HOME >> Products

Data Protection Guard DPG

Product Introduction

Data Protection Guardian consists of intelligent encryption module and outbound protection strategy. It is mainly to construct a secure and sealed enterprise office environment and guarantee information, data, etc. throughout the life cycle (including creation, browsing, editing, archiving, distribution, and destruction. Such operations are all under the protection of a secure environment. All electronic information and data (hereinafter collectively referred to as "electronic files") can be normally operated in a secure environment if it is "illegal" (including but not limited to via email, Tools such as WeChat, QQ, and the use of mobile storage devices for copying, cutting, etc.) bring out a secure environment, and electronic files are not available, thus ensuring the security of data and information at the source. Ensure that company's important data is safely used under management control and is not illegally accessed; data files cannot be opened after the terminal is illegally acquired, and the entire life cycle management of electronic documents is implemented, thereby protecting the company's confidential data files.

█ Detailed function

[Encryption strategy]

● Transparent strategy

Encrypted documents are always stored in encrypted form on the authorized terminal. When the document is opened, it is decrypted instantly. When the document is saved, it is instantly encrypted without affecting the user's usage habits (called "transparent encryption").

Encrypted documents cannot be opened and used even if they are distributed to the outside world.

During the use of encrypted documents, users cannot steal contents of encrypted files by means of paste, copy, screen capture, and printing (including virtual printing, single-machine printing, etc.).

Free support for a variety of applications, whether it is office documents, design drawings, development code or their compressed package files, can be encrypted protection.

Supports custom security keys, free choice of encryption algorithms, security in the user's control.

All documents undergo mandatory automatic encryption. Files are created from the beginning and are protected by encryption regardless of modification, movement, or copying.

● Semi-transparent strategy

Only the important documents are encrypted and protected. After the encrypted documents are edited and the modifications are saved, the documents are still encrypted. Normal documents do not need to be encrypted.

The common document types generated by the user can be created without encryption during the modification or the like.

● Encryption mode

Personal mode function: All the generated files in the personal mode are not encrypted and cannot open encrypted files.

Encryption mode function: Supports the specified application software, automatic encryption when the specified format document is modified and saved.

Intelligent security function: The user can use the specified format to encrypt the document normally. The local clear text document is not affected by the encryption. If the user performs a possible leak operation, the system will perform the encryption operation on the plain text.

Mode function switch: The terminal encryption mode can be arbitrarily switched according to the actual situation or personal habits.

Scan encryption function: Scans the encrypted format file specified on the end user's computer.

Right key manual encryption function: Supports manual encryption of a single document by right key, and batch manual encryption of multiple documents and folders.

Application black and white list: encrypted file upload specified application system decryption, download encryption, C / S applications can support, B / S applications support Firefox and IE browser.

[Decryption method]

● Local decryption

Do not do any audit.

Audit file name only.

Audit file name and file content.

● Scan and decrypt

Automatically decrypt all encrypted files on the specified computer.

● Privilege decryption

You can decrypt directly by right-clicking.

● Process decryption

The decryption application process supports the submission of single or multiple documents.

The decryption application process supports the submission of single or multiple folders.

After the decryption application process is completed, the system packages the file or folder and automatically sends the email to the target mailbox.

The support approver entrusts others to approve it.

Support Windows, IOS, Android, WEB and other ways for approval.

● Controlled process decryption

Supports anti-tamper and impersonation protection of processes. When a legitimate process opens a specified format and encrypts a document, it can decrypt and read (only cache real-time dynamic decryption, no temporary plaintext file is generated, and hard disk storage is still encrypted).

● Direct mail decryption

By setting the white list of mail destination addresses, the attachments received by the recipient are automatically decrypted.

By setting the white list of mail source addresses, the sender can automatically decrypt the attachment in the sent mail.

The mail delivery protocol supports standard SMTP and supports mailboxes such as Exchange and Notes.

[Authorization and off-line control]

● Terminal authorization

After the DGS installed on the server and the client authenticates by using the account and password, the access conditions can be met and the communication is performed during the interaction.

● Prevent PC from being controlled

DGS document encryption system + outbound management and control policy can be set according to the actual request PC out of control and aging, and the existence of the client's relevant functions remain in effect during the separation, once the aging cuts off, automatically start the automatic encryption (leakage) function, forcing has been separated The PC reenters the environment to decrypt or extend the aging.

The DGS electronic document management system (module) can perform all behavior recording and startup related functions during PC disconnection. After communication recovery (entering the environment), all behavior records and related data during the departure period are automatically uploaded to the server for later use. View or audit etc.

[Operational Behavior Control]

● Screen watermark

Watermark content: Support for watermark on the computer screen, which can provide watermark pictures, watermark text (including custom text, etc.), display computer name, computer IP, display user name, display time, login time and other options, from a certain extent to the candid Form a psychological shock effect.

Watermark style: transparency, color, font, position, font size, oblique and other information.

Display condition: Always display: As long as the DGS terminal logs in successfully, the watermark is displayed; the cipher text opens: When the controlled application is opened, the watermark is displayed on the screen.

[Application Security]

● Server document upload and decryption download encryption

The security gateway incorporates the encryption client to keep the important data of the server confidential (supports all types of applications in C/S and B/S architectures).

Server document download encryption: Server data downloaded to the local will be automatically encrypted to prevent the server from downloading data.

Encrypted document upload and decryption: The document on the terminal is automatically decrypted when it is uploaded to the server. The server stores all documents in plain text to ensure the security of the document on the server.

● Stop unauthorized access to the server

Eliminating illegal access to computers and illegal processes to access the server, effectively ensuring server security.

[Secret management]

● Confidential definition

The user can define the secret level according to the actual situation as: ordinary level, secret level, confidential level, top secret level and so on.

● dense distribution

The system supports the close division of personnel.

● Change of confidentiality

By default, the system supports the user to upgrade the confidentiality level of the document to the highest level of confidentiality owned by the user. Density reduction is controlled by permissions.

● Smart key

The terminal user right-clicks the file and performs smart encryption. The secret level of the file is automatically determined based on the keyword.

[Encryption and Decryption Requirements and Audit]

● Penetration operation

With encryption and decryption functions such as compressed packages and folders. Ensure that all encrypted archives and files in the folder are also in an encrypted state to prevent "scratching" under the encryption shell.

● Log audit

Record the terminal's privilege decryption log, manual, bulk encryption and decryption file log.

[Outward application control]

● Outgoing control strategy

Encryption control of files that need to be sent out can prevent secondary compromises.

Authorized machines and personnel can be authorized to allow only authorized personnel to open and view outgoing documents on a specific machine.

Ability to specify the viewing period, number of open times, number of transfers, and permission to copy, edit, print, screen capture, etc. the outgoing document.

Outgoing documents support expired automatic deletion.

Outbound templates can be customized to facilitate unified management.

● Anti-leakage control

The user can apply for external control of the file after sending the file to the external user. The user can control the number of times, time, print, and modify permissions.

Copy and Paste Control: The information in the cipher text is copied and pasted into the on-off control of the plain text, and the partial bytes can be copied when the copying is not allowed.

Save as control: Encryption is mandatory when ciphertext is saved as an arbitrary copy.

Content drag and drop control: Controlling users to drag ciphertext information into the plaintext through dragging and dropping leads to disclosure.

Insert object control: Control the user to insert cipher text as an insert object into the plaintext, resulting in leaks.

Screen capture control: Prevent illegal users from intercepting ciphertext information through screenshots.

Network transmission control: Prevents users from sending and transmitting information through the network, and transmits cipher texts through legitimate processes to cause leaks.

Ciphertext printing anti-failure control: ciphertext prevents print leakage; when printing is allowed, there is an audit record function for printing behavior (this function needs PSM module support).

Outgoing ciphertext can convert internal encrypted files.

[browser outbound control]

● Install authentication mode

Online authentication mode: readers need to install the reader and perform online authentication before opening corresponding outgoing files.

Authentication-free mode: integrated browser, readers click directly on the operation, as long as it is distributed to the organization's documents can be seen.

● Outgoing control strategy

Encryption control of files that need to be sent out can prevent secondary compromises.

Authorized machines and personnel can be authorized to allow only authorized personnel to open and view outgoing documents on a specific machine.

Ability to specify the viewing period, number of open times, number of transfers, and permission to copy, edit, print, screen capture, etc. the outgoing document.

Outgoing documents support expired automatic deletion.

Outbound templates can be customized to facilitate unified management.

● Outbound encapsulation format

Keep the original format of the file: The outgoing file extension and file name remain unchanged.

All-in-one exe: Packages the outgoing reading environment and outgoing files into a single EXE. Users can double-click to run.

● Outbound support applications

File formats: doc, docx, xls, xlsx, ppt, pptx, pdf, vsd, txt, rtf, wps, et, dps, dwg, cdr, psd, bmp, jpg, jpeg, tif, png, c, h, java , cpp, xml, exb, catpart, a51, SldPart, SldASM, DXF, etc.

Support Software: Microsoft Office2010/2007/2003, AdobeReader8/9/10/11, Foxit Reader 3/4/5, China cad2008/2010, Auto Cad2004/2006/2007/2008/2009/2010/2011/2012 (Standard Edition support), Caxa2007, Acdsee10, notepad, WordPad, WPS Office 2010/2012, Photoshop CS4, PhotoShop CS5, Mspaint, CATIA V5, CATIA R18, UG, Pro/E, SolidWorks, etc. Nearly 400 kinds of application software.

█ Advantages

● Intelligent choice of encryption mode;

● Strictly control the use of outgoing documents;

● Flexible and automatic approval process;

● Out-of-browser browsers, etc.

● Application records for full monitoring;

● Rich compatible data interfaces.

Expected value

● Resolve user’s internal confidential information due to network viruses, etc.;

● Solve the disclosure of intentional or inadvertent disclosure by the internal staff of the user;

● Resolve internal users’ leakage caused by the loss of hardware devices;

● Resolve secondary leaks caused by outbound user data files;

● Meet user's internal terminal (desktop computers, laptops, tablet computers, mobile phones, etc.) file protection requirements;

● Meet the needs of users' internal application systems (including but not limited to: OA, PDM, CRM, ERP, etc.)

● Meet the internal file server file anti-leakage requirements.


Copyright(C)2018, Zero Information Technology (Shanghai) Co., Ltd. All Rights Reserved. Supported by Toocle Copyright Notice 备案字号:沪ICP备18008633号