USB Security Storage Expert|USB Control|USB Flash disk Monitor|Port Monitor|USB Safety|Port Security|USB Communication|Read only|USSE Enterprise Edition-Product Introduction2

USSE Professional Edition

USSE Enterprise Edition

Back

The Brief Introduction of USSE Enterprise Edition 2006

　　 USSE Enterprise edition 2006 is the all-direction enterprise management software. Based on USSE professional edition 2005, we enhance the core frame of the software USSE, and have developed a brand-new enterprise management platform, so that can provide a safe and reliable management environment to your company. USSE comprises of three elements, that is: USSE client, USSE Server and USSE administration center (namely USSE console). The USSE client is installed in the computers which need to be controlled, while USSE server is installed in any computers of

your company, just easy to control centralized. And USSE console can be installed in the local area network or the internet. Because of the excellent expansibility of USSE, it can apply in the flexible network environment or the user's self-definition network, and even Windows domain network. We provide the Customized service for the user, and add or cut down some specific function of USSE according to the user's requirements freely.

The function List of USSE Enterprise Edition 2006

1. Three-classification Separator Application on Client, Server and Console, it can implement remote operation, so that can convenient to the manager to operate.

2. All the clients are controlled by the USSE server, and also all the clients' USB ports reading and writing authority are set in the USSE server by the manager.

3.Not limited to a local area network, USSE client and server can be in the different local area network, as long as TCP linking and the client will be under the control of USSE server.

4. It is more convenient that the client can update it by downloading the latest setup program from the USSE server automatically. The Client can update it without connecting with the internet.

5. The default reading and writing authority of portable hard disk and USB hard disk for controlled client can be set several categories as follows:

*Read-only

This function is set up to make all the USB storage devices are read only but not write. The maximal advantage of the function is when someone want to copy the important inner information, data (For example: important information of customer sensitive, data and blueprint, etc.) and individual information to USB storage devices, USSE will stop it, but the information and data in the USB storage devices can be copy to computer. In a word, the function can simplify the USB storage devices functions, that is, the information and data in the USB storage device can be copy, but the information and data in the local computer cannot be copy to the USB storage device, which protects the corporation's and individual potential benefit effectively.

*Open

The USB Flash device or the portable hard disk has no limitations and it is as same as that of none installed USSE. Users can randomly read and write to it.

*Close

This function can completely prevent all the USB ports in the local computers, which will invalidate all the plugged storage devices (Including USB FLahs device, portable hard disk, MP3, digital camera, smart phone, etc.). In another word, when you open the function, it means you lock the USB port; any plugged storage device is invalidated. It stops the important inner information and data are disclosed from the USB port. 　　

Meanwhile, you don't need to worry about if your USB mouse or print equipment is invalidated, they can be effectively used with USSE.

*Identification Authentication and Recognition

This is the core function of USSE, which dose not exists in other software at the moment in china. The maximal advantage of the function is safe and reliable. To make you understand, we can take an example of identification authentication. For example, your corporation has deployed Enterprise version of USSE, and the corporation fits out 3 USB storage devices for departments (for example, a USB Flash disk, and 2 portable hard disks). Then the admin can write identification in the 3 storage devices with USSE, and set the corresponding authorities during as well. For example, the admin set the authority of the USB Flash disk "Read only", the other portable hard disks are set to be "open", the result is all the computers of the enterprise can recognize the 3 disks only, so the other disks cannot be used. Meanwhile, the enterprise version of USSE can broadcast the identifications of the 3 disks in the network, and read the mode setting by admin. You can read the mode of any one of the 3 disks as long as you plug it into the computers of the company.

The users can randomly use our software to clear the identifications written to the USB storage devices as well as make appropriate mode settings to the written identification, such as: after writing identification to the inserted storage device, the identification can be set to "Read only", "Open" or "Close".

Of course, the precondition for this operation is: only the administrator can do this. That is because this software requires inputting the appropriate administrator password to login and then do the following operations. Once the three disks are used outside the company, they will not be controlled by the rule and can be used as any other common storage devices. And we will make a further supplement in the encryption in our future edition.

So, this is our " identification authentication" function, which provides a convenient management for the company and can prevent employees from copying important client’s info, data, blueprint, etc. from the company to the private USB storage device. This can also largely control the use of external USB storage device.　

*Encryption

It can encrypt the info and data in the specific USB Storage device. It needs to input correct password to open the encrypted USB Storage device through USSE. If someone wants to copy the sensitive info and data to the USB Flash disk; and then takes it away from the company, it is impossible to open the USB Flash disk normally, because it needs correct password, or it will format the USB Flash disk and all the info and data in it will lose.

6. Write USSE identification to portable hard disk or USB Flash disk. The identification is globally unique with advanced technology and is related to the hardware. Being encrypted, the identification cannot be copied. Transparent to client, the identification will not be mistakenly deleted by the user.

7. It supports to set appropriate right mode according to specific identification. For the mode, please refer to 5.

8. It supports to set right strategy to every client side, which includes:

8.1 Default rights: as mentioned in 5. It will adopt the default rights if no USSE identification is found in the USB storage device in the client side or no right is set to the current USSE identification.

8.2 It can allow up to 500 USSE identifications to a certain USSE identification right.

9. Log check: The server records the action, time and the info of USB storage device, etc.

10. User Management by administrator: Add, delete, change password, etc.

11. Group management to the client side: Changing the group policy will affect all of users' reading and writing mode in the group.

12. Use the acknowledged encryption algorithm (AES、SHA) to protect the data in the server from being attacked.

13. Use the embedded database to ensure the security and stability of the data, and it does not require any other database’s support. The installment and maintenance are very simple.

14. The future edition support data encryption. It can help to save cost by smooth transition.

15. The server license management: The client side does not require registration No., and it can "enlarge" by changing license.

16. It takes little system memory and CPU time, and the client can hide transparently.

17. The maintenance and management password are unified set by console.

18. To make sure that the client side cannot be uninstalled, workstation cannot uninstall the client side without correct password.

19. It provides the group policy support. Logically dividing all of client sides into groups, the management to all client sides in the LAN is unified and also independent. All of computers in the same group can be managed according to the same method. It can also unify the actions and rights of the computers within the same group by setting the group options.

The Function Feature of USSE:

　*USSE can strictly control the data information security of the computer's USB ports at the kernel level of Windows system, it can completely control the reading and writing authority of USB Flash disk, portable hard disk and digital camera, etc. Other write-sector software can't be out of USSE control, even if Win Hex.

　* The admin manage right is not needed; the application can be normally run and controlled even if by the general user right. Once the USSE client starts up with the system, it will have enough ability to protect itself to be uninstalled or terminated.

　*If the procedure of USSE client is killed in extremity cases, in order to protect the security of the information and data, the bottom modules of USSE will close all of the USB storage devices, so that can stop the sensitive info and data are disclosed from local computer's ports.

　*USSE is developed in the language of C++, and it hardly takes system resource and CPU time, so it has no impact on the existing work of client system.

　* It has a user-friendly, easy-to-use client interface with the manage tools. You can input the correct password to set up the appropriate right to the client temporarily in an emergency.

　* It is very convenient for the manager to deploy.

Network Topology of USSE Enterprise Edition 2006

Diagram1

　　 There are three network elements in diagram 1. The first element is USSE server; the second is USSE workstation (herein after called USSE console). USSE server works for dealing with the management of all the clients, and the reading and writing mode info of clients can get from USSE server; and all the action for inserting or removing of USB storage devices plugged into USB ports will be sent to USSE server, and then it will record the info to the database. If console is connecting with USSE server now, the USSE sever will give a notice to all the clients about the event, and also print out the info on the console.

　　The USSE console is duty for setting up running mode between USSE client and server and some event log. Besides, you can write USSE identification in a specific USB storage device throughout USSE console.

The Three Elements of USSE Enterprise Edition

1) USSE Server

　USSE server mainly stores the following information: all the information of client side, all the information of console users, operation record of the client side, and all the information of identification used in the enterprise,and all the preset group information as well as the group related data.

　USSE server is responsible for all the connection requirements between the client side and console, and it verifies the info of the client side throughout communicating with USSE server, so as to

prevent hackers from imitating console to connect to the server. Besides, it also verifies the username and password. For the security of the user name and the password in the internet, the password has been highly encrypted before transmission. So, even thought the hacker gets info from the network, they still cannot get the password.

Additionally, USSE server plays the role of updating the program of the server. All of updating work to the client side is carried out in the serve side. It only requires putting the officially released updating package under the corresponding path in the server, and then the client side will automatically read the updating info when the computer is started up. Finding updating files, it will automatically download and install the program from USSE server without intervene.

USSE server also plays a role of web server. By using IE to download from USSE server, the client side can be installed based on web form.

2) USSE Admin Console

* The console can check the current status of the client side, add, modify and delete settings of the client side, console users’ info, group info, etc. USSE administrator console (hereinafter called console) is a graphic management tool for administrator to control the client side. Adopting C/S mode, it can be flexibly controlled.

* The console can also do such operations as writing and deleting USSE identification to USB Flash disk and portable hard disk.

* The admin console can do the operations of writing the USSE

identification to the USB flash disk or portable hard disk, or deleting the USSE identification written in the USB storage device.

* All of operations of the console cannot be performed without logging into the server. Most of operations are recorded into the server database. The console can remotely install the client side. With the administrator's username and password of the remote computer, users can do operations as install, uninstall, etc to the group member side. At present, it provides operations like turning off and restarting computer.

3) USSE Client side

The client side of the enterprise edition is installed on every controlled computer and runs based on the windows service.

The client side runs while the computer is turned on. After start-up, it will be connected to the USSE server and check if there is any latest edition to use. If yes, the client side will download and install from the client side automatically without interference of the user, who will not find either.

The right operations to the USB Flash disk and portable hard disk from the client side are carried out according to the settings of the server. If the client side cannot connect to the server, it will manage the USB storage device according to the reading and writing mode when the network breaks, so as to ensure the security of the data.

The Series Edition of USSE Enterprise 2006:

USSE Enterprise 2006	Edition Type	Quotation Per Unit		Function difference
	Basic Edition	Client	$20/Unit	Have the functionalities of Reading only, identification authentication, closing, and Opening.
		Server	$1250/Unit
		Console	Free
	Standard Edition	Client	$50/Unit	Except the functions of the basic edition, it has the additional identification authentication function.
		Server	$1250/Unit
		Console	Free
	Advanced Editon	Client	$90/Unit	Except the functions of standard edition, it has other functions, such as: encryption, and some peripheral equipment management functions, such as printer and recorder monitor, etc.
		Server	$1250/Unit
		Console	Free

Deploy Example

1) Application in Common Enterprise Environment

The network topology as follows:

2) Application in Advanced Network

From the diagram, we know there is a console outside the LAN; compared with the application in common enterprise environment, this one is amelioration. We can remotely control the USSE server in LAN throughout the internet, and can view the state of all the workstation. But this application is based on the network environment, because it needs to open some specific port.