CN1773411A

Movatterモバイル変換

Info

Publication number: CN1773411A
Application number: CN 200410009767
Authority: CN
Inventors: 李苏安
Original assignee: ZHONGKE CHUANGYI TECH DEVELOPMENT Co Ltd
Current assignee: ZHONGKE CHUANGYI TECH DEVELOPMENT Co Ltd
Priority date: 2004-11-10
Filing date: 2004-11-10
Publication date: 2006-05-17
Anticipated expiration: 2024-11-10
Also published as: CN100590569C

Abstract

The present invention provides a computer I/O port control program. It is characterized by that it utilizes management end software of server and correspondent customer terminal software to directly make authority control for I/O port resource of computer. The adoption of said method can completely proceed from angle of said method can completely proceed from angle of user, can be directed against the characteristics of that all the safety measures and authority distribution are completely transparent for all the users and can effectively prevent internal various possible illegal connections with interconnected network, illegal copy and data transfer, illegal data utilization, unauthorized contact with confidential data and document and malicious breakage of data, etc. so as to implement monitoring control and safety management of whole internal network and single computer.

Description

Computer I/O port controlling program

Technical field

The present invention relates to the computer security management field in infotech and the Internet technology, particularly Computer I/O port controlling program.

Background technology

In a word, from the prior art, the network security software does not have and can set about from the basic channel of information-leakage, effectively the security information of protection and managing internal network and unit.This belongs to defective or the deficiency that exists in the prior art.

Summary of the invention

The present invention is directed to the above-mentioned defective or the deficiency that exist in the prior art, Computer I/O port controlling program is provided.Adopt this method can be fully from user perspective, at safety practice and right assignment to the whole transparent characteristics of all users, take precautions against inner various possible violations and connect internet, illegal copies transferring data, illegally utilize data, unauthorized contact confidential data and actual safety problems such as data, the various confidential datas of malicious sabotage, realize monitoring and safety management whole internal network and unit.

Technical conceive of the present invention is that management end software operates on the interior supervisor of LAN (Local Area Network), is in charge of the computing machine in the whole local area network; Client software operates on every interior client computer of LAN (Local Area Network), and start back program is monitored the I/O resource duty of this machine in real time promptly at running background.Control the rights of using of CD-ROM drive, floppy drive, USB by direct intervention Computer I/O port; if do not pass through the mandate of server end; anyone cannot arbitrarily use by the I/O equipment of handle machine, thereby can protect the data in the computing machine can arbitrarily do not taken away by the unauthorized personnel.

Technical scheme of the present invention is as follows:

Computer I/O port controlling program is characterized in that: management end software and correspondent customer terminal software by server are directly carried out control of authority to the I/O port resource of computing machine.

Described control of authority may further comprise the steps:

Step 1, the client software operation;

Step 2, client propose the application of use equipment;

Step 3, application is communicated to server end by network;

Step 4, server end checking client identity;

Step 5 if checking is not passed through, feeds back to client, handles after receiving feedback by client; If the verification passes, execution in step 6 then;

Step 6, the checking client rights;

Step 7 if checking is not passed through, is then refused use equipment and is fed back to client, handles after receiving feedback by client; If the verification passes, execution in step 8 then;

Step 8 allows use equipment also to feed back to client, handles after receiving feedback by client.

Described I/O port resource comprises serial ports, USB mouth, CD, Zip dish, Infrared Transmission interface, printer parallel port and/or LAN-sharing catalogue.

Described server end comprises when setting the LAN (Local Area Network) access rights sets the seat in the plane that allows visit, and it is unallowed promptly using qualified password but conducting interviews on different machines.

Described client software operates on every interior client computer of LAN (Local Area Network), and start back program is monitored the I/O resource duty of this machine in real time promptly at running background, can show the net connection situation of this TV station computing machine.

Described management end software operates on the interior supervisor of LAN (Local Area Network), be in charge of the computing machine in the whole local area network, can be provided with client computer in the managerial grid according to the client number of licenses, under authorization conditions, check client computer screen content, close client computer or nullify the network user, the network of checking client computer connects situation, the network that cuts off client computer connects and/or carry out alarm logging and analyze.

Described management end software and correspondent customer terminal software have the remote upgrade function.

Described client software program does not allow the in-local personnel to interfere its operation, when situations such as generation termination process, will send warning message, and record warning picture, under some urgent situation, according to the shutdown command that server sends, client computer will be shut down automatically.

Detect dialling up on the telephone, after discovery, send warning message and shutdown immediately.

Technique effect of the present invention is as follows:

Because Computer I of the present invention/O port controlling program; management end software and correspondent customer terminal software by server are directly carried out control of authority to the I/O port resource of computing machine; in other words; the present invention has used this method to protect the I/O resource with innovating; restriction unauthorized personnel's illegal use; can set about from the basic channel of information-leakage, effectively the security information of protection and managing internal network and unit.It is fully from user perspective, at safety practice and right assignment to the whole transparent characteristics of all users, take precautions against inner various possible violations and connect internet, illegal copies transferring data, illegally utilize data, unauthorized contact confidential data and actual safety problems such as data, the various confidential datas of malicious sabotage, realize monitoring and safety management whole internal network and unit.

Computer security software of the present invention is divided into two parts: management end software and client software.Management end software operates on the interior supervisor of LAN (Local Area Network), is in charge of the computing machine in the whole local area network; Client software operates on every interior client computer of LAN (Local Area Network), and start back program is monitored the I/O resource duty of this machine in real time promptly at running background.

In fact, the present invention not only can control the I/O port, can also write down automatically and reports to the police unauthorized behavior, hazardous act, and when being necessary, can close client computer, stops the further destruction of hazardous act.

Description of drawings

Fig. 1 is a program flow diagram of the present invention.

Fig. 2 is the use process flow diagram of I/O LOCK software.

Fig. 3 is the structural drawing of IRP restrict access.

Embodiment

The present invention is described in further detail below in conjunction with accompanying drawing.

As shown in Figure 1, Computer I of the present invention/O port controlling program is directly carried out control of authority to the I/O port resource of computing machine by the management end software and the correspondent customer terminal software of server, may further comprise the steps:

Step 1, the client software operation;

Step 2, client propose the application of use equipment;

Step 3, application is communicated to server end by network;

Step 4, server end checking client identity;

Step 6, the checking client rights;

As shown in Figure 2, the use of I/O LOCK software may further comprise the steps:

Steps A, build-in services device end software;

Step B installs client software;

Step C, client is set up with server end and is communicated by letter;

Step D, server end is provided with and is sent to client to I/O equipment rights of using;

Step e, client receive information and finish management to I/O equipment.

Above-mentioned I/O LOCK software I/O LOCK computer security software in other words just is meant management end software of the present invention and client software, just a kind of to the method that the Computer I in the LAN (Local Area Network)/the O port is controlled, Computer I/O port controlling program in other words.Below this software is carried out function declaration and technical descriptioon.

Function declaration is as follows:

1. detect and whether dial up on the telephone, and after discovery, send warning message and shutdown immediately.

2. various I/O resources (serial ports, USB mouth, CD, Zip dish, Infrared Transmission interface, parallel port (printer) and LAN (Local Area Network) share directory) are carried out rights management control, and to the Action Events log record.Wherein emphasis can be set the seat in the plane that allows visit when carrying out the LAN (Local Area Network) visit.It is unallowed promptly using qualified password but conducting interviews at different machines.

3. client-side program promptly moves on the backstage after start automatically, can show the net connection situation of this TV station computing machine.

4. be provided with client computer in the managerial grid according to the client number of licenses.

5. management end software can be checked the screen content of client computer under authorization conditions.

6. management end software can be closed client computer or be nullified the network user.

7. management end software can check that the network of client computer connects situation.

8. management end software can be cut off the network connection of client computer.

9. the data of management end software and alarm logging; And client recording management of information, analytic function.

10. system has the remote upgrade function.

11. the end program does not allow the in-local personnel to interfere its operation, when situations such as generation termination process, will send warning message, and record warning picture.Under some urgent situation, according to the shutdown command that server sends, client computer will be shut down automatically.

Technical descriptioon is as follows:

Because Win98/winme/winnt/win2000 or do not have built-in or built-in inadequate safety management, audit function, perhaps limit the ease for use of client, and function can not satisfy the needs of I/O LOCK computer security software, therefore the design of I/O LOCK computer security software does not rely on the security function that Win98/winme/winnt/win2000 provides, and the API that use Win98/winme/winnt/win2000 provides and the mode of driver realize.

Below be the implementation of corresponding different control functions:

A. the monitoring of Dial-up Network, control: use Win32 API.

B. to floppy drive, CD-ROM drive and USB storage, printer, Zip dish, infrared control:

Use Windows DDK exploitation filter device driver.

Windows driver model (WDM) uses hierarchical model, as shown in Figure 3:

All use I/O request packet (IRP) to the visit of physical equipment. carry out.IRP need pass through Filter Driver, could arrive the hardware physical equipment after the Function Driver, Bus Driver.Use filter device driver interception, filter IRPs, can reach the purpose of restrict access.

C. check the client screen content, use Win32 API, Winsock2.

D. close client computer, logging off users, use Win32 API.

E. check, cut off client network and connect, use Win32 API.

F. client rs PC, remote upgrade are closed in management end alarm logging, analysis.Use Win32 API and Database Systems

G. Win32 API, Winsock2 are used in the communication between management end and the client computer.

Should be pointed out that the above embodiment can make those skilled in the art more fully understand the present invention, but do not limit the present invention in any way.Therefore, although this instructions has been described in detail the present invention with reference to drawings and embodiments,, it will be appreciated by those skilled in the art that still and can make amendment or be equal to replacement the present invention; And all do not break away from the technical scheme and the improvement thereof of spirit of the present invention and technical spirit, and it all should be encompassed in the middle of the protection domain of patent of the present invention.

Claims

1. Computer I/O port controlling program, it is characterized in that: management end software and correspondent customer terminal software by server are directly carried out control of authority to the I/O port resource of computing machine.

2. Computer I according to claim 1/O port controlling program, it is characterized in that: described control of authority may further comprise the steps:

Step 1, the client software operation;

Step 2, client propose the application of use equipment;

Step 3, application is communicated to server end by network;

Step 4, server end checking client identity;

Step 6, the checking client rights;

3. Computer I according to claim 1/O port controlling program is characterized in that: described I/O port resource comprises serial ports, USB mouth, CD, Zip dish, Infrared Transmission interface, printer parallel port and/or LAN-sharing catalogue.

4. Computer I according to claim 1/O port controlling program is characterized in that: described server end comprises when setting the LAN (Local Area Network) access rights sets the seat in the plane that allows visit, and it is unallowed promptly using qualified password but conducting interviews on different machines.

5. Computer I according to claim 1/O port controlling program, it is characterized in that: described client software operates on every interior client computer of LAN (Local Area Network), start back program is promptly at running background, monitor the I/O resource duty of this machine in real time, can show the net connection situation of this TV station computing machine.

6. Computer I according to claim 1/O port controlling program, it is characterized in that: described management end software operates on the interior supervisor of LAN (Local Area Network), be in charge of the computing machine in the whole local area network, can be provided with client computer in the managerial grid according to the client number of licenses, under authorization conditions, check client computer screen content, close client computer or nullify the network user, the network of checking client computer connects situation, the network that cuts off client computer connects and/or carry out alarm logging and analyze.

7. Computer I according to claim 1/O port controlling program, it is characterized in that: described management end software and correspondent customer terminal software have the remote upgrade function.

8. Computer I according to claim 1/O port controlling program, it is characterized in that: described client software program does not allow the in-local personnel to interfere its operation, when situations such as generation termination process, to send warning message, and record warning picture, under some urgent situation, according to the shutdown command that server sends, client computer will be shut down automatically.

9. Computer I according to claim 1/O port controlling program is characterized in that: detect dialling up on the telephone, send warning message and shutdown immediately after discovery.