CN113656820A - Data encryption method and device and remote desktop system - Google Patents

Data encryption method and device and remote desktop system Download PDF

Info

Publication number
CN113656820A
CN113656820A CN202110963713.8A CN202110963713A CN113656820A CN 113656820 A CN113656820 A CN 113656820A CN 202110963713 A CN202110963713 A CN 202110963713A CN 113656820 A CN113656820 A CN 113656820A
Authority
CN
China
Prior art keywords
data
remote desktop
desktop system
keywords
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110963713.8A
Other languages
Chinese (zh)
Inventor
李帅明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xian Wanxiang Electronics Technology Co Ltd
Original Assignee
Xian Wanxiang Electronics Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xian Wanxiang Electronics Technology Co Ltd filed Critical Xian Wanxiang Electronics Technology Co Ltd
Priority to CN202110963713.8A priority Critical patent/CN113656820A/en
Publication of CN113656820A publication Critical patent/CN113656820A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2105Dual mode as a secondary aspect
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Mathematical Physics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application discloses a data encryption method and device and a remote desktop system. Wherein, the method comprises the following steps: under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to enter a safe working mode; in a safe working mode, detecting whether any terminal equipment exists in a plurality of terminal equipment and copying data from a virtual machine running on a server; when it is detected that any one of the plurality of terminal devices copies data from the virtual machine, the copied data is encrypted. The application solves the technical problems that the safety of the existing remote desktop system is poor, and the cloud information is easily leaked.

Description

Data encryption method and device and remote desktop system
Technical Field
The application relates to the field of desktop virtualization, in particular to a data encryption method and device and a remote desktop system.
Background
Desktop Virtualization (VDI) refers to virtualizing the end systems (also called desktops) of computers to achieve security and flexibility in desktop use. The desktop system belonging to an individual can be accessed by any device, anywhere, and at any time over a network. By utilizing the virtualization technology, various physical devices are virtualized, so that the utilization rate of resources is effectively improved, the cost is saved, and the application quality is improved. Under the support of virtualization technology, the connection between network software and hardware equipment can be more flexible, and the expansibility can also be greatly improved. The cloud desktop utilization virtualization technology is essentially used for uniformly storing and managing various user information, and through simple network access equipment, a user side can enter the cloud desktop to realize centralized management and realize efficient resource sharing.
With the development and maturity of cloud computing, the use scene of the cloud desktop is more and more extensive, and a plurality of industries such as colleges and universities, medical treatment, government and the like begin to gradually popularize the cloud desktop for office work, and the cloud desktop is an integral trend in the future.
In such a scenario, once the host is controlled by an illegal person, the content can be copied and pasted at will, so that information leakage occurs.
In view of the above problems, no effective solution has been proposed.
Disclosure of Invention
The embodiment of the application provides a data encryption method and device and a remote desktop system, and aims to at least solve the technical problems that the existing remote desktop system is poor in safety and easily causes cloud information leakage.
According to an aspect of the embodiments of the present application, there is provided a data encryption method, where the method is applied to a remote desktop system, the remote desktop system includes a server and a plurality of terminal devices, where the server runs a plurality of virtual machines, and each virtual machine corresponds to one terminal device, and the method includes the following steps: under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to enter a safe working mode; in a safe working mode, detecting whether any terminal equipment exists in a plurality of terminal equipment and copying data from a virtual machine running on a server; when it is detected that any one of the plurality of terminal devices copies data from the virtual machine, the copied data is encrypted.
Optionally, detecting the current usage environment of the remote desktop system has an abnormality, including at least one of: if the target audio data exist in the current using environment of the remote desktop system, determining that the current using environment of the remote desktop system is abnormal; and if the facial image of the user of any one terminal device is identified not to be matched with the facial image of the user stored in advance, determining that the current use environment of the remote desktop system has an abnormality.
Optionally, the encrypting the copied data includes: selecting keywords from the copied data, wherein the keywords comprise a first type keyword and a second type keyword, and the first type keyword comprises: the second type keywords are different from the first type keywords; and carrying out encryption processing on the keywords.
Optionally, before selecting the keyword from the copied data, the method further includes: collecting the first type keywords to obtain a first form; reducing redundant information of the first type keywords in the first form to obtain a second form; and carrying out precision processing on the first type keywords in the first form to obtain a third form.
Optionally, selecting a first type key from the copied data includes: matching the data with a third list to obtain a matching result, wherein the matching result comprises first type keywords contained in the data and position information of the first type keywords in the data; and matching the matching result with the second form to obtain the first type keywords contained in the data.
Optionally, selecting a second type key from the copied data includes: and selecting numbers from the data to obtain the second type keywords contained in the data.
Optionally, the key is encrypted, and the method includes one of the following methods: encrypting the keywords in the data by using a preset encryption algorithm; replacing keywords in the data with target symbols; randomly generating a messy code from the keywords in the data.
Optionally, under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to exit the safe working mode; detecting that the current use environment of the remote desktop system has no abnormality, wherein the abnormality comprises at least one of the following steps: if any terminal equipment is detected to input a preset instruction, determining that the current use environment of the remote desktop system is not abnormal; and if the facial image of the user of any one terminal device is identified to be matched with the facial image of the user stored in advance, determining that the current use environment of the remote desktop system has no abnormality.
According to another aspect of the embodiments of the present application, there is also provided a remote desktop system, including: the virtual machine management system comprises a server and a plurality of terminal devices, wherein the server runs a plurality of virtual machines, and each virtual machine corresponds to one terminal device; and a server for executing the above data encryption method.
According to another aspect of the embodiments of the present application, there is also provided an apparatus for encrypting data, including: the remote desktop system comprises a server and a plurality of terminal devices, wherein the server runs a plurality of virtual machines, and each virtual machine corresponds to one terminal device; the detection module is used for detecting whether any terminal equipment in the plurality of terminal equipment copies data from a virtual machine running on the server or not in a safe working mode; and the encryption module is used for carrying out encryption processing on the copied data under the condition that any one of the plurality of terminal devices is detected to copy the data from the virtual machine.
According to still another aspect of the embodiments of the present application, there is provided a non-volatile storage medium including a stored program, wherein when the program runs, a device in which the non-volatile storage medium is located is controlled to execute the above encryption method for data.
According to still another aspect of the embodiments of the present application, there is also provided a processor for executing a program stored in a memory, wherein the program executes the above encryption method for data.
In an embodiment of the present application, a data encryption method is provided, where the method is applied to a remote desktop system, the remote desktop system includes a server and a plurality of terminal devices, where the server runs a plurality of virtual machines, and each virtual machine corresponds to one terminal device, and the method includes the following steps: under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to enter a safe working mode; in a safe working mode, detecting whether any terminal equipment exists in a plurality of terminal equipment and copying data from a virtual machine running on a server; under the condition that any one terminal device in a plurality of terminal devices is detected to copy data from a virtual machine, the copied data is encrypted, and special encryption processing is performed on the content copied by a user under an unsafe scene, so that the condition that an illegal user cannot copy correct content is guaranteed, the safety of information is ensured, the safety of a remote desktop system is improved, the technical effect of avoiding information leakage in the remote desktop system is achieved, and the technical problem that the existing remote desktop system is poor in safety and easy to cause cloud information leakage is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the application and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the application and together with the description serve to explain the application and not to limit the application. In the drawings:
FIG. 1 is a schematic diagram of a desktop virtualization technique;
FIG. 2 is a flow chart of a method of encrypting data according to an embodiment of the present application;
FIG. 3 is a block diagram of a remote desktop system according to an embodiment of the present application;
fig. 4 is a block diagram of an apparatus for encrypting data according to an embodiment of the present application.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
FIG. 1 is a schematic diagram of a desktop virtualization technology, and as shown in FIG. 1, VDI simply virtualizes a user's desktop by running a Windows system or other type of operating system on a cluster server in a data center. A user is connected with a virtual desktop (generally referred to as a virtual machine) through a client computing protocol from a client device (zero terminal), the user accesses the virtual desktop through the zero terminal just like accessing a traditional locally installed desktop, the user can be connected to the desktop which the user wants to be connected at any time and any place as long as a network exists, IT personnel can manage desktop users and data more easily, and the data of the user is safer because all the data are in a service provider. A user can access the virtual machine distributed to the cluster server through the zero terminal, so that a desktop image is obtained, and the obtained virtual desktop is controlled in a reverse control mode.
The principle of VDI's virtual desktop solution is to prepare each user with its dedicated virtual machine by installing server virtualization software on the server, and deploy the desktop virtualization software and the operating system and various application software required by the user therein, and then deliver the complete virtual machine desktop to the remote user through a desktop remote display protocol. Essentially, desktop virtualization delivers only one screen to the end user, and the installation, deployment, execution, and management of applications are actually performed on servers in the data center. The click and movement of the mouse and the click of the keyboard of the front-end user are transmitted to the server for processing, and the processing result is returned to the user.
Only one picture is delivered to an end user in desktop virtualization, installation, deployment, operation and management of an application program are actually carried out on a server of a data center, and the effect of safety is achieved by isolating data from the user; but cannot prevent transmission of data over a network or otherwise in a textual manner.
The present application provides a method for encrypting data, and the method provided by the present application is described in detail below with reference to specific embodiments.
In accordance with an embodiment of the present application, there is provided an embodiment of a method for encrypting data, it should be noted that the steps illustrated in the flowchart of the figure may be performed in a computer system such as a set of computer executable instructions, and that while a logical order is illustrated in the flowchart, in some cases the steps illustrated or described may be performed in an order different than that herein.
Fig. 2 is a flowchart of a data encryption method according to an embodiment of the present application, where the method is applied to a remote desktop system, where the remote desktop system includes a server and a plurality of terminal devices, where a plurality of virtual machines run on the server, and each virtual machine corresponds to one terminal device, as shown in fig. 2, the method includes the following steps:
step S202, controlling the remote desktop system to enter a safe working mode under the condition that the current use environment of the remote desktop system is detected to be abnormal;
according to an alternative embodiment of the application, detecting the abnormality of the current usage environment of the remote desktop system comprises at least one of the following steps: if the target audio data exist in the current using environment of the remote desktop system, determining that the current using environment of the remote desktop system is abnormal; and if the facial image of the user of any one terminal device is identified not to be matched with the facial image of the user stored in advance, determining that the current use environment of the remote desktop system has an abnormality.
It should be noted that, after the remote desktop system establishes the connection, the user normally copies and pastes the image-text content.
The process of copying the content of the text file (such as word, wps, excel and the like) to other text files or to the sending interface of other application software (such as WeChat, nail, mailbox and the like) is referred to as the process of copying the content of the text file to other text files or copying the content of the text file to the sending interface of other application software. When the remote desktop system does not enter the security mode, the user can copy and paste the text content normally.
And when the remote desktop system detects that the current use environment is unsafe, the remote desktop system enters a safe mode and starts to monitor all the operation of the shear plates.
Specifically, the detection that the current usage environment is unsafe as described herein can be implemented in a variety of ways: when abnormal sounds are detected, such as gunshot, explosion, distress, screaming, etc.; alternatively, it may be detected by face recognition techniques that the person currently using the user device is not a legitimate user, and so on.
When the current use environment is detected to be unsafe, the method enters a safe mode, the operation of the shear plate is monitored in the safe mode, so that the content copying operation of possible illegal users is monitored, the copied contents are processed in the shear plate, the illegal users are prevented from copying the real and complete contents, and information leakage is prevented.
Step S204, in a safe working mode, detecting whether any terminal equipment in a plurality of terminal equipment copies data from a virtual machine running on a server;
in step S206, when it is detected that any one of the plurality of terminal apparatuses copies data from the virtual machine, the copied data is encrypted.
If the current clipboard cache region is detected to have data (picture or text content) written in, the data is encrypted before being pasted.
The key point of this step is how to encrypt data, specifically, when it is detected that there is data written in the cache area of the clipboard, before the data is read, special encryption processing is performed on the data in the clipboard, and then the processed data is used for pasting.
Through the steps, the content copied by the user is specially encrypted under the unsafe scene, so that the condition that an illegal user cannot copy correct content is guaranteed, the safety of information is ensured, the safety of a remote desktop system is improved, and the technical effect of preventing information in the remote desktop system from being leaked is achieved.
According to another alternative embodiment of the present application, when step S206 is executed, the copied data is encrypted, and the method is implemented as follows: selecting keywords from the copied data, wherein the keywords comprise a first type keyword and a second type keyword, and the first type keyword comprises: the second type keywords are different from the first type keywords; and carrying out encryption processing on the keywords.
The encryption of data is realized by two modules, one is a key word information resource library, and the other is encryption processing. The keyword information resource library is used for integrating all keyword information, storing the keyword information in a configuration file, and performing information matching when encryption is performed; the encryption processing mode is to read the data in the clipboard, then to screen the keywords of the data, and to encrypt the keywords.
The keywords can be divided into special keywords (i.e. the first type keywords) and general keywords (i.e. the second type keywords), wherein the special keywords comprise names, mailboxes, telephone numbers, proper nouns, customized professional information of user services and the like; the generic key, for example, may be a number, i.e., all numbers present in the text are encrypted. In actual implementation, the special keywords and the general keywords may be specified according to actual needs, or only the special keywords may be specified without setting the general keywords.
In some optional embodiments of the present application, before selecting keywords from the copied data, collecting keywords of the first type to obtain a first form; reducing redundant information of the first type keywords in the first form to obtain a second form; and carrying out precision processing on the first type keywords in the first form to obtain a third form.
It should be noted that, this step is a process of constructing a keyword information repository. Specifically, the first form can be obtained by sorting the special keywords, the special keywords can be sorted from a preset database, and the first type of keywords can also be crawled from the internet.
The dimension reduction processing is carried out on the first type keywords in the first form, so that redundant information in the first type keywords is reduced, and the first type keywords can be matched with the first type keywords more easily, such as: arranging the name format into 2-4 words; the telephone is 11 bits and 12 bits with area code or other; the mailbox format is sorted into a specific character string + "@" + specific character string and the like, and a second form is obtained.
And performing precision processing on the first type key in the first form, such as: collecting common surnames or collecting surnames as much as possible for matching names; collect phone starts such as 139/187/area code of each area/cross-area number of country etc. to match phone numbers; collecting accurate address keywords to match address information; collecting various postbox suffixes to match a mailbox address; and various precision processing modes are carried out to obtain a third list.
In other alternative embodiments of the present application, selecting the first type key from the replicated data includes the steps of: matching the data with a third list to obtain a matching result, wherein the matching result comprises first type keywords contained in the data and position information of the first type keywords in the data; and matching the matching result with the second form to obtain the first type keywords contained in the data.
In this step, a special keyword and/or a general keyword is identified, wherein the identification of the special keyword comprises the following processes:
1) extracting information in the third form, matching the copied data, and recording the matching result and the position of the matched character;
2) performing secondary matching on the matching result in the step 1) in a second form to obtain a first type keyword existing in the copied data.
According to an alternative embodiment of the present application, selecting the second type key from the copied data includes: and selecting numbers from the data to obtain the second type keywords contained in the data.
For the general keyword, the identification of whether the general keyword is in the data whole text can be performed, for example, if the general keyword is a number, all numbers in the whole text are identified.
According to another alternative embodiment of the present application, the encryption processing of the keyword includes one of the following methods: encrypting the keywords in the data by using a preset encryption algorithm; replacing keywords in the data with target symbols; randomly generating a messy code from the keywords in the data.
In this step, the matched keywords are encrypted (an information digest algorithm, such as MD5, may be used for encryption); alternatively, special processing similar to the encryption function is also performed; specifically, the special processing is to replace all found keywords with special symbols or a combination of special symbols, where the special symbols include but are not limited to: starting from the beginning of the first run, ending from the beginning of the first run! "@, #,%, … …, &, +, -etc.; alternatively, the code may be directly replaced with a randomly generated scrambling code.
And replacing the original text before encryption in the clipboard with the ciphertext after the special processing, and pasting the data (the ciphertext after the special processing) in the clipboard to a corresponding position when a user initiates a pasting operation.
In some optional embodiments of the present application, in the case that it is detected that there is no abnormality in the current usage environment of the remote desktop system, controlling the remote desktop system to exit the secure operating mode; detecting that the current use environment of the remote desktop system has no abnormality, wherein the abnormality comprises at least one of the following steps: if any terminal equipment is detected to input a preset instruction, determining that the current use environment of the remote desktop system is not abnormal; and if the facial image of the user of any one terminal device is identified to be matched with the facial image of the user stored in advance, determining that the current use environment of the remote desktop system has no abnormality.
And when the current client environment is detected to be restored to be safe, the security mode is exited. Specifically, there are various ways to detect whether the current client environment is restored, for example, if the detection way of the environmental anomaly is through the identification of an abnormal sound, the way to determine that the client environment is restored to security may be to determine that the current client environment is restored to security when a specific password input by a legitimate user is detected; for another example, if the detection mode of the environmental anomaly is face recognition, the mode of determining that the client environment is restored to safety may be that the current client environment is restored to safety when an authorized user whose user of the current device is legitimate is detected.
According to the method provided by the embodiment of the application, when the system detects that the system belongs to an unsafe scene at present, the keywords in the data in the clipboard are encrypted, so that an illegal user cannot completely read the data after transmitting the data through a network or other modes, and the key information is hidden, so that the effect of data safety is achieved.
Fig. 3 is a block diagram of a remote desktop system according to an embodiment of the present application, and as shown in fig. 3, the system includes: the system comprises a server 30 and a plurality of terminal devices 32, wherein a plurality of virtual machines run on the server 30, and each virtual machine corresponds to one terminal device 32, wherein the plurality of terminal devices 32 are used for controlling the plurality of virtual machines run on the server 30; the server 30 is configured to execute the above encryption method for data.
Fig. 4 is a block diagram of an apparatus for encrypting data according to an embodiment of the present application, and as shown in fig. 4, the apparatus includes:
the control module 40 is configured to control the remote desktop system to enter a safe working mode when it is detected that the current usage environment of the remote desktop system is abnormal, where the remote desktop system includes a server and a plurality of terminal devices, the server runs a plurality of virtual machines, and each virtual machine corresponds to one terminal device;
a detection module 42, configured to detect whether any terminal device in the plurality of terminal devices copies data from a virtual machine running on the server in the secure operating mode;
and an encryption module 44, configured to, when it is detected that any one of the plurality of terminal devices copies data from the virtual machine, perform encryption processing on the copied data.
It should be noted that, reference may be made to the description related to the embodiment shown in fig. 2 for a preferred implementation of the embodiment shown in fig. 4, and details are not described here again.
The embodiment of the application also provides a nonvolatile storage medium, wherein the nonvolatile storage medium comprises a stored program, and when the program runs, the equipment where the nonvolatile storage medium is located is controlled to execute the encryption method of the data.
The nonvolatile storage medium stores a program for executing the following functions: under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to enter a safe working mode; in a safe working mode, detecting whether any terminal equipment exists in a plurality of terminal equipment and copying data from a virtual machine running on a server; when it is detected that any one of the plurality of terminal devices copies data from the virtual machine, the copied data is encrypted.
The embodiment of the application also provides a processor, wherein the processor is used for running the program stored in the memory, and the program runs to execute the encryption method of the data.
The processor is used for running a program for executing the following functions: under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to enter a safe working mode; in a safe working mode, detecting whether any terminal equipment exists in a plurality of terminal equipment and copying data from a virtual machine running on a server; when it is detected that any one of the plurality of terminal devices copies data from the virtual machine, the copied data is encrypted.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units may be a logical division, and in actual implementation, there may be another division, for example, multiple units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.

Claims (11)

1. A data encryption method is applied to a remote desktop system, the remote desktop system comprises a server and a plurality of terminal devices, wherein a plurality of virtual machines run on the server, and each virtual machine corresponds to one terminal device, and the method comprises the following steps:
controlling the remote desktop system to enter a safe working mode under the condition that the current use environment of the remote desktop system is detected to be abnormal;
under the safe working mode, detecting whether any terminal equipment exists in the plurality of terminal equipment and copying data from a virtual machine running on the server;
and under the condition that any one of the plurality of terminal devices is detected to copy data from the virtual machine, carrying out encryption processing on the copied data.
2. The method of claim 1, wherein detecting the presence of an anomaly in the current environment of use of the remote desktop system comprises at least one of:
if the target audio data exist in the current using environment of the remote desktop system, determining that the current using environment of the remote desktop system is abnormal;
and if the facial image of the user of any one terminal device is identified to be not matched with the facial image of the user stored in advance, determining that the current use environment of the remote desktop system has an abnormality.
3. The method of claim 1, wherein the cryptographic processing of the copied data comprises:
selecting keywords from the copied data, wherein the keywords comprise a first type keyword and a second type keyword, and the first type keyword comprises: the second type keywords are different from the first type keywords;
and encrypting the keywords.
4. The method of claim 3, wherein prior to selecting a key from the replicated data, the method further comprises:
collecting the first type keywords to obtain a first form;
reducing redundant information of the first type keywords in the first form to obtain a second form;
and carrying out precision processing on the first type keywords in the first form to obtain a third form.
5. The method of claim 4, wherein selecting the first type key from the replicated data comprises:
matching the data with the third list to obtain a matching result, wherein the matching result comprises the first type keywords contained in the data and the position information of the first type keywords in the data;
and matching the matching result with the second form to obtain the first type keywords contained in the data.
6. The method of claim 3, wherein selecting the second type key from the copied data comprises: and selecting numbers from the data to obtain the second type keywords contained in the data.
7. The method of claim 3, wherein encrypting the key comprises one of:
encrypting the keywords in the data by using a preset encryption algorithm;
replacing keywords in the data with target symbols;
randomly generating a messy code for the key words in the data.
8. The method of claim 1,
under the condition that the current use environment of the remote desktop system is detected to be abnormal, controlling the remote desktop system to exit the safe working mode;
detecting that the current usage environment of the remote desktop system is not abnormal, wherein the detection includes at least one of the following:
if any terminal equipment is detected to input a preset instruction, determining that the current use environment of the remote desktop system is not abnormal;
and if the facial image of the user of any one terminal device is identified to be matched with the facial image of the user stored in advance, determining that the current use environment of the remote desktop system has no abnormality.
9. A remote desktop system, comprising: a server and a plurality of terminal devices, wherein a plurality of virtual machines are operated on the server, each virtual machine corresponds to one terminal device, wherein,
the plurality of terminal devices are used for controlling the plurality of virtual machines running on the server;
the server for executing the encryption method of data according to any one of claims 1 to 8.
10. An apparatus for encrypting data, comprising:
the remote desktop system comprises a server and a plurality of terminal devices, wherein the server runs a plurality of virtual machines, and each virtual machine corresponds to one terminal device;
a detection module, configured to detect whether any terminal device in the plurality of terminal devices copies data from a virtual machine running on the server in the secure operating mode;
and the encryption module is used for carrying out encryption processing on the copied data under the condition that any one of the plurality of terminal devices is detected to copy the data from the virtual machine.
11. A non-volatile storage medium, comprising a stored program, wherein a device in which the non-volatile storage medium is located is controlled to execute the encryption method of data according to any one of claims 1 to 8 when the program runs.
CN202110963713.8A 2021-08-20 2021-08-20 Data encryption method and device and remote desktop system Pending CN113656820A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110963713.8A CN113656820A (en) 2021-08-20 2021-08-20 Data encryption method and device and remote desktop system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110963713.8A CN113656820A (en) 2021-08-20 2021-08-20 Data encryption method and device and remote desktop system

Publications (1)

Publication Number Publication Date
CN113656820A true CN113656820A (en) 2021-11-16

Family

ID=78480606

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110963713.8A Pending CN113656820A (en) 2021-08-20 2021-08-20 Data encryption method and device and remote desktop system

Country Status (1)

Country Link
CN (1) CN113656820A (en)

Similar Documents

Publication Publication Date Title
US10614233B2 (en) Managing access to documents with a file monitor
US11916920B2 (en) Account access security using a distributed ledger and/or a distributed file system
Kent et al. Guide to integrating forensic techniques into incident
CN101411163B (en) System and method for tracking the security enforcement in a grid system
US9128765B2 (en) Assigning restored virtual machine based on past application usage of requesting user
CN113383330A (en) Creation and execution of secure containers
CN101952809A (en) Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface
US10536276B2 (en) Associating identical fields encrypted with different keys
CN101499027A (en) Intelligent memory system based on independent kernel and distributed architecture
JP2011048661A (en) Virtual server encryption system
CN112150113A (en) Method, device and system for borrowing file data and method for borrowing data
CN101840471A (en) Document right control method and device
CN116583833A (en) Self-auditing blockchain
CN111158857A (en) Data encryption method, device, equipment and storage medium
CN111858094B (en) Data copying and pasting method and system and electronic equipment
CN116996408A (en) Data transmission monitoring method and device, electronic equipment and storage medium
EP3893465A1 (en) Method, device, and system for disk redirection
Kent et al. Sp 800-86. guide to integrating forensic techniques into incident response
Barakat et al. Windows forensic investigations using powerforensics tool
CN113656820A (en) Data encryption method and device and remote desktop system
CN113656817A (en) Data encryption method
US11880482B2 (en) Secure smart containers for controlling access to data
CN115238314A (en) Network disk file display method and device, network disk and storage medium
CN113486380B (en) Encryption method of text file
TW201032084A (en) System for managing the external access of electronic file and method of the same

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination