CN1983291A - Method and system for centrally managing code to enterprise hard disk - Google Patents
Method and system for centrally managing code to enterprise hard disk Download PDFInfo
- Publication number
- CN1983291A CN1983291A CNA2005101321570A CN200510132157A CN1983291A CN 1983291 A CN1983291 A CN 1983291A CN A2005101321570 A CNA2005101321570 A CN A2005101321570A CN 200510132157 A CN200510132157 A CN 200510132157A CN 1983291 A CN1983291 A CN 1983291A
- Authority
- CN
- China
- Prior art keywords
- password
- client
- harddisk
- harddisk password
- hard disk
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Storage Device Security (AREA)
Abstract
A method for carrying out centralized management on cipher of enterprise hard disc includes storing enterprise hard disc cipher into hard disc cipher centralized management server in advance, sending hard disc cipher obtaining request to said server by client end when computer as client end is started up, carrying out certification on client end by said server according to received request, picking up relevant hard disc cipher and sending said cipher to client end if said certification is successful then using received hard disc cipher to start up computer by client end.
Description
Technical field
The present invention relates to the enterprise information security field, more specifically, the present invention relates to a kind of method and system that enterprise hard disk is carried out the password centralized management, can prevent the leakage of enterprise hard disk information.
Background technology
At present, more and more enterprises data (information, archives etc.) is preserved with electronic form, prevents that so how the leakage of these enterprise's secrets from then becoming the emphasis of enterprise security protection.Wherein the protection as the hard disk information of the main carrier of electronic information storage is also just seemed especially important; many methods of protecting at hard disk information are arranged at present; just realize the method for data encryption storage in hard disk inside such as the IBM encipher hard disc; protected the information security after hard disk is lost, just can't do not read storage company information wherein as long as harddisk password does not know.
But if the thief knows harddisk password simultaneously, then above-mentioned protection mode just can not play due effect.For example, 1) from enterprises employee's theft; 2) some online game companies build in the process of game server in various places, and the recreation hard disk occurs through regular meeting and be mounted workman's theft, and the time of directly building private clothes.
And at information leakage from the interior employee, some companies tend to adopt some enforceable measures limit enterprise's electronic information range of scatter, for example, destroy the USB interface of PC, even be provided with to come in and go out and check.
Owing to there is the defective of above-mentioned prior art, therefore, need carry out improving one's methods and system of password centralized management to enterprise hard disk, can prevent the leakage of enterprise hard disk information.
Summary of the invention
The objective of the invention is to propose a kind of method and system that enterprise hard disk is carried out the password centralized management, can prevent the leakage of enterprise hard disk information.By method and system of the present invention; can allow the usable range of hard disk of common cryptoguard be limited in the coverage of enterprise network; do not have the hard disk information of enterprise network support to read, this method and system has strengthened the protective capacities of enterprise to stealing from internal information to a great extent.
According to the present invention, a kind of method that enterprise hard disk is carried out the password centralized management has been proposed, described method comprises: will be stored in advance in the harddisk password Central Management Server with the corresponding harddisk password of enterprise hard disk; When the computing machine that starts as client, client sends harddisk password to the harddisk password Central Management Server and obtains request; The harddisk password Central Management Server obtains request according to the harddisk password that receives, and client is authenticated, and under the client certificate case of successful, extract corresponding harddisk password and it is returned client; And the harddisk password release hard disk that returns of client utilization and and then start computing machine.
Preferably, the request of obtaining of described harddisk password comprises client identity sign and hard disk sign.
Preferably, the step that client is authenticated comprises that utilizing client identity to identify authenticates client.
Preferably, extracting corresponding harddisk password step comprises: extract with hard disk and identify corresponding harddisk password.
Preferably, the step of harddisk password being returned client also comprises: after the harddisk password that is extracted is encrypted, it is returned client.
Preferably, the step of the harddisk password release hard disk that the client utilization is returned comprises: client is decrypted the password of encipher hard disc that returns, and utilizes the password after the deciphering to come the release hard disk.
Preferably, send before harddisk password obtains request to the harddisk password Central Management Server in client, also comprise step: client determines whether to set up and being connected of harddisk password Central Management Server by having judged whether to input the right user password; And after connecting foundation, send harddisk password and obtain request.
According to the present invention, a kind of system that enterprise hard disk is carried out the password centralized management has been proposed, described system comprises: harddisk password Central Management Server, storage and the corresponding harddisk password of enterprise hard disk; And obtain under the client certificate case of successful of request initiating harddisk password at the harddisk password Central Management Server, extract corresponding harddisk password and it is returned client; A plurality of clients, when the computing machine that starts as one of client, described client sends harddisk password to the harddisk password Central Management Server and obtains request, and when receiving from response harddisk password that the harddisk password Central Management Server returns, utilize described harddisk password release hard disk and and then start computing machine; And network, be used to connect harddisk password Central Management Server and a plurality of client to communicate.
Preferably, described client comprises: the password acquisition module is used for sending harddisk password to the harddisk password Central Management Server and obtains request; The configuration information memory block, the address information of storage harddisk password Central Management Server, hard disk sign, client identity sign and the harddisk password that returns from the harddisk password Central Management Server; Mixed-media network modules mixed-media is used for being connected to communicate with the harddisk password Central Management Server by network.
Preferably, described client also comprises security module, is used for the harddisk password of having encrypted that returns from the harddisk password Central Management Server is decrypted.
Preferably, has also stored the required key of encipher hard disc password to decipher described configuration information memory block.
Preferably, described harddisk password Central Management Server comprises: authenticated client and password distribution module are used for carrying out harddisk password in client and obtain under the situation of request checking client, and under the client validation case of successful, extract corresponding harddisk password and it is returned client; The harddisk password database is used for storage and the corresponding harddisk password of enterprise hard disk; And mixed-media network modules mixed-media, be used for being connected to communicate with client by network.
Preferably, described client also comprises security module, is used for the harddisk password that turns back to client from the harddisk password Central Management Server is encrypted.
Preferably, described configuration information memory block has also been stored harddisk password has been encrypted required key.
Description of drawings
Below in conjunction with the detailed description of preferred embodiment of accompanying drawing to being adopted, above-mentioned purpose of the present invention, advantage and feature will become apparent by reference, wherein:
Fig. 1 shows and according to the embodiment of the invention enterprise hard disk is carried out the synoptic diagram of the system of password centralized management;
Fig. 2 shows the more detailed block diagram according to client in the system shown in Figure 1 of the embodiment of the invention and harddisk password Central Management Server;
Fig. 3 shows and according to the embodiment of the invention enterprise hard disk is carried out the overview flow chart of the method for password centralized management; And
Fig. 4 shows and according to the embodiment of the invention enterprise hard disk is carried out the detail flowchart of the method for password centralized management.
Embodiment
The present invention sets up protection mechanism in the enterprise hard disk code-set by common BIOS is expanded and cooperates, and has provided a kind of method that enterprise hard disk is carried out the password centralized management, the usable range of enterprise hard disk can be limited in enterprises.
Describe the preferred embodiments of the present invention below with reference to the accompanying drawings in detail.
Fig. 1 shows and according to the embodiment of the invention enterprise hard disk is carried out the synoptic diagram of the system of password centralized management.
As shown in Figure 1, the system that enterprise hard disk is carried out password centralized management according to the embodiment of the invention comprises: harddisk password Central Management Server (SAS) 10, a plurality of enterprise computer (client) 20 and intranet 30, wherein harddisk password Central Management Server 10 and enterprise computer 20 communicate by intranet 30.
Be used to realize that assembly of the present invention comprises OS (operating system), network connection, expanded BIOS (Basic Input or Output System (BIOS)) and hard disk in the enterprise computer 20, in the following description, will ignore detailed description the assembly that has nothing to do with the present invention in the enterprise computer 20.
In the present invention, OS (operating system) carries out the management to whole operation, the operation that the operation of its centralized control enterprise computer, particularly enterprise computer are realized according to the present invention, network connect and to be used to realize being connected and communicating by letter by intranet and harddisk password Central Management Server 10.The expanded BIOS of enterprise computer (EB) has carried out corresponding expansion on the basis of original BIOS function, so that under the control of OS, realize according to the process that enterprise hard disk is managed concentratedly of the present invention.Enterprise hard disk is current the hard disk that adopts usually, but this enterprise hard disk is to be subjected to the hard disk that password adds lock control, and just this enterprise hard disk is subjected to the locking of self password, is therefore only obtaining or is knowing under the situation of self password and just can enable.Just, if the user does not know password,, also can't enable this hard disk even hard disk is moved on another computer from a computer.
Fig. 2 shows the more detailed block diagram according to client in the system shown in Figure 1 of the embodiment of the invention and harddisk password Central Management Server.
In order to realize the present invention, can be configured to comprise following functional module according to enterprise computer (client) 20 in the system shown in Figure 1 of the present invention: configuration module 101, password acquisition module 103, configuration information memory block 105, security module 107 and mixed-media network modules mixed-media 109.Configuration information memory block 105 is for being subjected to the memory block of administrator level users protection; the keeper can be by more pre-configured primary datas in this memory block; comprise that the address information (IP address) of SAS, corresponding hard disk ID, client identity identify, security module is carried out the needed various keys of encryption and decryption, and the harddisk password that obtains from SAS can also be stored in described configuration information memory block 105.Configuration module 101 utilizes the primary data of being stored in the configuration information memory block 105, disposes password acquisition module 103, security module 107 and mixed-media network modules mixed-media 109.Password acquisition module 103 initiates to obtain from SAS the request (comprise the information that authentication is required, for example, the hard disk of enterprise computer sign and client identity identify) of harddisk password, and will be stored in from the harddisk password that SAS obtains the configuration information memory block 105.Security module 107 is utilized the required key of being stored in the configuration information memory block 105 of encryption and decryption, the message that transmit is encrypted and the message that receives is decrypted, with the transmission of guaranteeing data and the security of reception.Mixed-media network modules mixed-media 109 utilizes the address information (for example IP address) of the harddisk password Central Management Server of being stored in the configuration information memory block 105 10, links to each other to communicate with harddisk password Central Management Server 10 by intranet 30.
Similarly, harddisk password Central Management Server 10 can be configured to comprise following functional module: password configuration module 201, authenticated client and password distribution module 203, enterprise hard disk password database 205, security module 207 and mixed-media network modules mixed-media 209.Enterprise hard disk password database 205 is the database of the harddisk password of each enterprise hard disk of centralized stores, this database storing with the corresponding harddisk password separately of each enterprise hard disk.Password configuration module 201 transmits harddisk password from enterprise hard disk password database 205 to authenticated client and password distribution module 203 according to received enterprise hard disk sign.Authenticated client and password distribution module 203 be according to the request of obtaining harddisk password that receives from enterprise computer, utilizes client identity to identify to verify the validity of this request; If effectively, then obtain the password of the hard disk corresponding, and harddisk password is returned enterprise computer 20 with the client that sends this request.Security module 207 is utilized the required key of encryption and decryption, the message that transmit is encrypted and the message that receives is decrypted, with the transmission of guaranteeing data and the security of reception.For example, security module 207 can be encrypted the password that turns back to enterprise computer 20 from harddisk password Central Management Server 10, and the password request of obtaining that sends from enterprise computer 20 is decrypted.Mixed-media network modules mixed-media 209 links to each other to communicate with enterprise computer 20 by intranet 30.Need to prove, in harddisk password Central Management Server 10, client identity sign is authenticated required authentication management information, security module carry out the needed various keys of encryption and decryption and mixed-media network modules mixed-media and be connected required additional configuration information with enterprise computer 20 and can be stored in the enterprise hard disk password database 205, also can be stored in the other storer.
Significantly, above-mentioned all functions assembly all can realize with the form of software, hardware and combination in any thereof, and configuration information memory block and enterprise hard disk password database can be realized with the form of any nonvolatile memory or volatile memory.
Thus, by set up a harddisk password Central Management Server 10 in Intranet, the password of all enterprise hard disks is managed concentratedly and it is not informed the user in harddisk password Central Management Server 10.When enterprise computer started, this computer expert crosses intranet and SAS carries out communication.Just, when enterprise computer started, the user only need be such as the startup password by input BIOS, enterprise computer will set up automatically and SAS between network connect, obtain the password of this machine hard disk then from SAS, use this password to unblank as hard disk at last, computer enters normal startup flow process.
By this method, even hard disk is taken out of by the employee, even this employee is installed in hard disk on another computer, because the user does not know the password of enterprise hard disk, he can't enable enterprise hard disk and can't read wherein data.
Fig. 3 shows and according to the embodiment of the invention enterprise hard disk is carried out the overview flow chart of the method for password centralized management.
After one of enterprise's purchase has the new computer that strengthens BIOS, need set in advance to start harddisk password centralized management mechanism by the business system keeper.At first, need administrator's password and user cipher be set, and configuration identifies corresponding unlocking pin (harddisk password) with enterprise hard disk in the harddisk password Central Management Server 10 for BIOS.In EB (configuration information memory block 105) various primary datas are set, comprise the IP of SAS, corresponding hard disk ID, security module are carried out the needed various keys of encryption and decryption.Then, only the user cipher of BIOS is informed the final user.
So as shown in Figure 3, when computer booting (step 301), after the user imported the BIOS user cipher, EB sent harddisk password request (comprising hard disk sign and client identity sign) (step 303) to SAS.Then, SAS returns with hard disk and identifies corresponding harddisk password (step 305) after through authentication.EB utilizes the harddisk password that receives to be hard disk release (step 307), and starts computing machine (step 309) thus.
Fig. 4 shows and according to the embodiment of the invention enterprise hard disk is carried out the detail flowchart of the method for password centralized management.
As shown in Figure 4, when computer booting (step 401), EB judges whether to set up network and connects (step 403).When the user imported correct BIOS user cipher, EB set up network and connects (being in the step 403), and then, EB sends the request (comprising that hard disk sign and client identity identify) (step 405) of obtaining the local hard drive password to SAS.At the SAS place, SAS receives the request (step 407) of obtaining the local hard drive password from EB (client), by authenticated client and password distribution module 203, utilize client identity to identify the validity (step 409) of checking client, just, whether checking client is client from the harddisk password centralised management services to harddisk password Central Management Server 10 that registered.Under the effective situation of checking client (being in the step 409), SAS obtains with hard disk from enterprise hard disk password database 205 and identifies corresponding harddisk password, and after encrypting by security module 207, described harddisk password is returned EB (step 411).On the contrary, under the invalid situation of checking client (in the step 409 not), then SAS returns error message (step 413) to EB.
Then, EB judges whether SAS has returned effective harddisk password (step 415).Under the situation of having returned effective harddisk password (step 415 be), then client is decrypted by the harddisk password of having encrypted that 107 pairs of security modules receive, and utilizes the harddisk password after the deciphering that local hard drive is carried out release (step 417).So computing machine can enter normal startup process (step 419).
In above step 403, if EB sets up network connection failure (in the step 403 not), then computer starting failure (step 421).In addition, in above step 415, if SAS returns error message, computer starting also can fail (step 421) then.
Thus; by method and system of the present invention; can allow the usable range of hard disk of common cryptoguard be limited in the coverage of enterprise network; do not have the hard disk information of enterprise network support to read, this method has strengthened the protective capacities of enterprise to stealing from internal information to a great extent.
Although below show the present invention in conjunction with the preferred embodiments of the present invention, one skilled in the art will appreciate that under the situation that does not break away from the spirit and scope of the present invention, can carry out various modifications, replacement and change to the present invention.Therefore, the present invention should not limited by the foregoing description, and should be limited by claims and equivalent thereof.
Claims (14)
1, a kind of method that enterprise hard disk is carried out the password centralized management, described method comprises:
To be stored in advance in the harddisk password Central Management Server with the corresponding harddisk password of enterprise hard disk;
When the computing machine that starts as client, client sends harddisk password to the harddisk password Central Management Server and obtains request;
The harddisk password Central Management Server obtains request according to the harddisk password that receives, and client is authenticated, and under the client certificate case of successful, extract corresponding harddisk password and it is returned client; And
Harddisk password release hard disk that the client utilization is returned and and then startup computing machine.
2, method according to claim 1 is characterized in that the request of obtaining of described harddisk password comprises client identity sign and hard disk sign.
3, method according to claim 2 is characterized in that the step that client authenticates is comprised that utilizing client identity to identify authenticates client.
4, method according to claim 2 is characterized in that extracting corresponding harddisk password step and comprises: extract with hard disk and identify corresponding harddisk password.
5, according to any described method of claim 1 to 4, it is characterized in that the step of harddisk password being returned client also comprises: after the harddisk password that is extracted is encrypted, it is returned client.
6, method according to claim 5, it is characterized in that the step of the harddisk password release hard disk that the client utilization is returned comprises: client is decrypted the password of encipher hard disc that returns, and utilizes the password after the deciphering to come the release hard disk.
7, according to any described method of claim 1 to 4, it is characterized in that sending before harddisk password obtains request to the harddisk password Central Management Server in client, also comprise step: client determines whether to set up and being connected of harddisk password Central Management Server by having judged whether to input the right user password; And after connecting foundation, send harddisk password and obtain request.
8, a kind of system that enterprise hard disk is carried out the password centralized management, described system comprises:
The harddisk password Central Management Server, storage and the corresponding harddisk password of enterprise hard disk; And obtain under the client certificate case of successful of request initiating harddisk password at the harddisk password Central Management Server, extract corresponding harddisk password and it is returned client;
A plurality of clients, when the computing machine that starts as one of client, described client sends harddisk password to the harddisk password Central Management Server and obtains request, and when receiving from response harddisk password that the harddisk password Central Management Server returns, utilize described harddisk password release hard disk and and then start computing machine; And
Network is used to connect harddisk password Central Management Server and a plurality of client to communicate.
9, system according to claim 8 is characterized in that described client comprises:
The password acquisition module is used for sending harddisk password to the harddisk password Central Management Server and obtains request;
The configuration information memory block, the address information of storage harddisk password Central Management Server, hard disk sign, client identity sign and the harddisk password that returns from the harddisk password Central Management Server;
Mixed-media network modules mixed-media is used for being connected to communicate with the harddisk password Central Management Server by network.
10, system according to claim 9 is characterized in that described client also comprises security module, is used for the harddisk password of having encrypted that returns from the harddisk password Central Management Server is decrypted.
11, system according to claim 10 is characterized in that described configuration information memory block also stored the required key of encipher hard disc password to decipher.
12, system according to claim 8 is characterized in that described harddisk password Central Management Server comprises:
Authenticated client and password distribution module are used for carrying out harddisk password in client and obtain under the situation of request, checking client, and under the client validation case of successful, extract corresponding harddisk password and it is returned client;
The harddisk password database is used for storage and the corresponding harddisk password of enterprise hard disk; And
Mixed-media network modules mixed-media is used for being connected to communicate with client by network.
13, system according to claim 12 is characterized in that described client also comprises security module, is used for the harddisk password that turns back to client from the harddisk password Central Management Server is encrypted.
14, system according to claim 13 is characterized in that described configuration information memory block has also been stored harddisk password is encrypted required key.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101321570A CN100476841C (en) | 2005-12-16 | 2005-12-16 | Method and system for centrally managing code to hard disk of enterprise |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB2005101321570A CN100476841C (en) | 2005-12-16 | 2005-12-16 | Method and system for centrally managing code to hard disk of enterprise |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1983291A true CN1983291A (en) | 2007-06-20 |
| CN100476841C CN100476841C (en) | 2009-04-08 |
Family
ID=38165810
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2005101321570A Expired - Fee Related CN100476841C (en) | 2005-12-16 | 2005-12-16 | Method and system for centrally managing code to hard disk of enterprise |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100476841C (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714090B (en) * | 2008-10-08 | 2013-02-27 | 英业达股份有限公司 | Starting method |
| CN104009858A (en) * | 2013-02-26 | 2014-08-27 | 成都勤智数码科技股份有限公司 | Multilevel verification system based on safety management |
| CN104702575A (en) * | 2013-12-06 | 2015-06-10 | ***通信集团山东有限公司 | Account management method, management platform and account management system |
| CN110674514A (en) * | 2019-09-03 | 2020-01-10 | 苏州浪潮智能科技有限公司 | Hard disk grading method, device and system |
| CN113468619A (en) * | 2021-05-28 | 2021-10-01 | 邓丰赣 | Computer hard disk encryption key management system |
-
2005
- 2005-12-16 CN CNB2005101321570A patent/CN100476841C/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101714090B (en) * | 2008-10-08 | 2013-02-27 | 英业达股份有限公司 | Starting method |
| CN104009858A (en) * | 2013-02-26 | 2014-08-27 | 成都勤智数码科技股份有限公司 | Multilevel verification system based on safety management |
| CN104702575A (en) * | 2013-12-06 | 2015-06-10 | ***通信集团山东有限公司 | Account management method, management platform and account management system |
| CN110674514A (en) * | 2019-09-03 | 2020-01-10 | 苏州浪潮智能科技有限公司 | Hard disk grading method, device and system |
| CN110674514B (en) * | 2019-09-03 | 2021-04-30 | 苏州浪潮智能科技有限公司 | Hard disk grading method, device and system |
| CN113468619A (en) * | 2021-05-28 | 2021-10-01 | 邓丰赣 | Computer hard disk encryption key management system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100476841C (en) | 2009-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2578186C (en) | System and method for access control | |
| KR100785715B1 (en) | Log in system and method | |
| CN102624699B (en) | Method and system for protecting data | |
| CN102508791B (en) | Method and device for encrypting hard disk partition | |
| CN110489996B (en) | Database data security management method and system | |
| CN101669128B (en) | Cascading authentication system | |
| CN101291228B (en) | Generating, authenticating method for super code, system and device thereof | |
| CN104320389B (en) | A kind of fusion identity protection system and method based on cloud computing | |
| CN102215221A (en) | Methods and systems for secure remote wake, boot, and login to a computer from a mobile device | |
| US8707444B2 (en) | Systems and methods for implementing application control security | |
| WO2013086901A1 (en) | Checking method and apparatus for field replaceable unit, and communication device | |
| US20110230166A1 (en) | Authentication method for the mobile terminal and a system thereof | |
| CN106034123A (en) | Authentication method, application system server and client | |
| CN112673600A (en) | Multi-security authentication system and method between mobile phone terminal and IoT (Internet of things) equipment based on block chain | |
| CN109981255A (en) | The update method and system of pool of keys | |
| CN106161348A (en) | A kind of method of single-sign-on, system and terminal | |
| JP2017152880A (en) | Authentication system, key processing coordination method, and key processing coordination program | |
| CN100476841C (en) | Method and system for centrally managing code to hard disk of enterprise | |
| CN114550353A (en) | Intelligent lock control system of transformer substation | |
| CN107070881B (en) | Key management method, system and user terminal | |
| CN113872992B (en) | Method for realizing remote Web access strong security authentication in BMC system | |
| US20140250499A1 (en) | Password based security method, systems and devices | |
| CN111008400A (en) | Data processing method, device and system | |
| CN104753886A (en) | Locking method for remote user, unlocking method and device | |
| CN112347440A (en) | User access authority separate-setting system of industrial control equipment and use method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090408 Termination date: 20201216 |