CN101826964A - Outgoing document security management system supporting collaboration - Google Patents
Outgoing document security management system supporting collaboration Download PDFInfo
- Publication number
- CN101826964A CN101826964A CN201010138182A CN201010138182A CN101826964A CN 101826964 A CN101826964 A CN 101826964A CN 201010138182 A CN201010138182 A CN 201010138182A CN 201010138182 A CN201010138182 A CN 201010138182A CN 101826964 A CN101826964 A CN 101826964A
- Authority
- CN
- China
- Prior art keywords
- document
- client
- authority
- certificate
- file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention belongs to the field of the network communication security, and particularly relates to an outgoing document control system supporting collaboration, which comprises a system security management center for authorization and production and management of a certificate, an outgoing document production tool for obtaining the certificate and packing and producing an authorized document, and a stealth customer terminal for encrypting and decrypting and monitoring the document. By adopting a plurality of advanced technologies such as the digital signature technology, the automatic encryption technology, document whole-process protection technology and the like, the content of document is encrypted and remotely centralized to store; on the aspects such as user identity certification management, access control management, document confidentiality security management, comprehensive security auditing and the like, security management for the entire life cycle of the document such as creation, access, application, transmission, storage and destruction is effectively performed, so the completeness, confidentiality and traceability of the document information can be ensured, and on the premise that the present conventional application system is compatible, the leakage and dispersion of internal confidential information of enterprises or organizations can be effectively prevented.
Description
Technical field
The invention belongs to the network communication security fields, refer in particular to a kind of outgoing document security management system of supporting collaborative work.
Background technology
Competition between the modern society enterprise is the competition of technical strength after all, and enterprises and institutions have only the trade secret of having protected oneself and the safety of innovative technology, just can establish oneself in an unassailable position in the modern commerce society that the adversary converges.Nowadays, enterprise's confidential information exists in the electronic document mode in a large number, and electronic document is easy to propagate.
Because the opening of Internet net, some sensitivity or valuable data face risk stolen or that destroy.It all is true and reliable that both parties require for operating in all transaction of carrying out on the internet, and the participant of concluding the business all has absolute confidence, thereby internet (Internet) e-commerce system electronic government affairs system must guarantee to have very reliable safe and secret technology, that is to say, must guarantee the elemental of network security, i.e. the integrality of the confidentiality of message transmission, exchanges data, the non-repudiation that sends information, the certainty of dealer's identity.Owing to professional needs, you may need some important electron files are issued client or affiliate simultaneously, in case send out outward, you have just lost the control to these data.If these important electron files are abused or unordered propagation, may bring serious loss to your unit or individual, make extensive work commit to the flames.
Summary of the invention
In order to overcome the above problems, the invention provides a kind of tracing management that can realize the e-file that externally sends out, prevent the outgoing document security management system of support collaborative work of the diffusion of information.
The technical solution used in the present invention: a kind of outgoing document security management system of supporting collaborative work, this system comprises authorizing and makes with the system security management center of management with certificate, obtains outgoing document tools that certificate and packing make authority and to the stealthy client of file encryption-decryption and monitoring.
Further, described system security management center comprises:
Module is made in I, packing: the enterprise customer need obtain the mandate at system management center when making the outgoing document bag, creates certificate;
II, on-line authentication module: the authority to the each use authority file of client authenticates, legal users by authentication after normal use authority file;
III, certificate management: be responsible for the generation of certificate, authentification of user is by the management of back to certificate;
IV, log query and administration module: inquire about all enterprise staff packings and make daily record, all client's remote validation daily records, the condition managing of current outgoing document, constantly each outer file of sending out of tracking Control.
Further, described outgoing document tools comprise:
I, obtain certificate module: obtain certificate from certificate server, the information of certificate and fileinfo and the binding of enterprise name information;
II, send out the authority modular converter outward: will treat that the outer authority of sending out encrypts;
Module is made in III, packing: the authority after certificate, client-side program and the encryption is handled, obtained the controllable outgoing document of native system.
Further, described stealthy client comprises:
I, authority are used authentication module for the first time: when the client used the authority that enterprise provides for the first time, client was carried out certificate verification with online.Authentication success, the then normal use authority file of client;
II, On-line Control module: later user uses this document all to need online verification, by after just can continue to use;
III, file transparent add, deciphering module: when legitimate client was opened the authority that enterprise provides, client-side program was deciphered automatically to authority, when the user preserves authority is encrypted automatically, and whole process is transparent to the client; When operating this authority, illegal client will can not get plaintext document;
IV, authority use monitoring module: when legitimate client during in the authority of using enterprise to provide, client-side program is with complete monitoring: the client can only edit presents, file can not be pasted, copied to alternative document, guarantee that the plaintext of file is not stolen.
The key technology of this product is a digital certificate: digital certificate is a series of data of sign communication each side identity information in the network communication, a kind of mode of verifying your identity on Internet is provided, and its effect is similar to driver's driving license or the identity card in the daily life.It is one by authoritative institution--CA mechanism, be called certificate granting (Certificate Authority) center distribution again, people can discern the other side's identity with it in contacts.The present invention is a kind of method of supporting the outgoing document security management of collaborative work, realizes the comprehensive solution that enterprise's electronic document is carried out safety management; This system is by adopting digital signature technology; multiple advanced technologies such as automatic encryption and decryption technology and document total process protective technology; realization is encrypted document content and the remote centralized storage; manage from authenticating user identification; access control management; many-sides such as document security level safety management and comprehensive safety audit; establishment to document; visit; use; transmission; storage and destruction whole life are carried out effective safety management; guarantee the integrality of document information; confidentiality and trackability; under the prerequisite of the existing common application system of compatibility, prevented that effectively enterprise or organization internal confidential information from leaking and diffusion.
Description of drawings
Fig. 1 outgoing document security management system building-block of logic
The recessive document security system detailed framework of Fig. 2 figure
Fig. 3 file is sent out the instrument handling process outward
Fig. 4 enterprise client strapping tool fundamental diagram
Fig. 5 client fundamental diagram
Fig. 6 administrative center fundamental diagram
Concrete implementing method
A kind of outgoing document security management system of supporting collaborative work, this system comprises authorizing and makes with the system security management center of management with certificate, obtains outgoing document tools that certificate and packing make authority and to the stealthy client of file encryption-decryption and monitoring.
In executable self-extracting compressed data packets, comprise: digital certificate, encrypted document, file security client.
The client receives the File Compress bag, automatic decompress(ion) after double-clicking, and the operation of file security client executable AutoBackground is carried out TCP to local area network, is linked to certificate server and carries out digital certificate authentication.In case authentication success, certificate server will be changed to this certificate " having used state ", next time except this with outdoor, this digital certificate can't be verified by.Client software is decrypted file, and obtains the CPU sequence number and the mainboard sequence number of local host.And the process of opening this document is monitored in real time.Workflow is seen accompanying drawing 4.Specific as follows:
I, user can be transparent editor's this document, client-side program prevents from file content is copied in other windows and the process by the means of duplicating stickup in editing process.Otherwise " Installed System Memory deficiency " error message will be pointed out by system.
II, user are when preserving or closing the file of opening, and client software will adopt local host fingerprint (CPU and mainboard sequence number hash) that this document is encrypted.
III, user are when preserving or closing the file of opening, and client software will adopt local host fingerprint (CPU and mainboard sequence number hash) that this document is encrypted.
IV, client software adopt injection mode, are present in all process spaces, and the user can't unload deletion.
In case V user distributes file to other disabled users, other users can't open file.
Administrative center is a core of implementing control.Its principle as shown in Figure 5.
2, outgoing document is for the realization of real-time control management, and system all operates in the mode of certificate.Find file because misoperation sends to an illegal user as: enterprise, can the digital certificate of this document correspondence be changed to " disarmed state " at certificate server so.When next time, the disabled user used this document, file will be by auto-destruct (non-decrypting).
Claims (4)
1. outgoing document security management system of supporting collaborative work is characterized in that: this system comprises authorizing and makes with the system security management center of management with certificate, obtains outgoing document tools that certificate and packing make authority and to the stealthy client of file encryption-decryption and monitoring.
2. the outgoing document security management system of support collaborative work according to claim 1 is characterized in that: described system security management center comprises:
Module is made in I, packing: the enterprise customer need obtain the mandate at system management center when making the outgoing document bag, creates certificate;
II, on-line authentication module: the authority to the each use authority file of client authenticates, legal users by authentication after normal use authority file;
III, certificate management: be responsible for the generation of certificate, authentification of user is by the management of back to certificate;
IV, log query and administration module: inquire about all enterprise staff packings and make daily record, all client's remote validation daily records, the condition managing of current outgoing document, constantly each outer file of sending out of tracking Control.
3. the outgoing document security management system of support collaborative work according to claim 1 is characterized in that: described outgoing document tools comprise:
I, obtain certificate module: obtain certificate from certificate server, the information of certificate and fileinfo and the binding of enterprise name information;
II, send out the authority modular converter outward: will treat that the outer authority of sending out encrypts;
Module is made in III, packing: the authority after certificate, client-side program and the encryption is handled, obtained the controllable outgoing document of native system.
4. the outgoing document security management system of support collaborative work according to claim 1 is characterized in that: described stealthy client comprises:
I, authority are used authentication module for the first time: when the client used the authority that enterprise provides for the first time, client was carried out certificate verification with online.Authentication success, the then normal use authority file of client;
II, On-line Control module: later user uses this document all to need online verification, by after just can continue to use;
III, file transparent add, deciphering module: when legitimate client was opened the authority that enterprise provides, client-side program was deciphered automatically to authority, when the user preserves authority is encrypted automatically, and whole process is transparent to the client; When operating this authority, illegal client will can not get plaintext document;
IV, authority use monitoring module: when legitimate client during in the authority of using enterprise to provide, client-side program is with complete monitoring: the client can only edit presents, file can not be pasted, copied to alternative document, guarantee that the plaintext of file is not stolen.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010138182A CN101826964A (en) | 2010-04-02 | 2010-04-02 | Outgoing document security management system supporting collaboration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010138182A CN101826964A (en) | 2010-04-02 | 2010-04-02 | Outgoing document security management system supporting collaboration |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101826964A true CN101826964A (en) | 2010-09-08 |
Family
ID=42690686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010138182A Pending CN101826964A (en) | 2010-04-02 | 2010-04-02 | Outgoing document security management system supporting collaboration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101826964A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710633A (en) * | 2012-05-29 | 2012-10-03 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN102902931A (en) * | 2011-07-28 | 2013-01-30 | 中国航天科工集团第二研究院七〇六所 | File encryption system and file encryption method |
| CN103561091A (en) * | 2013-10-31 | 2014-02-05 | 上海上讯信息技术有限公司 | Document outgoing control system and method |
| CN102902931B (en) * | 2011-07-28 | 2016-12-14 | 中国航天科工集团第二研究院七0六所 | The close system of files-designated and files-designated decryption method |
| CN106778302A (en) * | 2016-12-06 | 2017-05-31 | 金航数码科技有限责任公司 | A kind of secure exchange and sharing method of the electronic document of cross-system |
| CN116996329A (en) * | 2023-09-26 | 2023-11-03 | 云账户技术(天津)有限公司 | Enterprise information management method, device, equipment and storage medium based on cloud intranet |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110097A (en) * | 2007-08-17 | 2008-01-23 | 南京新模式软件集成有限公司 | Method for safely dispensing electronic document |
| CN101572659A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Network sharing range control method for files |
-
2010
- 2010-04-02 CN CN201010138182A patent/CN101826964A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101110097A (en) * | 2007-08-17 | 2008-01-23 | 南京新模式软件集成有限公司 | Method for safely dispensing electronic document |
| CN101572659A (en) * | 2008-04-30 | 2009-11-04 | 北京明朝万达科技有限公司 | Network sharing range control method for files |
Non-Patent Citations (1)
| Title |
|---|
| 上海华御信息技术有限公司: "《化御智能防信息泄密系统-产品白皮书》", 31 July 2008 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102902931A (en) * | 2011-07-28 | 2013-01-30 | 中国航天科工集团第二研究院七〇六所 | File encryption system and file encryption method |
| CN102902931B (en) * | 2011-07-28 | 2016-12-14 | 中国航天科工集团第二研究院七0六所 | The close system of files-designated and files-designated decryption method |
| CN102710633A (en) * | 2012-05-29 | 2012-10-03 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN102710633B (en) * | 2012-05-29 | 2015-06-10 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN103561091A (en) * | 2013-10-31 | 2014-02-05 | 上海上讯信息技术有限公司 | Document outgoing control system and method |
| CN106778302A (en) * | 2016-12-06 | 2017-05-31 | 金航数码科技有限责任公司 | A kind of secure exchange and sharing method of the electronic document of cross-system |
| CN116996329A (en) * | 2023-09-26 | 2023-11-03 | 云账户技术(天津)有限公司 | Enterprise information management method, device, equipment and storage medium based on cloud intranet |
| CN116996329B (en) * | 2023-09-26 | 2024-01-30 | 云账户技术(天津)有限公司 | Enterprise information management method, device, equipment and storage medium based on cloud intranet |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105103488B (en) | By the policy Enforcement of associated data | |
| JP6430968B2 (en) | Delayed data access | |
| US6246771B1 (en) | Session key recovery system and method | |
| KR100455327B1 (en) | Document authentication system and method | |
| CN102710633B (en) | Cloud security management system of security electronic documents and method | |
| US20050232421A1 (en) | Secure logging of transactions | |
| EP3585023B1 (en) | Data protection method and system | |
| CN105191207A (en) | Federated key management | |
| CN101098224B (en) | Method for encrypting/deciphering dynamically data file | |
| JP2004509398A (en) | System for establishing an audit trail for the protection of objects distributed over a network | |
| JP2007282295A (en) | Cryptographic system and method with key escrow feature | |
| CN101848207A (en) | Information-leakage prevention system based on integrated control management | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| CN107426223A (en) | Cloud file encryption and decryption method, encryption and decryption device and processing system | |
| CN202872828U (en) | A circulation control system of files | |
| CN114254269B (en) | System and method for determining rights of biological digital assets based on block chain technology | |
| CN112115199A (en) | Data management system based on block chain technology | |
| CN101826964A (en) | Outgoing document security management system supporting collaboration | |
| CN103310159A (en) | Method and system for safely taking out electronic file with mobile intelligent terminal | |
| CN114401087B (en) | Passive lock identity authentication and key agreement system based on state cryptographic algorithm | |
| CN116305287A (en) | File management method for preventing secret leakage | |
| CN100525176C (en) | Preventing system for information leakage under cooperative work environment and its realizing method | |
| CN100476750C (en) | System and method for monitoring and registering computer activity | |
| CN105306220A (en) | Smart secret key based file record control system and realization method thereof | |
| CN110474768A (en) | A kind of information safety transmission system and method having the control of group's decrypted rights |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100908 |