The invention relates to protection of confidential resource data. The protection is achieved by building a local trusted signature database on mobile equipment. When resource-limited equipment (such as a mobile phone) joins an enterprise network, the agent in the equipment generates a digital signature for each file in the equipment and transmits the signatures to an enterprise controller; the controller compares the digital signatures of the files with a globe digital signature database, the filter of the controller filters sensitive digital signatures and feeds the sensitive digital signatures back to the equipment agent, and the agent receives digital signature information and solidifies the same to the database of the agent; the agent analyzes each to-be-transmitted file according to the local digital signature database and DLP rules; transmission of one file is stopped if the signature of the file is found in the local database; if a new file is created, the agent generates a digital signature of the file and transmits the signature to the controller for checking, and if the signature is sensitive, the signature is saved in the local digital signature database; if the DLP controller updates, the equipment retransmits the digital signatures for comparison.