CN102299920A - Electronic document safety management system - Google Patents
Electronic document safety management system Download PDFInfo
- Publication number
- CN102299920A CN102299920A CN2011102178363A CN201110217836A CN102299920A CN 102299920 A CN102299920 A CN 102299920A CN 2011102178363 A CN2011102178363 A CN 2011102178363A CN 201110217836 A CN201110217836 A CN 201110217836A CN 102299920 A CN102299920 A CN 102299920A
- Authority
- CN
- China
- Prior art keywords
- user
- electronic document
- client
- management system
- safety management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an electronic document safety management system which is implemented through the following steps: (1) when a user logs in, an authentication server authenticates the identity of the user; (2) when the user pass through the authentication, the authentication server notifies a service system with user information, the service system records login information of the user and returns authority information for user to operate an electronic document back to a client; (3) the client authorizes the user according to the received authority information of the user; (4) the user operates the electronic document within an authorized range, and the client records the operations of the user; and (5) the user logs out, and the service system records the log-out information of the user. The system can be used for completely eradicating the safety problems caused by the operation of stealing user names and passwords; the system can ensure the truth, integrality and non-repudiation of the electronic document; and the system can be used for effectively avoiding the leakage of confidential information.
Description
Technical field
The present invention relates to a kind of electronic document safety management system.
Background technology
Along with the high speed development of Internet technology, the informatization of tissues such as enterprise begins to have obtained considerable must the propelling.This just makes electronic document become the important carrier that carries out information exchange between the inside and outside portion of main mode and enterprise of company information storage.With main means such as hacker, wooden horse and employee divulge a secret is the information security threats of representative, becomes the important potential safety hazard of enterprise information system.How to protect the safety of electronic document to greatest extent, beginning more and more comes into one's own.
The precautionary measures such as the existing fire compartment wall of enterprise, intrusion detection and anti-virus software can be taken precautions against disabled user's invasion and stealing enterprise-essential information effectively relatively.Yet uncontrollable enterprises employee's behavior.Statistics shows that the leakage of a state or party secret more than 50% takes place because of the interior employee.Immediate communication tool, Email, printing, portable computer are lost etc. becomes the new leak channel of enterprise.Therefore must strengthen the interior employee is used the strictness mandate and the management of document authority, the leakage of stopping confidential information technically prevents trouble before it happens.
Summary of the invention
Goal of the invention: the problem and shortage at above-mentioned prior art exists the purpose of this invention is to provide a kind of electronic document safety management system that prevents information leakage.
Technical scheme: for achieving the above object, the technical solution used in the present invention is a kind of electronic document safety management system, comprises the steps:
(1) when logging in system by user, certificate server authenticates user identity;
(2) after authentication was passed through, certificate server was user profile informing business system, and the log-on message of operation system recording user also returns to client with the user to electronic document operation permission information;
(3) client is given subscriber authorisation according to the user's who receives authority information;
(4) user operates electronic document within the scope of authority, client records user's operation behavior;
(5) user log off, the information that withdraws from of operation system recording user.
Described electronic document can carry out the encryption and decryption operation by client.
Described electronic document can ciphertext in transmission and storing process mode exist, only when authorized users was checked this electronic document in the mandate environment, client was deciphered this electronic document.
In the described step (1), the pattern of authentication can be USB KEY and adds customer digital certificate.
Authority information in the described step (2) also can comprise the term of validity of authority.
In the described step (4), the user can have digital signature to all operations record of electronic document.
Beneficial effect: the present invention stops the safety problem because of user name, the stolen generation of password by the certification mode that USB KEY adds customer digital certificate; In conjunction with digest algorithm, determine the electronic document person's of sending identity by authentication and informative abstract, guarantee authenticity, integrality and the non repudiation of electronic document; Utilize the mode of encrypting that electronic document is changed into ciphertext, the mode with ciphertext exists all the time in electronic document transmission, storing process, has effectively avoided the generation of the situation of divulging a secret.
Description of drawings
Fig. 1 is a flow chart of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, further illustrate the present invention, should understand these embodiment only is used to the present invention is described and is not used in and limit the scope of the invention, after having read the present invention, those skilled in the art all fall within the application's claims institute restricted portion to the modification of the various equivalent form of values of the present invention.
As shown in Figure 1, the present invention includes following steps:
(1) when logging in system by user, certificate server authenticates user identity:
When authentication is meant logging in system by user or does important operation its identity is differentiated.The present invention adopts USBKEY to add the dynamic double factor authentication mode of digital certificate: utilize USB KEY equipment and user's digital certificate, produce a dynamic random number at every turn when authenticating, whether the checking user is consistent with the information of server.Proof procedure realizes there is not error by cryptographic algorithm.Each dynamic random number that produces can not cause damage because of log-on message is stolen.USB KEY equipment can be carried.
(2) after authentication was passed through, certificate server was user profile informing business system, and the log-on message of operation system recording user also returns to client with the user to electronic document operation permission information.
(3) client is given subscriber authorisation according to the user's who receives authority information:
Can give system user or certain role who is authorized to file-sharing.Can limit the authority that other people share.Can reclaim Share Permissions, set the effective time of sharing.
The control of authority of classification can with different departments and employee to the operating right of same document separately be divided into preview, prints, and downloads, and shares, and uploads, and is newly-built, revises deletion, authority such as control fully.Authority can be provided with reclaim mechanism, i.e. the term of validity of authority.
The control of authority adopts USB KEY to add the strong identity authentication pattern of customer digital certificate, effectively avoids falsely using others' authority and carries out illegal operation.
(4) user operates electronic document within the scope of authority, client records user's operation behavior:
Electronic document carries out the encryption and decryption operation by client.The same with authentication, the encryption and decryption of electronic document equally also is the basis of realizing file security.Encryption refers to by encryption technology, file content is converted to the ciphertext form preserves.By document is carried out encryption and decryption, can guarantee that electronic document can only be in the applied environment (legal client) of authorizing, authorized users (author of document, and mandate deciphering person) decipher and use, thereby effectively controlled the range of application of electronic document.At this moment, enter system, also document or particular content can't be taken to outside the mandate environment even some lawless person has walked around identity authorization system by some any special measures.Equally, the personnel of internal system are brought into the same can't the application and decipher in other environment with the electronic document of encrypting.
The present invention adopts 1024 asymmetric encryption modes, and encryption key separates with decruption key, has improved the fail safe of ciphertext greatly.
Complete operation note and log record can write down each user and the keeper any operation in system.Can the recording operation daily record, promptly user's document operating position can comprise modification, deletion is checked, retrieval or the like action.Can write down the login daily record, i.e. user's login situation.Also can the database of record daily record, promptly database is operated.Can define the early warning of daily record, such as the indexs such as quantity of file download.
The all operation notes of user all have digital signature protection, effectively prevent to deny phenomenon and occur, and signing messages meets the requirement of law of electronic signature, is protected by law.
(5) user log off, the information that withdraws from of operation system recording user.
Claims (6)
1. an electronic document safety management system is characterized in that, comprises the steps:
(1) when logging in system by user, certificate server authenticates user identity;
(2) after authentication was passed through, certificate server was user profile informing business system, and the log-on message of operation system recording user also returns to client with the user to electronic document operation permission information;
(3) client is given subscriber authorisation according to the user's who receives authority information;
(4) user operates electronic document within the scope of authority, client records user's operation behavior;
(5) user log off, the information that withdraws from of operation system recording user.
2. according to the described electronic document safety management system of claim 1, it is characterized in that: described electronic document carries out the encryption and decryption operation by client.
3. according to the described electronic document safety management system of claim 2, it is characterized in that: described electronic document mode with ciphertext in transmission and storing process exists, only when authorized users was checked this electronic document in the mandate environment, client was with this electronic document deciphering.
4. according to the described electronic document safety management system of claim 1, it is characterized in that: in the described step (1), the pattern of authentication adds customer digital certificate for USB KEY.
5. according to the described electronic document safety management system of claim 1, it is characterized in that: the authority information in the described step (2) also comprises the term of validity of authority.
6. according to the described electronic document safety management system of claim 1, it is characterized in that: in the described step (4), the user has digital signature to all operations record of electronic document.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102178363A CN102299920A (en) | 2011-08-01 | 2011-08-01 | Electronic document safety management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102178363A CN102299920A (en) | 2011-08-01 | 2011-08-01 | Electronic document safety management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102299920A true CN102299920A (en) | 2011-12-28 |
Family
ID=45360095
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2011102178363A Pending CN102299920A (en) | 2011-08-01 | 2011-08-01 | Electronic document safety management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102299920A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103353953A (en) * | 2013-04-27 | 2013-10-16 | 江苏鹏力高通通信技术有限公司 | Method for carrying out computer information management by using resident identification cards |
| CN103491091A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | Method and system for monitoring user operation based on data bank |
| CN104392405A (en) * | 2014-11-14 | 2015-03-04 | 杭州银江智慧医疗集团有限公司 | Electronic medical record safety system |
| CN104917741A (en) * | 2014-07-19 | 2015-09-16 | 国家电网公司 | Cleartext-document public network safety transmission system based on USBKEY |
| CN105516136A (en) * | 2015-12-08 | 2016-04-20 | 深圳市口袋网络科技有限公司 | Authority management method, device and system |
| CN105635047A (en) * | 2014-10-29 | 2016-06-01 | 江苏威盾网络科技有限公司 | File-level access admission safety control system based on firewall |
| CN107563221A (en) * | 2017-09-04 | 2018-01-09 | 安徽爱她有果电子商务有限公司 | A kind of certification decoding security management system for encrypting database |
| CN108205628A (en) * | 2016-12-20 | 2018-06-26 | 珠海金山办公软件有限公司 | A kind of authority application method and device |
| CN109977698A (en) * | 2019-03-26 | 2019-07-05 | 山东浪潮通软信息科技有限公司 | A kind of framework method of anti-repudiation |
-
2011
- 2011-08-01 CN CN2011102178363A patent/CN102299920A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103353953A (en) * | 2013-04-27 | 2013-10-16 | 江苏鹏力高通通信技术有限公司 | Method for carrying out computer information management by using resident identification cards |
| CN103491091A (en) * | 2013-09-24 | 2014-01-01 | 长沙裕邦软件开发有限公司 | Method and system for monitoring user operation based on data bank |
| CN104917741A (en) * | 2014-07-19 | 2015-09-16 | 国家电网公司 | Cleartext-document public network safety transmission system based on USBKEY |
| CN104917741B (en) * | 2014-07-19 | 2018-10-02 | 国家电网公司 | A kind of plain text document public network secure transmission system based on USBKEY |
| CN105635047A (en) * | 2014-10-29 | 2016-06-01 | 江苏威盾网络科技有限公司 | File-level access admission safety control system based on firewall |
| CN104392405A (en) * | 2014-11-14 | 2015-03-04 | 杭州银江智慧医疗集团有限公司 | Electronic medical record safety system |
| CN105516136A (en) * | 2015-12-08 | 2016-04-20 | 深圳市口袋网络科技有限公司 | Authority management method, device and system |
| CN108205628A (en) * | 2016-12-20 | 2018-06-26 | 珠海金山办公软件有限公司 | A kind of authority application method and device |
| CN107563221A (en) * | 2017-09-04 | 2018-01-09 | 安徽爱她有果电子商务有限公司 | A kind of certification decoding security management system for encrypting database |
| CN109977698A (en) * | 2019-03-26 | 2019-07-05 | 山东浪潮通软信息科技有限公司 | A kind of framework method of anti-repudiation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102299920A (en) | Electronic document safety management system | |
| Basharat et al. | Database security and encryption: A survey study | |
| KR102055116B1 (en) | Data security service | |
| CN102664885B (en) | Identity authentication method based on biological feature encryption and homomorphic algorithm | |
| US8984611B2 (en) | System, apparatus and method for securing electronic data independent of their location | |
| CN103248479A (en) | Cloud storage safety system, data protection method and data sharing method | |
| CN105740725A (en) | File protection method and system | |
| CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
| CN107563221A (en) | A kind of certification decoding security management system for encrypting database | |
| CN112329050A (en) | File security management terminal and system | |
| CN104376270A (en) | File protection method and system | |
| CN101197822B (en) | System for preventing information leakage and method based on the same | |
| US20220004649A1 (en) | System and methods for using cipher objects to protect data | |
| Sharma et al. | Analysis of ransomware attack and their countermeasures: A review | |
| Jenani | Network security, a challenge | |
| Chinedu et al. | Security of cloud virtualized resource on a SaaS encryption solution | |
| CN113901507B (en) | Multi-party resource processing method and privacy computing system | |
| AU2020286292B2 (en) | Secure message passing using semi-trusted intermediaries | |
| KR102055888B1 (en) | Encryption and decryption method for protecting information | |
| Min et al. | Practices of agile manufacturing enterprise data security and software protection | |
| Kang et al. | A study on the needs for enhancement of personal information protection in cloud computing security certification system | |
| CN107315963A (en) | A kind of financial management method with remote access function | |
| CN108985079B (en) | Data verification method and verification system | |
| Ramesh | Research Paper on Crytography and Network Security | |
| Selvakumar et al. | Secure Sharing of Data in Private Cloud by RSA-OAEP Algorithm |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20111228 |