CN104601559B - Cloud terminal data guard system and means of defence - Google Patents
Cloud terminal data guard system and means of defence Download PDFInfo
- Publication number
- CN104601559B CN104601559B CN201410855117.8A CN201410855117A CN104601559B CN 104601559 B CN104601559 B CN 104601559B CN 201410855117 A CN201410855117 A CN 201410855117A CN 104601559 B CN104601559 B CN 104601559B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- module
- terminal
- management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of cloud terminal data guard system and means of defence, cloud terminal data guard system includes:Terminal data memory module:For storing terminal configuration data;Terminal data protection module:For protecting terminal data, mainly including data encrypting and deciphering, the realization and management and control of data protection.The present invention coordinates the access control realized in many ways, terminal data only authorized user is checked and is changed, improve the security of terminal data by the way that terminal data is encrypted.
Description
Technical field
The present invention relates to a kind of guard system and means of defence, in particular it relates to a kind of cloud terminal data guard system and
Means of defence.
Background technology
In current cloud desktop system, terminal needs to preserve and safeguard its terminal data, such as terminal configuration information, service
Device configuration information, connection configuration parameter etc., common store method is that configuration data is stored directly in terminal storage equipment.
This store method has the disadvantages that:One, terminal data without read-write security protection, can the terminal data of write state be more vulnerable to
Improper scene or the infringement of operation, cause terminal data mistake, and then make terminal can not normal use;Two, terminal data can
Checked and changed without authorized user, terminal can be caused to be set and connect non-security service end, there is potential safety hazard.
The content of the invention
For in the prior art the defects of, it is an object of the invention to provide a kind of cloud terminal data guard system and protection side
Method, it coordinates the access control realized in many ways, terminal data is only authorized to by the way that terminal data is encrypted
User checks and changed, and improves the security of terminal data.
According to an aspect of the present invention, there is provided a kind of cloud terminal data guard system, it is characterised in that including:Terminal
Data memory module:For storing terminal configuration data;Terminal data protection module:It is main for protecting terminal data
To include data encrypting and deciphering, the realization and management and control of data protection.
Preferably, the terminal data protection module includes following submodule:
Data dynamic encryption and decryption module:Dynamic encryption or decryption are carried out to terminal data;
Data protection realizes module:Realize the real-time protection of terminal data, the predominantly read-only realization of data and access control
Realize;
Data protection management and control module:Control is managed to data protection, predominantly whether is encrypted, if read-only management
With control;
SIM:Current user identities are verified, whether obtain user's operation allows.
Preferably, the data dynamic encryption and decryption module information of write-in can be encrypted under write state, read letter
The information that decryption is read during breath.
Preferably, the data protection management and control module obtains the current user identities that SIM obtains, root
According to current user identities and user's request modification data protection strategy.
Preferably, the SIM is by reading the subscriber identity information of management console, or UKey
Subscriber identity information in physical equipment, determine user identity and whether allow authorized user to repair data protection management
Change.
Preferably, the SIM calls following module to complete subscriber authentication function:
Default user authority module:In the system and user right open system newly installed, it is allowed to default user
Authority is authorized user, configuration data can be read out and be changed;
UKEY authentication modules:User identity is verified by UKEY, is authorized user by the user of checking, can
To be read out and change to configuration data;
Network verification module:By network and management console UNICOM, the mandate of active user in management console is obtained
Information, if user is authorized user, configuration data can be read out and be changed.
The present invention also provides a kind of cloud terminal data means of defence, it is characterised in that comprises the following steps:
Step 1, user start terminal device, and data protection realizes that module adds terminal configuration data according to only reading mode
Carry, data are read from terminal data memory module, are used after the decryption of data dynamic encryption and decryption module;
Step 2, user apply for modification configuration data, and this application is received by data protection management and control module, data protection management and control
Module calls SIM to verify user identity:
Step 3, local terminal default user authority is checked, return to default subscriber identity the result;
Step 4, user insert UKEY equipment, UKEY authentication modules checking UKEY and PIN, return to subscriber authentication knot
Fruit;
Step 5, user's selection are returned by managing console verifying authorization, network verification module and management console communication
Return subscriber authentication result;
Step 6, if the subscriber authentication result returned shows that user is unauthorized user, modification configuration data Shen
It please fail, configuration data continues to load in the form of read-only;
Step 7, if the subscriber authentication result returned shows that user is authorized user, data protection realizes module
Customer protection state is changed, configuration data is changed to writeable carry;
Step 8, user modify and preserved to terminal configuration data, and the data changed pass through data dynamic plus solution
Terminal data memory module is stored in after close module encryption.
Compared with prior art, the present invention has following beneficial effect:The present invention pacifies cloud desktop terminal data content
Full property improves.The present invention makes the managed control of cloud desktop terminal reading and writing data.The present invention protects the data encryption of cloud desktop terminal
Deposit, cloud desktop terminal data are used with read-only mode, and cloud desktop terminal data only allow authorized user to change, and cloud desktop terminal is used
A variety of authorizations at family.
Brief description of the drawings
The detailed description made by reading with reference to the following drawings to non-limiting example, further feature of the invention,
Objects and advantages will become more apparent upon:
Fig. 1 is the theory diagram of cloud terminal data guard system of the present invention.
Embodiment
With reference to specific embodiment, the present invention is described in detail.Following examples will be helpful to the technology of this area
Personnel further understand the present invention, but the invention is not limited in any way.It should be pointed out that the ordinary skill to this area
For personnel, without departing from the inventive concept of the premise, various modifications and improvements can be made.These belong to the present invention
Protection domain.
As shown in figure 1, cloud terminal data guard system of the present invention includes:
Terminal data memory module:For storing terminal configuration data;
Terminal data protection module:For protecting terminal data, mainly including data encrypting and deciphering, data protection
Realization and management and control.
Wherein, terminal data protection module includes following submodule:
Data dynamic encryption and decryption module:Dynamic encryption or decryption are carried out to terminal data;Data dynamic encryption and decryption module exists
The information of write-in can be encrypted under write state, the information that decryption is read when reading information;
Data protection realizes module:Realize the real-time protection of terminal data, the predominantly read-only realization of data and access control
Realize;
Data protection management and control module:Control is managed to data protection, predominantly whether is encrypted, if read-only management
With control;Data protection management and control module obtains the current user identities that SIM obtains, according to active user's body
Part and user's request modification data protection strategy;
SIM:Current user identities are verified, whether obtain user's operation allows.Subscriber authentication mould
Block by reading the subscriber identity information of management console, or UKey (UKey be it is a kind of by USB directly with computer phase
Even, there is cryptographic authorization functions, the small memory device of reliable high speed) subscriber identity information in physical equipment, determine user
Identity and authorized user whether is allowed to modify data protection management.
SIM calls following module to complete subscriber authentication function:
Default user authority module:In the system and user right open system newly installed, it is allowed to default user
Authority is authorized user, configuration data can be read out and be changed;
UKEY authentication modules:User identity is verified by UKEY, is authorized user by the user of checking, can
To be read out and change to configuration data;
Network verification module:By network and management console UNICOM, the mandate of active user in management console is obtained
Information, if user is authorized user, configuration data can be read out and be changed.
Cloud terminal data means of defence of the present invention comprises the following steps:
Step 1, user start terminal device, and data protection realizes that module adds terminal configuration data according to only reading mode
Carry, data are read from terminal data memory module, are used after the decryption of data dynamic encryption and decryption module;
Step 2, user apply for modification configuration data, and this application is received by data protection management and control module, data protection management and control
Module calls SIM to verify user identity:
Step 3, local terminal default user authority is checked, return to default subscriber identity the result, pass through default user
What authority module was realized;
Step 4, user insert UKEY equipment, UKEY authentication modules checking UKEY and PIN, return to subscriber authentication knot
Fruit;
Step 5, user's selection are returned by managing console verifying authorization, network verification module and management console communication
Return subscriber authentication result;
Step 6, if the subscriber authentication result returned shows that user is unauthorized user, modification configuration data Shen
It please fail, configuration data continues to load in the form of read-only;
Step 7, if the subscriber authentication result returned shows that user is authorized user, data protection realizes module
Customer protection state is changed, configuration data is changed to writeable carry;
Step 8, user modify and preserved to terminal configuration data, and the data changed pass through data dynamic plus solution
Terminal data memory module is stored in after close module encryption.
Wherein, Step 3: Step 4: step 5 is step arranged side by side, the module of corresponding three checkings user identity (is given tacit consent to
User right module, UKEY authentication modules, network verification module) it is dependent module, each module can be used alone, and non-sequential
Checking, realize a variety of authorizations of cloud desktop terminal user.
" reading " action in all " reading and writing datas " mentioned in the present invention regards " promoter " difference, has different implications:
One, when the promoter of " reading " is " terminal device ", represent that terminal device (is used for configuration and Connection Service using these data
Device), but user may not be allowed to check that (user can use simultaneously connection server, but do not know what is used and connect to these data
Concrete configuration).Two, when the promoter of " reading " is " user ", represent that user needs to check these data, it is more suitable now " to read "
Saying be " checking ", therefore can be changed to " data are checked and changed " for " reading and writing data " of user.Three, it is different from " reading ",
The usage scenario of " writing " only has one:" user ", which changes, to be configured and preserves, and " terminal device " will not be in other cases from row write
Enter data.
The present invention uses cloud desktop terminal data encryption preservation, read-only mode, only allows authorized user to change, cloud desktop
A variety of authorizations of terminal user, even if the managed control of cloud desktop terminal reading and writing data, so that cloud desktop terminal number
Improved according to content security.
The specific embodiment of the present invention is described above.It is to be appreciated that the invention is not limited in above-mentioned
Particular implementation, those skilled in the art can make various deformations or amendments within the scope of the claims, this not shadow
Ring the substantive content of the present invention.
Claims (2)
- A kind of 1. cloud terminal data guard system, it is characterised in that including:Terminal data memory module:For storing terminal configuration data;Terminal data protection module:For protecting terminal data, mainly including data encrypting and deciphering, the realization of data protection And management and control;The terminal data protection module includes following submodule:Data dynamic encryption and decryption module:Dynamic encryption or decryption are carried out to terminal data;Data protection realizes module:The real-time protection of terminal data is realized, the predominantly read-only realization of data is realized with access control;Data protection management and control module:Control is managed to data protection, predominantly whether is encrypted, if read-only management and control System;SIM:Current user identities are verified, whether obtain user's operation allows;The data dynamic encryption and decryption module information of write-in can be encrypted under write state, when reading information decryption read Information;The data protection management and control module obtains the current user identities that SIM obtains, according to active user's body Part and user's request modification data protection strategy;The SIM is by reading the subscriber identity information of management console, or in UKey physical equipments Subscriber identity information, determine user identity and whether allow authorized user to modify data protection management;The SIM calls following module to complete subscriber authentication function:Default user authority module:In the system and user right open system newly installed, it is allowed to default user authority For authorized user, configuration data can be read out and be changed;UKEY authentication modules:User identity is verified by UKEY, is authorized user by the user of checking, can be right Configuration data is read out and changed;Network verification module:By network and management console UNICOM, the authorization message for managing active user in console is obtained, If user is authorized user, configuration data can be read out and be changed.
- 2. a kind of cloud terminal data means of defence, it is characterised in that comprise the following steps:Step 1, user start terminal device, and data protection realizes that module loads terminal configuration data according to only reading mode, number Read according to from terminal data memory module, used after the decryption of data dynamic encryption and decryption module;Step 2, user apply for modification configuration data, and this application is received by data protection management and control module, data protection management and control module SIM is called to verify user identity:Step 3, local terminal default user authority is checked, return to default subscriber identity the result;Step 4, user insert UKEY equipment, UKEY authentication modules checking UKEY and PIN, return to subscriber authentication result;Step 5, user's selection are returned and used by managing console verifying authorization, network verification module and management console communication Family authentication result;Step 6, if the subscriber authentication result returned shows that user is unauthorized user, the application of modification configuration data is lost Lose, configuration data continues to load in the form of read-only;Step 7, if the subscriber authentication result returned shows that user is authorized user, data protection realizes that module is changed Customer protection state, configuration data is changed to writeable carry;Step 8, user modify and preserved to terminal configuration data, and the data changed pass through data dynamic encryption and decryption mould Terminal data memory module is stored in after block encryption.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410855117.8A CN104601559B (en) | 2014-12-26 | 2014-12-26 | Cloud terminal data guard system and means of defence |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410855117.8A CN104601559B (en) | 2014-12-26 | 2014-12-26 | Cloud terminal data guard system and means of defence |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104601559A CN104601559A (en) | 2015-05-06 |
CN104601559B true CN104601559B (en) | 2018-03-23 |
Family
ID=53127065
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410855117.8A Active CN104601559B (en) | 2014-12-26 | 2014-12-26 | Cloud terminal data guard system and means of defence |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104601559B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005678A (en) * | 2007-01-17 | 2007-07-25 | 华为技术有限公司 | Method for revising terminal configuration, network side management unit, terminal and system |
CN101674575A (en) * | 2009-09-17 | 2010-03-17 | 中兴通讯股份有限公司 | Method for protecting security of mobile communication terminal data and device thereof |
CN103310161A (en) * | 2012-03-14 | 2013-09-18 | 北京海泰方圆科技有限公司 | Protection method and system for database system |
CN103716354A (en) * | 2012-10-09 | 2014-04-09 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for information system |
CN104158795A (en) * | 2014-07-09 | 2014-11-19 | 中电科华云信息技术有限公司 | Registration system and registration method for full hardware terminal in cloud desktop system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7254386B2 (en) * | 2001-08-10 | 2007-08-07 | Kyocera Wireless Corp. | System and method for improved security in handset reprovisioning and reprogramming |
-
2014
- 2014-12-26 CN CN201410855117.8A patent/CN104601559B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101005678A (en) * | 2007-01-17 | 2007-07-25 | 华为技术有限公司 | Method for revising terminal configuration, network side management unit, terminal and system |
CN101674575A (en) * | 2009-09-17 | 2010-03-17 | 中兴通讯股份有限公司 | Method for protecting security of mobile communication terminal data and device thereof |
CN103310161A (en) * | 2012-03-14 | 2013-09-18 | 北京海泰方圆科技有限公司 | Protection method and system for database system |
CN103716354A (en) * | 2012-10-09 | 2014-04-09 | 苏州慧盾信息安全科技有限公司 | Security protection system and method for information system |
CN104158795A (en) * | 2014-07-09 | 2014-11-19 | 中电科华云信息技术有限公司 | Registration system and registration method for full hardware terminal in cloud desktop system |
Also Published As
Publication number | Publication date |
---|---|
CN104601559A (en) | 2015-05-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103310169B (en) | A kind of method protecting SD card data and protection system | |
CN108055133A (en) | A kind of key secure signing method based on block chain technology | |
CN102291717B (en) | Data protection method and terminal | |
CN105933886B (en) | ESIM number writing method, security system, ESIM number server and terminal | |
CN103581196A (en) | Distributed file transparent encryption method and transparent decryption method | |
CN105915338A (en) | Key generation method and key generation system | |
CN104333545A (en) | Method for encrypting cloud storage file data | |
CN101739361A (en) | Access control method, access control device and terminal device | |
CN107609410A (en) | Android system data guard method, terminal device and storage medium based on HOOK | |
CN103500202A (en) | Security protection method and system for light-weight database | |
CN103888410A (en) | Application authentication method and system | |
CN103970540B (en) | Key Functions secure calling method and device | |
US20130262879A1 (en) | Secure type storage device and information security system | |
CN105282117A (en) | Access control method and device | |
CN108200073B (en) | Sensitive data safety protection system | |
CN107092838A (en) | A kind of safety access control method of hard disk and a kind of hard disk | |
CN111932261A (en) | Asset data management method and device based on verifiable statement | |
CN104125223B (en) | A kind of security protection system of mobile device private data | |
CN104955043B (en) | A kind of intelligent terminal security protection system | |
CN102983969B (en) | Security login system and security login method for operating system | |
CN103902922A (en) | Method and system for preventing file from being stolen | |
CN104601559B (en) | Cloud terminal data guard system and means of defence | |
CN106330950A (en) | Method and system for accessing encrypted information, and adapter | |
CN108345804B (en) | Storage method and device in trusted computing environment | |
CN105912945A (en) | Safety reinforcing device and operation method of operating system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |