to complete subscriber authentication function:
Default user authority module:In the system and user right open system newly installed, it is allowed to default user Authority is authorized user, configuration data can be read out and be changed;
UKEY authentication modules:User identity is verified by UKEY, is authorized user by the user of checking, can To be read out and change to configuration data;
Network verification module:By network and management console UNICOM, the mandate of active user in management console is obtained Information, if user is authorized user, configuration data can be read out and be changed.
Cloud terminal data means of defence of the present invention comprises the following steps:
Step 1, user start terminal device, and data protection realizes that module adds terminal configuration data according to only reading mode Carry, data are read from terminal data memory module, are used after the decryption of data dynamic encryption and decryption module;
Step 2, user apply for modification configuration data, and this application is received by data protection management and control module, data protection management and control Module calls SIM to verify user identity:
Step 3, local terminal default user authority is checked, return to default subscriber identity the result, pass through default user What authority module was realized;
Step 4, user insert UKEY equipment, UKEY authentication modules checking UKEY and PIN, return to subscriber authentication knot Fruit;
Step 5, user's selection are returned by managing console verifying authorization, network verification module and management console communication Return subscriber authentication result;
Step 6, if the subscriber authentication result returned shows that user is unauthorized user, modification configuration data Shen It please fail, configuration data continues to load in the form of read-only;
Step 7, if the subscriber authentication result returned shows that user is authorized user, data protection realizes module Customer protection state is changed, configuration data is changed to writeable carry;
Step 8, user modify and preserved to terminal configuration data, and the data changed pass through data dynamic plus solution Terminal data memory module is stored in after close module encryption.
Wherein, Step 3: Step 4: step 5 is step arranged side by side, the module of corresponding three checkings user identity (is given tacit consent to User right module, UKEY authentication modules, network verification module) it is dependent module, each module can be used alone, and non-sequential Checking, realize a variety of authorizations of cloud desktop terminal user.
" reading " action in all " reading and writing datas " mentioned in the present invention regards " promoter " difference, has different implications: One, when the promoter of " reading " is " terminal device ", represent that terminal device (is used for configuration and Connection Service using these data Device), but user may not be allowed to check that (user can use simultaneously connection server, but do not know what is used and connect to these data Concrete configuration).Two, when the promoter of " reading " is " user ", represent that user needs to check these data, it is more suitable now " to read " Saying be " checking ", therefore can be changed to " data are checked and changed " for " reading and writing data " of user.Three, it is different from " reading ", The usage scenario of " writing " only has one:" user ", which changes, to be configured and preserves, and " terminal device " will not be in other cases from row write Enter data.
The present invention uses cloud desktop terminal data encryption preservation, read-only mode, only allows authorized user to change, cloud desktop A variety of authorizations of terminal user, even if the managed control of cloud desktop terminal reading and writing data, so that cloud desktop terminal number Improved according to content security.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow Ring the substantive content of the present invention.

Claims (2)

  1. A kind of 1. cloud terminal data guard system, it is characterised in that including:
    Terminal data memory module:For storing terminal configuration data;
    Terminal data protection module:For protecting terminal data, mainly including data encrypting and deciphering, the realization of data protection And management and control;
    The terminal data protection module includes following submodule:
    Data dynamic encryption and decryption module:Dynamic encryption or decryption are carried out to terminal data;
    Data protection realizes module:The real-time protection of terminal data is realized, the predominantly read-only realization of data is realized with access control;
    Data protection management and control module:Control is managed to data protection, predominantly whether is encrypted, if read-only management and control System;
    SIM:Current user identities are verified, whether obtain user's operation allows;
    The data dynamic encryption and decryption module information of write-in can be encrypted under write state, when reading information decryption read Information;
    The data protection management and control module obtains the current user identities that SIM obtains, according to active user's body Part and user's request modification data protection strategy;
    The SIM is by reading the subscriber identity information of management console, or in UKey physical equipments Subscriber identity information, determine user identity and whether allow authorized user to modify data protection management;
    The SIM calls following module to complete subscriber authentication function:
    Default user authority module:In the system and user right open system newly installed, it is allowed to default user authority For authorized user, configuration data can be read out and be changed;
    UKEY authentication modules:User identity is verified by UKEY, is authorized user by the user of checking, can be right Configuration data is read out and changed;
    Network verification module:By network and management console UNICOM, the authorization message for managing active user in console is obtained, If user is authorized user, configuration data can be read out and be changed.
  2. 2. a kind of cloud terminal data means of defence, it is characterised in that comprise the following steps:
    Step 1, user start terminal device, and data protection realizes that module loads terminal configuration data according to only reading mode, number Read according to from terminal data memory module, used after the decryption of data dynamic encryption and decryption module;
    Step 2, user apply for modification configuration data, and this application is received by data protection management and control module, data protection management and control module SIM is called to verify user identity:
    Step 3, local terminal default user authority is checked, return to default subscriber identity the result;
    Step 4, user insert UKEY equipment, UKEY authentication modules checking UKEY and PIN, return to subscriber authentication result;
    Step 5, user's selection are returned and used by managing console verifying authorization, network verification module and management console communication Family authentication result;
    Step 6, if the subscriber authentication result returned shows that user is unauthorized user, the application of modification configuration data is lost Lose, configuration data continues to load in the form of read-only;
    Step 7, if the subscriber authentication result returned shows that user is authorized user, data protection realizes that module is changed Customer protection state, configuration data is changed to writeable carry;
    Step 8, user modify and preserved to terminal configuration data, and the data changed pass through data dynamic encryption and decryption mould Terminal data memory module is stored in after block encryption.
CN201410855117.8A 2014-12-26 2014-12-26 Cloud terminal data guard system and means of defence Active CN104601559B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410855117.8A CN104601559B (en) 2014-12-26 2014-12-26 Cloud terminal data guard system and means of defence

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410855117.8A CN104601559B (en) 2014-12-26 2014-12-26 Cloud terminal data guard system and means of defence

Publications (2)

Publication Number Publication Date
CN104601559A CN104601559A (en) 2015-05-06
CN104601559B true CN104601559B (en) 2018-03-23

Family

ID=53127065

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410855117.8A Active CN104601559B (en) 2014-12-26 2014-12-26 Cloud terminal data guard system and means of defence

Country Status (1)

Country Link
CN (1) CN104601559B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005678A (en) * 2007-01-17 2007-07-25 华为技术有限公司 Method for revising terminal configuration, network side management unit, terminal and system
CN101674575A (en) * 2009-09-17 2010-03-17 中兴通讯股份有限公司 Method for protecting security of mobile communication terminal data and device thereof
CN103310161A (en) * 2012-03-14 2013-09-18 北京海泰方圆科技有限公司 Protection method and system for database system
CN103716354A (en) * 2012-10-09 2014-04-09 苏州慧盾信息安全科技有限公司 Security protection system and method for information system
CN104158795A (en) * 2014-07-09 2014-11-19 中电科华云信息技术有限公司 Registration system and registration method for full hardware terminal in cloud desktop system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7254386B2 (en) * 2001-08-10 2007-08-07 Kyocera Wireless Corp. System and method for improved security in handset reprovisioning and reprogramming

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101005678A (en) * 2007-01-17 2007-07-25 华为技术有限公司 Method for revising terminal configuration, network side management unit, terminal and system
CN101674575A (en) * 2009-09-17 2010-03-17 中兴通讯股份有限公司 Method for protecting security of mobile communication terminal data and device thereof
CN103310161A (en) * 2012-03-14 2013-09-18 北京海泰方圆科技有限公司 Protection method and system for database system
CN103716354A (en) * 2012-10-09 2014-04-09 苏州慧盾信息安全科技有限公司 Security protection system and method for information system
CN104158795A (en) * 2014-07-09 2014-11-19 中电科华云信息技术有限公司 Registration system and registration method for full hardware terminal in cloud desktop system

Also Published As

Publication number Publication date
CN104601559A (en) 2015-05-06

Similar Documents

Publication Publication Date Title
CN103310169B (en) A kind of method protecting SD card data and protection system
CN108055133A (en) A kind of key secure signing method based on block chain technology
CN102291717B (en) Data protection method and terminal
CN105933886B (en) ESIM number writing method, security system, ESIM number server and terminal
CN103581196A (en) Distributed file transparent encryption method and transparent decryption method
CN105915338A (en) Key generation method and key generation system
CN104333545A (en) Method for encrypting cloud storage file data
CN101739361A (en) Access control method, access control device and terminal device
CN107609410A (en) Android system data guard method, terminal device and storage medium based on HOOK
CN103500202A (en) Security protection method and system for light-weight database
CN103888410A (en) Application authentication method and system
CN103970540B (en) Key Functions secure calling method and device
US20130262879A1 (en) Secure type storage device and information security system
CN105282117A (en) Access control method and device
CN108200073B (en) Sensitive data safety protection system
CN107092838A (en) A kind of safety access control method of hard disk and a kind of hard disk
CN111932261A (en) Asset data management method and device based on verifiable statement
CN104125223B (en) A kind of security protection system of mobile device private data
CN104955043B (en) A kind of intelligent terminal security protection system
CN102983969B (en) Security login system and security login method for operating system
CN103902922A (en) Method and system for preventing file from being stolen
CN104601559B (en) Cloud terminal data guard system and means of defence
CN106330950A (en) Method and system for accessing encrypted information, and adapter
CN108345804B (en) Storage method and device in trusted computing environment
CN105912945A (en) Safety reinforcing device and operation method of operating system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant