CN103347019A - Secret-leakage-resisting method based on watermark technology - Google Patents
Secret-leakage-resisting method based on watermark technology Download PDFInfo
- Publication number
- CN103347019A CN103347019A CN2013102733110A CN201310273311A CN103347019A CN 103347019 A CN103347019 A CN 103347019A CN 2013102733110 A CN2013102733110 A CN 2013102733110A CN 201310273311 A CN201310273311 A CN 201310273311A CN 103347019 A CN103347019 A CN 103347019A
- Authority
- CN
- China
- Prior art keywords
- user
- client
- watermark
- access strategy
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
- Editing Of Facsimile Originals (AREA)
Abstract
The invention provides a secret-leakage-resisting method based on the watermark technology. The method is applied to a system with a server and a client interconnected through a network. The method is characterized by including the steps of registering certification information on the server, setting an access strategy on the server, filtering access requests for application software from a user by the client according to the access strategy, for the application software limited by the access strategy, verifying the identity of the user by the client according to the certification information, if the verification is successful, continuing subsequent steps, if the verification is not successful, the access requests are denied, allocating a watermark for the user and giving permission to the access requests for the application software from the user by the client, and adding the watermark into a file operated by the application software limited by the access strategy. The secret-leakage-resisting method based on the watermark technology can make the historical record of access files of the user capable of being recorded and tracked, and after information is leaked, the tracking of the leakage source is facilitated.
Description
Technical field
The present invention relates to a kind of anti-method of divulging a secret, particularly relate to a kind of anti-method of divulging a secret based on digital watermark.
Background technology
Along with the raising of the electronic degree of office, teleworking has replaced traditional papery working way gradually, has also brought certain potential safety hazard when having made things convenient for our routine office work, because the risk of information leakage has also increased greatly.The employee have a mind to or unintentionally behavior may cause in-company file, message leaks, as the unofficial biography of document, the leakage of chat or mail.And because electronic document is easy to copy, transmit, be difficult to follow the trail of, make that often information leakage is difficult to the people that reviews or call to account later on.So need a kind of the method for identity marks to be carried out in employee's operation, the employee can note factum more like this, and taking place information leakage is later can to find the person liable very first time.Make things convenient for the information management of company, improve document and trace ability.
Summary of the invention
Shortcoming in view of above-mentioned prior art, the object of the present invention is to provide a kind of anti-method of divulging a secret based on digital watermark, be used for to solve uses history such as the prior art electronic document is checked, editor and be difficult to tracking, be difficult to after the information leakage to review or the people's that calls to account problem.
Reach other relevant purposes for achieving the above object, the invention provides a kind of anti-method of divulging a secret based on digital watermark, be applied to have the server by the network interconnection, the system of client, it is characterized in that, comprising: at the server registration authentication information; Set access strategy at server; According to access strategy, filter user, is verified user identity according to authentication information by client for the application software of being visited policy constraints using the access request of software, is proved to be successful then and continues by client; The unsuccessful then denied access request of checking; By client be the user distribute watermark and the user that lets pass to using the access request of software; Watermark is added in the document of the operated mistake of application software of being visited policy constraints.
Preferably, above-mentioned watermark adopts the Digital Signature Algorithm based on the asymmetric encryption mode to be added in the document.
As mentioned above, the anti-method of divulging a secret based on digital watermark of the present invention, have following beneficial effect: the historical record of user's access document can be recorded tracking, is convenient to follow the trail of the source of leakage after information is revealed.And owing to adopt Digital Signature Algorithm based on the asymmetric encryption mode, public and private key can separate management, when needs do not have the document of watermark mark, can remove watermark easily by the keeper.
Description of drawings
Fig. 1 is shown as the flow chart of the anti-method of divulging a secret that the present invention is based on digital watermark.
Embodiment
Below by specific instantiation explanation embodiments of the present invention, those skilled in the art can understand other advantages of the present invention and effect easily by the disclosed content of this specification.The present invention can also be implemented or be used by other different embodiment, and the every details in this specification also can be based on different viewpoints and application, carries out various modifications or change under the spirit of the present invention not deviating from.
See also accompanying drawing.Need to prove, the diagram that provides in the present embodiment only illustrates basic conception of the present invention in a schematic way, satisfy only show in graphic with the present invention in relevant assembly but not component count, shape and size drafting when implementing according to reality, kenel, quantity and the ratio of each assembly can be a kind of random change during its actual enforcement, and its assembly layout kenel also may be more complicated.
The anti-method of divulging a secret based on digital watermark of the present invention, be applicable to the server that has by the network interconnection, the system of client, usually, server end can be installed on computer with management function, the hardware server, and client can be installed on the computer or other terminal that hope managed.
Consult Fig. 1 below, Fig. 1 is shown as the flow chart of the anti-method of divulging a secret that the present invention is based on digital watermark.Wherein step S1 is illustrated in authentication registration information on the server, the mode of authentication registration information such as but not limited to, set up a user identity, password correspondence table, also can using-system in original employee's authentication mode.
Step S2 represents to arrange access strategy.Access strategy can comprise user access policies and file access strategy, user access policies can shape as, " user A; office word; active/negative ", wherein, " user A " represents User Catalog, " office word " represents application catalog, " active/negative " expression application catalog character belongs to " blacklist "/" white list ", wherein " blacklist " is that application software listed in the software catalog is restricted application software, unlisted application software then is non-limited applications software in the catalogue, " white list " is that application software listed in the software catalog is non-restricted application software, and unlisted application software then is limited applications software in the catalogue." user B, null, active " can represent that user B uses any software all unrestricted.
File access strategy shape is as " file a; active/negative; ± N ", wherein, " file a " represents restricted file catalogue, and " active/negative " expression file catalogue character belongs to " blacklist "/" white list ", " ± N " is marking convention, the mode that expression is added watermark to the document, the watermark that+1 expression will be visited 1 user of the document at first adds the document, and later user's visit does not then add;-1 expression only will nearest 1 visit the document user's watermark add the document, when having the user of renewal to visit, with the alternative original watermark of new user's watermark, by that analogy.If the file access strategy is " file b, active, all ", represent that then file b is restricted, and the watermark that all operations need be crossed the user of file b all adds file b.Preferably, the file catalogue part can also be supported asterisk wildcard, file type etc. is set.
It still is the file access strategy that those skilled in the art can select to use user access policies as required, and perhaps both all use.Access strategy can be stored in relational database, text etc. mode.Be illustrative purposes only, in this example, use user access policies and file access strategy simultaneously, the user access policies content is " user A, office word, active " clauses and subclauses.Be understandable that those skilled in the art can be as required, arrange such as " user B, IE browser " when using the IE browser (be user B limited), " user C, null " (be user C use any software not limited) etc.The content of file access strategy is " file a, active ,-1 ", and wherein file a refers to one piece of word document.
Step S3 represents to be installed in can be according to the operation requests of above-mentioned application software catalogue filtration to application software on this computer by the client on the supervisory computer.When the user asks to visit certain application software, client can be intercepted and captured user's request, inquires about above-mentioned restricted application software catalogue then, if the application software of request is not listed by catalogue, then directly let pass and ask, the user can normally use the application software of asking; If the application software of request is listed by catalogue, that client can require identifying user identity.Such as but not limited to, require the user to import username-password, client is imported according to the user then, authentication information table on the querying server, if the username-password of user's input is illegal, then refusing user's is used this application software; If the username-password of user's input is legal, then continue follow-up step.Preferably, client should can make the inventive method be applicable to more applications software in system drive layer interception application program of user access request like this.In this example, customer end adopted hook program realizes, namely plan to start office word when user A double-clicks file a() time, its request is intercepted and captured by client, this moment, client ejected username-password input dialogue frame, required the user to import username-password, if the username-password of input does not belong to authentication information table, then think illegal, the prompting user re-enters; Otherwise carry out subsequent step.
Step S4 represents that user A identity is legal by client validation, and be that user distribute watermark by client this moment.This watermark can generate based on employee's job number, identification card number, name etc. information, can the identifying user identity.The user let pass simultaneously to using the request of software, and the user can bring into use application software.In this example, client generates watermark according to user's job number.
Step S5 represents watermark to be added in the document of application software operation by client, and before the adding, client can check the file access strategy of server end earlier, determines the concrete behavior that adds watermark then.In this example, client meeting elder generation checks the file access strategy, finds that the file a that the user opens belongs to restricted file, and the tactful this document that is set to need be with last user's watermark information adding file, so client is with the watermark adding file a of user A.The technology that adds watermark is as well known to those skilled in the art.In this example, can adopt the E-seal mode based on rivest, shamir, adelman.After adding watermark, the request of the office word of client clearance user A, office word is activated, and file a is opened.
In above-described embodiment, if only be provided with user access policies, then step S5 only needs directly to add watermark and gets final product, and does not need to reexamine the file access strategy.
Preferably, in above-described embodiment, the watermark that adds document can be removed, owing to adopt the electronic signature mode of asymmetric arithmetic in this example, for example, when adding watermark, client adds with PKI, and private key is by the Admin Administration.When needs were removed the watermark of file a, the user can be to keeper's submit applications, and the keeper handles watermark with private key again, reached the purpose of removing watermark.
More preferably, client has two kinds of working methods, i.e. line model and off-line mode in above-described embodiment.When client and server networking, the client synchronous a access strategy of meeting and authentication information are to client place computer, terminal.Then when client off-line, still can finish behaviors such as the user authenticates, file access control.
Need to prove that during practical application, those skilled in the art can make various changes to above-described embodiment as required, such as but not limited to, use the mode of single-sign-on to realize that the user authenticates; Can also comprise browser, pdf etc. application software name in the application catalog, or use process name; File directory can comprise URL of filename, file type or webpage etc.
In sum, the anti-method of divulging a secret based on digital watermark of the present invention makes the historical record of user's access document can be recorded tracking, is convenient to follow the trail of the source of leakage after information is revealed.And owing to adopt Digital Signature Algorithm based on the asymmetric encryption mode, public and private key can separate management, when needs do not have the document of watermark mark, can remove watermark easily by the keeper.So the present invention has effectively overcome various shortcoming of the prior art and the tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not is used for restriction the present invention.Any person skilled in the art scholar all can be under spirit of the present invention and category, and above-described embodiment is modified or changed.Therefore, have in the technical field under such as and know that usually the knowledgeable modifies or changes not breaking away from all equivalences of finishing under disclosed spirit and the technological thought, must be contained by claim of the present invention.
Claims (7)
1. the anti-method of divulging a secret based on digital watermark is applied to have the server by the network interconnection, the system of client, it is characterized in that, comprising:
At described server registration authentication information;
Set access strategy at described server;
According to described access strategy, filter user, is verified user identity according to described authentication information by described client for the application software that is subjected to described access strategy restriction using the access request of software, is proved to be successful then and continues by described client; Checking gets nowhere and then refuses described access request;
By described client be described user distribute watermark and the described user that lets pass to using the access request of software;
Described watermark is added in the document of the described operated mistake of application software that is subjected to described access strategy restriction.
2. the anti-method of divulging a secret based on digital watermark according to claim 1 is characterized in that, described watermark adopts the E-seal mode based on rivest, shamir, adelman.
3. the anti-method of divulging a secret based on digital watermark according to claim 1 is characterized in that described access strategy comprises user access policies and file access strategy.
4. the anti-method of divulging a secret based on digital watermark according to claim 3 is characterized in that described user access policies comprises User Catalog, application software catalogue and application software catalogue character; Described file access strategy comprises file directory, file directory character and marking convention.
5. the anti-method of divulging a secret based on digital watermark according to claim 4 is characterized in that, described file directory part can arrange with asterisk wildcard or file type mode.
6. the anti-method of divulging a secret based on digital watermark according to claim 5, it is characterized in that described watermark being added in the document of the described operated mistake of application software that is subjected to described access strategy restriction is to be finished according to described file access strategy by described client.
7. according to any described anti-method of divulging a secret based on digital watermark of claim 1-6, it is characterized in that, when described client and described server are networked successfully, the authentication information on the described server and access strategy are synchronized to computer or the terminal at described client place by described client; When described client and described server networking failure, described client is carried out described step after the step of described server setting access strategy according to the authentication information on described computer or the terminal and access strategy.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102733110A CN103347019A (en) | 2013-06-28 | 2013-06-28 | Secret-leakage-resisting method based on watermark technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013102733110A CN103347019A (en) | 2013-06-28 | 2013-06-28 | Secret-leakage-resisting method based on watermark technology |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103347019A true CN103347019A (en) | 2013-10-09 |
Family
ID=49281793
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013102733110A Pending CN103347019A (en) | 2013-06-28 | 2013-06-28 | Secret-leakage-resisting method based on watermark technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103347019A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980617A (en) * | 2014-04-14 | 2015-10-14 | 华为技术有限公司 | Anti-photographing auditing method and device |
| CN108230221A (en) * | 2017-05-17 | 2018-06-29 | 深圳市创梦天地科技有限公司 | Watermark generation method and device, terminal |
| CN109583218A (en) * | 2018-11-23 | 2019-04-05 | 泰康保险集团股份有限公司 | Classified papers protection, localization method, device, equipment and readable storage medium storing program for executing |
| WO2019201075A1 (en) * | 2018-04-16 | 2019-10-24 | 深圳市联软科技股份有限公司 | Method and apparatus for generating watermark in a timely manner, and storage medium and system |
| WO2019201076A1 (en) * | 2018-04-16 | 2019-10-24 | 深圳市联软科技股份有限公司 | Method, apparatus, and system for adding watermark to secret file, and medium |
| CN111970114A (en) * | 2020-08-31 | 2020-11-20 | 中移(杭州)信息技术有限公司 | File encryption method, system, server and storage medium |
| CN113254408A (en) * | 2021-07-13 | 2021-08-13 | 北京艾秀信安科技有限公司 | Invisible mark adding method, device, medium and electronic equipment |
| US11361055B1 (en) | 2020-12-04 | 2022-06-14 | International Business Machines Corporation | Protection of a content repository using dynamic watermarking |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082704A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团河北有限公司 | Safety monitoring method and system |
| CN102880820A (en) * | 2012-08-14 | 2013-01-16 | 东莞宇龙通信科技有限公司 | Method for accessing application program of mobile terminal and mobile terminal |
-
2013
- 2013-06-28 CN CN2013102733110A patent/CN103347019A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102082704A (en) * | 2009-11-30 | 2011-06-01 | 中国移动通信集团河北有限公司 | Safety monitoring method and system |
| CN102880820A (en) * | 2012-08-14 | 2013-01-16 | 东莞宇龙通信科技有限公司 | Method for accessing application program of mobile terminal and mobile terminal |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104980617A (en) * | 2014-04-14 | 2015-10-14 | 华为技术有限公司 | Anti-photographing auditing method and device |
| CN104980617B (en) * | 2014-04-14 | 2018-05-04 | 华为技术有限公司 | Anti- take pictures auditing method and device |
| CN108230221A (en) * | 2017-05-17 | 2018-06-29 | 深圳市创梦天地科技有限公司 | Watermark generation method and device, terminal |
| WO2019201075A1 (en) * | 2018-04-16 | 2019-10-24 | 深圳市联软科技股份有限公司 | Method and apparatus for generating watermark in a timely manner, and storage medium and system |
| WO2019201076A1 (en) * | 2018-04-16 | 2019-10-24 | 深圳市联软科技股份有限公司 | Method, apparatus, and system for adding watermark to secret file, and medium |
| CN109583218A (en) * | 2018-11-23 | 2019-04-05 | 泰康保险集团股份有限公司 | Classified papers protection, localization method, device, equipment and readable storage medium storing program for executing |
| CN109583218B (en) * | 2018-11-23 | 2021-03-05 | 泰康保险集团股份有限公司 | Confidential file protection and positioning method, device, equipment and readable storage medium |
| CN111970114A (en) * | 2020-08-31 | 2020-11-20 | 中移(杭州)信息技术有限公司 | File encryption method, system, server and storage medium |
| CN111970114B (en) * | 2020-08-31 | 2023-08-18 | 中移(杭州)信息技术有限公司 | File encryption method, system, server and storage medium |
| US11361055B1 (en) | 2020-12-04 | 2022-06-14 | International Business Machines Corporation | Protection of a content repository using dynamic watermarking |
| CN113254408A (en) * | 2021-07-13 | 2021-08-13 | 北京艾秀信安科技有限公司 | Invisible mark adding method, device, medium and electronic equipment |
| CN113254408B (en) * | 2021-07-13 | 2021-11-12 | 北京艾秀信安科技有限公司 | Invisible mark adding method, device, medium and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103347019A (en) | Secret-leakage-resisting method based on watermark technology | |
| CN109889503B (en) | Identity management method based on block chain, electronic device and storage medium | |
| US10516674B2 (en) | Method and systems for virtual file storage and encryption | |
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| US9161226B2 (en) | Associating services to perimeters | |
| CN108351771B (en) | Maintaining control over restricted data during deployment to a cloud computing environment | |
| CN104685511B (en) | Policy management system, ID suppliers system and tactical comment device | |
| EP1933264A1 (en) | Policy enforcement via attestations | |
| CN107003886A (en) | The management that application of the trustship directory service to catalogue is accessed | |
| WO2009032511A2 (en) | Transferable restricted security tokens | |
| CN105262780B (en) | A kind of authority control method and system | |
| US20140173706A1 (en) | Apparatus and data processing systems for accessing an object | |
| CN1905446A (en) | Client-based method, system to manage multiple authentication | |
| WO2020145967A1 (en) | Access control method | |
| CN110569658A (en) | User information processing method and device based on block chain network, electronic equipment and storage medium | |
| CN111242248B (en) | Personnel information monitoring method, device and computer storage medium | |
| US20190081794A1 (en) | Systems and methods for user identity | |
| CN112202708A (en) | Identity authentication method and device, electronic equipment and storage medium | |
| CN104320392A (en) | Unified user authentication method | |
| CN103152425A (en) | Safety management system for mobile device based on cloud technology | |
| CN107483477B (en) | Account management method and account management system | |
| WO2021173263A1 (en) | Story assisted mnemonic phrase | |
| CN111737232A (en) | Database management method, system, device, equipment and computer storage medium | |
| CN108769004B (en) | Remote operation safety verification method for industrial internet intelligent equipment | |
| CN106992978A (en) | Network safety managing method and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20131009 |
|
| RJ01 | Rejection of invention patent application after publication |