My Profile

Profile Avatar
JaquelineT89
Piazza Garibaldi 30
Santo Stefano Di Sessanio, AQ 67020
Italy
0355 6320163 http://www.housinginindia.com/node/57616
The present invention belongs to the field of network information security technology, and specifically relates to an auditing system and method for optical disc recording

Background technique:

In recent years, with the development of information technology, storage media, as a carrier of information, has played an important role in the application of information in all walks of life, and its safety and reliability have attracted more and more attention. In particular, mobile storage media are widely used because of their versatility, large storage capacity, small size, and ease of carrying. There are two main reasons for the heavy use of mobile storage media. One is that sensitive information should not be stored in the computer host, and the other is that data exchange is convenient. The convenience of the use of mobile storage devices has also brought about the emergence of new conditions such as unlimited data copying and illegal cross-registration. This has brought new problems to the secrecy management of equipment security and data security.

The security of storage media in classified networks is particularly important. In the major classified incidents in recent years, most of the classified incidents were consciously or unconsciously leaked by event parties through mobile storage media. In the recent network security construction, confidential information systems pay more attention to the security protection of confidential terminals, such as: planning and construction of host auditing systems, computer terminal comprehensive protection systems, mobile U disk security management systems, but they ignore the other The security of mobile storage media CD/DVD burning and the management of CD/DVD media.

In the classified information system, in the national security related standard (BMB17), it is explicitly stated that the mobile storage medium refers to a storage medium such as a floppy disk, an optical disk, a magnetic tape, and a USB disk. With the development of computer software, the floppy disk with small capacity and easy to damage has slowly faded out of the system. For the control of the floppy disk, it only needs to control the floppy disk drive. The tape drive and other devices are generally more expensive and relatively large. In the system, do a good job of equipment access control and manage the tape from the system to prevent information leakage caused by tapes. Therefore, the medium most susceptible to information leakage in classified information systems is large-capacity, high-quality, long-life storage products such as optical disks, USB flash drives, and mobile hard disks.

In most classified information systems, users are prohibited from using storage devices with USB interfaces. However, in order for classified information systems to easily exchange information with non-confidential information systems, most of the classified units have deployed intermediate machines to take over. The main medium for information exchange is CD/DVD discs. In fact, the middle machine does not have any security protection measures for the recording, and the middle machine may become the main source of concentration of the information system leakage.

The existing recording auditing system usually prohibits third-party burning software and provides an own burning software for auditing. This method forbids the third-party burning software, causes the characteristic function of the third-party burning software to be unable to use, and change the habit of the user, causes many problems.

Technical implementation elements:

In order to solve the technical problem of load balancing of server requests in the prior art, the present invention provides a load balancing method for a web application system, which is specifically implemented by the following technical solutions:

A method of auditing a disc recording can be used for data burning by a third-party burning tool and its own trusted burning tool, including the following steps:

Step 1: The user uses the burning software to send a burning request to the burning device;

Step 2: After the burn request is sent to the IO manager of the operating system, it is forwarded by the IO manager to the optical drive.

Step 3: The intermediate layer optical disc drive is attached to the optical disc drive. The optical disc drive driver sends the burn request to the intermediate layer optical disc drive. After the intermediate layer optical disc drive intercepts the burn request, it parses the content of the burn request packet and acquires the SCSI instruction according to the SCSI instruction set rules. The control field encrypts the data according to the control field and filters the sensitive words to obtain the data to be recorded.

Step 4: The middle layer driver sends the processed data to be recorded to the recorder for recording according to the strategy.

Wherein, the method further includes: the middle layer driver sends a copy of the data to be recorded to the client at the same time, and the client sends the data to be burned to the server, and generates a backup log at the same time.

Wherein, the strategy includes not monitoring, recording and prohibition. Specifically, when the middle driver layer receives the strategy issued by the control end as not to monitor, the middle layer driver sends the data to be recorded to the recorder for recording; When the layer receives the strategy delivered by the control side as a record, the middle layer driver sends the data to be burned to the recorder for recording and generates a log; when the middle driver layer receives a policy issued by the control side as prohibited, the middle layer driver The data to be recorded is forbidden and a log is generated.

Wherein, the method further includes reading from a secure optical disc, which is specifically: after the recorder burns the encrypted data to be burned into a secure optical disc, the secure optical disc is decrypted according to the encrypted password and encryption standard set during the encryption, and a disc image is generated. When it is necessary to access the content, the CD image is loaded as a virtual CD through the system's virtual CD-ROM drive.

An optical disk recording auditing system includes:

The server is used to manage the system version upgrade, data encryption, sensitive word filtering, data backup, and recording strategy;

The client is used to receive the policy issued by the server and process the burned data and send it to the recorder.

Burner for burning recorded data;

The optical drive module is used to encapsulate the burn request into an ISO file and send it to the client for processing;

The client includes an intermediate layer driving unit, which is used to intercept the recording data sent from the optical disc drive module to the recorder, and analyzes the recorded data. According to the strategy issued by the client, after processing the recorded data, the data is recorded. And send to the recorder;

Wherein, the middle layer driving unit includes

The encryption unit is used to encrypt the parsed burned data and has an encrypted password.

Sensitive word filtering unit, which is used to detect sensitive words in the parsed burned data, detects sensitive words and encrypts them, and sends the encrypted burned data to the recorder for burning;

The backup unit is used to back up the burned data, a copy is sent to the client, and the client sends the copied data to the server.

Compared with the prior art, the above technical solution has the following technical effects:

The method for recording and auditing the optical disc provided by the present invention, under the drive of the optical disc drive, adds an intermediate layer driver for intercepting the burn request, parsing the content of the burn request packet, and sending the data to be burned to the recorder for burning according to a strategy. The method can be simultaneously performed. To meet their own trusted burning tools, but also to meet the use of third-party burning tools, allowing users to select the burning tool according to their own habits; at the same time, the method of the present invention can also perform backup of burned data, generate a backup log, managers can view at any time .

Description of the drawings

Figure 1 is a flow chart of the method of the present invention;

FIG. 2 is a system configuration diagram of the present invention.

detailed description

To make the objectives, technical solutions, and advantages of the embodiments of the present invention clearer, the following further describes the present invention in detail with reference to the accompanying drawings.

An optical disk recording auditing method can be used for data burning by a third-party burning tool and its own trusted burning tool, as shown in FIG. 1 , including the following steps:

Step 1: The user uses the burning software to send a burning request to the burning device;

Step 2: After the burn request is sent to the IO manager of the operating system, it is forwarded by the IO manager to the optical drive.

Step 3: The intermediate layer optical disc drive is attached to the optical disc drive. The optical disc drive driver sends the burn request to the intermediate layer optical disc drive. After the intermediate layer optical disc drive intercepts the burn request, it parses the content of the burn request packet and acquires the SCSI instruction according to the SCSI instruction set rules. The control field encrypts the data according to the control field and filters the sensitive words to obtain the data to be recorded.

Step 4: The middle layer driver sends the processed data to be recorded to the recorder for recording according to the strategy.

The method does not need to determine whether the burning software is the system itself or a third party, intercepts the data by adding an intermediate driver layer, parses the data packet, encrypts the burned data according to the control field, and filters the sensitive words. The encryption algorithm uses AES256. Encrypt the burned data, while filtering through sensitive words. When detecting sensitive words, according to the strategy to determine whether to allow burning or recording, and finally by burning the data to the recorder to complete the disc burn.

Among them, the middle layer driver sends a copy of the data to be burned to the client at the same time. The client sends the data to be recorded to the server, and at the same time, a backup log is generated. This facilitates the user to view the burn log at any time and can view the burned content.

Wherein, the strategy includes no monitoring, recording and prohibition. Specifically, when the intermediate driver layer receives the policy issued by the control end as not to monitor, the middle layer driver will send the data to be recorded to the recorder for recording; when the intermediate driver layer receives When the strategy issued by the control end is recording, the middle layer driver sends the data to be burned to the recorder for recording and generates a log; when the middle driver layer receives a policy issued by the control end as prohibited, the middle layer driver will be recorded. Data is banned and logs are generated.

Wherein, the method further includes reading from a secure optical disc, which is specifically: after the recorder burns the encrypted data to be burned into a secure optical disc, the secure optical disc is decrypted according to the encrypted password and encryption standard set during the encryption, and a disc image is generated. When it is necessary to access the content, the CD image is loaded as a virtual CD through the system's virtual CD-ROM drive.

As shown in FIG. 2, the present invention provides an optical disc recording auditing system. The system includes:

The server is used to manage the system version upgrade, data encryption, sensitive word filtering, data backup, and burning strategy;

The client is used to receive the policy issued by the server and process the burned data and send it to the recorder.

Burner for burning recorded data;

The optical drive module is used to encapsulate the burn request into an ISO file and send it to the client for processing;

The client includes an intermediate layer drive unit for intercepting the burn data sent from the optical drive module to the recorder, and parsing the burned data. According to the strategy issued by the client, after processing the burned data, the data is burned. And send to the recorder;

After the burning request sent by the burning software is driven by the optical drive, it is intercepted by the middle layer driver. After the intermediate layer driver analyzes the data of the burning request, the encrypted data is encrypted, the sensitive word is filtered, and the backup operation is performed according to the policy issued by the client. The recording data is forwarded to the recorder for burning. The server is used to deliver various management and control policies to the client. The backup data and generated logs are also saved by the client to the server for easy viewing by the administrator. This system has no restrictions on burning software, users can use third-party burning software to complete the recording.

The middle layer driving unit includes an encryption unit for encrypting the parsed burned data and having an encrypted password. The sensitive word filtering unit is used for detecting sensitive words of the parsed recorded data and detecting sensitive words. After encryption, the encrypted data is sent to the recorder for burning; the backup unit is used to back up the recorded data, a copy is sent to the client, and the client sends the copied data to the server.

For more information regarding usb key backup software look at our own page.

My InBox

My Messages

FromSubjectDateStatus
First Page Previous Page
1
Next Page Last Page
Page size:
select
 0 items in 1 pages
No records to display.