CN112115433A - Method for tracing source of confidential document, document calling server and security server - Google Patents

Method for tracing source of confidential document, document calling server and security server Download PDF

Info

Publication number
CN112115433A
CN112115433A CN202011043616.9A CN202011043616A CN112115433A CN 112115433 A CN112115433 A CN 112115433A CN 202011043616 A CN202011043616 A CN 202011043616A CN 112115433 A CN112115433 A CN 112115433A
Authority
CN
China
Prior art keywords
confidential document
document
information
copy
confidential
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011043616.9A
Other languages
Chinese (zh)
Inventor
李江东
王秋卉
闫立志
苏晨
付明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Construction Bank Corp
Original Assignee
China Construction Bank Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Construction Bank Corp filed Critical China Construction Bank Corp
Priority to CN202011043616.9A priority Critical patent/CN112115433A/en
Publication of CN112115433A publication Critical patent/CN112115433A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06KGRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
    • G06K17/00Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
    • G06K17/0022Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
    • G06K17/0025Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device the arrangement consisting of a wireless interrogation device in combination with a device for optically marking the record carrier

Abstract

The present disclosure relates to the field of computer technologies, and in particular, to a method for tracing a confidential document, a document calling server, and a security server. The method comprises the steps of receiving a request for calling the classified document from a user terminal; acquiring a corresponding confidential document according to the confidential document request; generating characteristic information of the called confidential document according to the request for calling the confidential document; generating a transparent layer according to the characteristic information; and combining the confidential document and the transparent layer into an uneditable confidential document copy and sending the confidential document copy to the user terminal. By using the embodiment of the text, the called confidential document copy can be tracked, so that the attention of a user to the confidential document is warned, and the behavior that the subsequent confidential document is disclosed to an external network is prevented.

Description

Method for tracing source of confidential document, document calling server and security server
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method for tracing a confidential document, a document calling server, and a security server.
Background
In recent years, with the rapid development of internet and multimedia technology, electronic documents are commonly used, which greatly improves the information transfer processing efficiency, and meanwhile, there are many hidden troubles of information leakage, such as: and storing, transmitting, printing, copying, screen capturing, photographing and the like sensitive information in the electronic document. For electronic files bearing a large amount of sensitive personal information, commercial secret information and national secret information, an advanced technical means is urgently needed for protection, and the information leakage behavior is effectively deterred and traced under the condition that the existing user experience and application system processing are not influenced.
How to solve the problem that confidential documents are leaked and cannot be traced in the prior art is an urgent need to solve.
Disclosure of Invention
In order to solve the problems in the prior art, embodiments of the present disclosure provide a method and an apparatus for tracing to a source of a confidential document, which are used to solve the problem in the prior art that the confidential document is disclosed to an external network by a user and the user cannot be traced.
The embodiment of the present disclosure provides a method for tracing a confidential document, including,
receiving a request for calling the classified document from a user terminal;
acquiring a corresponding confidential document according to the confidential document request;
generating characteristic information of the called confidential document according to the request for calling the confidential document;
generating a transparent layer according to the characteristic information;
and combining the confidential document and the transparent layer into an uneditable confidential document copy and sending the confidential document copy to the user terminal.
The embodiment of the present disclosure further provides a method for tracing a source of a confidential document, including,
acquiring a copy of the suspicious confidential document;
identifying whether the suspicious confidential document copy is a confidential document copy;
acquiring characteristic information of a two-dimensional code form at a designated position of a confidential document copy;
and analyzing the characteristic information in the two-dimensional code form to obtain the related information for calling the confidential document copy.
Embodiments herein also provide a document invocation server, including,
the receiving unit is used for receiving a request for calling the classified document from the user terminal;
the acquisition unit is used for acquiring the corresponding confidential documents according to the confidential document request;
the characteristic information unit is used for generating the characteristic information of the calling confidential document according to the calling confidential document request;
the layer generating unit is used for generating a transparent layer according to the characteristic information;
and the confidential document copy generating unit is used for merging the confidential document and the transparent layer into an uneditable confidential document copy and sending the uneditable confidential document copy to the user terminal.
Embodiments herein also provide a security server, comprising,
the document acquisition unit is used for acquiring a suspicious confidential document copy;
the identification unit is used for identifying whether the suspicious confidential document copy is a confidential document copy;
the characteristic information acquisition unit is used for acquiring characteristic information in a two-dimensional code form at the designated position of the confidential document copy;
and the analysis unit is used for analyzing the characteristic information in the two-dimensional code form and acquiring related information for calling the confidential document copy.
Embodiments herein also provide a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the above-mentioned method when executing the computer program.
Embodiments herein also provide a computer-readable storage medium having stored thereon computer instructions, which when executed by a processor, implement the above-described method.
By using the embodiment of the text, the called confidential document copy can be tracked, so that the attention of a user to the confidential document is warned, and the behavior that the subsequent confidential document is disclosed to an external network is prevented.
Drawings
In order to more clearly illustrate the embodiments or technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic diagram illustrating a confidential document tracing system according to an embodiment of the present disclosure;
FIG. 2 is a flowchart illustrating a method for tracing a source of a confidential document according to an embodiment of the present disclosure;
FIG. 3a is a diagram illustrating a correspondence between a confidential document and feature information in a transparent layer according to an embodiment of the present disclosure;
FIG. 3b is a diagram illustrating a correspondence between the confidential document and the feature information in the transparent layer according to an embodiment of the present disclosure;
fig. 3c is a schematic diagram illustrating splitting of feature information in a two-dimensional code form according to an embodiment of the present disclosure;
FIG. 3d is a schematic diagram illustrating the feature information in the form of a two-dimensional code after splitting is placed in a no-content area of a confidential document according to the embodiment of the present disclosure;
FIG. 4 is a flowchart illustrating a method for tracing a source of a confidential document according to an embodiment of the present disclosure;
FIG. 5 is a block diagram illustrating a document invocation server according to an embodiment of the present disclosure;
FIG. 6 is a schematic structural diagram of a security server according to an embodiment of the present disclosure;
FIG. 7 is a flowchart illustrating a method for tracing a source of a confidential document according to an embodiment of the present disclosure;
FIG. 8 is a flowchart illustrating a method for tracing a source of a confidential document according to an embodiment of the present disclosure;
fig. 9 is a schematic structural diagram of a document calling server or a security server according to an embodiment of the present invention.
[ brief description of the drawings ]
101. A user terminal;
102. a confidential document;
103. a document calling server;
104. a copy of the confidential document;
105. an external network;
106. a security server;
501. a receiving unit;
502. an acquisition unit;
503. a feature information unit;
504. a layer generation unit;
5041. a layer generation module;
5042. arranging a module;
5043. an analysis module;
5044. splitting the module;
5045. a recording module;
505. a secret-related document copy generating unit;
506. a permission unit;
507. a conversion unit;
508. a hash calculation unit;
509. a storage unit;
601. a document acquisition unit;
602. an identification unit;
603. a characteristic information acquisition unit;
6031. a splicing module;
604. an analysis unit;
605. a hash calculation unit;
606. a comparison unit;
607. a transmitting unit;
902. a computing device;
904. a processing device;
906. a storage resource;
908. a drive mechanism;
910. an input/output module;
912. an input device;
914. an output device;
916. a presentation device;
918. a graphical user interface;
920. a network interface;
922. a communication link;
924. a communication bus.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments herein without making any creative effort, shall fall within the scope of protection.
As shown in fig. 1, a schematic diagram of a confidential document tracing system according to an embodiment of the present disclosure is described in the present figure, where a user calls a confidential document 102 through a user terminal 101, a document call server 103 processes the confidential document 102, implants feature information associated with the current call into the confidential document 102, and sends a copy 104 of the confidential document added with the feature information to the user terminal 101. The user who obtains the confidential document copy 104 uploads the confidential document copy 104 to the external network 105 in violation of the confidentiality responsibility, and the security server 106 obtains the confidential document copy 104 from the external network 105, analyzes the confidential document copy 104, and determines which user uploads the confidential document copy 104 to the external network 105. The system of the embodiment of the text can track the called confidential document copy, thereby warning the user of paying attention to the confidential document and preventing the behavior that the subsequent confidential document is disclosed to an external network.
Fig. 2 is a flowchart of a method for tracing a source of a confidential document according to an embodiment of the present disclosure, in which a processing flow when an internal user downloads and uses the confidential document is described, and the internal confidential document needs to be called when the user uses personal research, reference data, project development, and the like, if the user uploads the internal confidential data to the internet, the user will have a great influence on the unit and company where the user is located, and the user may need to take legal responsibility for the reason, however, such actions of uploading or losing confidential documents are difficult to track, and therefore, the method described herein is provided, when the user calls the confidential document, the characteristic information of the copy of the confidential document is implanted, so that the confidential document copy has the characteristic information called this time, the characteristic information may include user information, such as a user name, a job number, and the like, used for uniquely identifying a user identity for obtaining the confidential document copy; time information for calling the confidential documents can be further included, for example, the time information such as the year, month and day is included; calling a download address of the confidential document, for example, according to the information of an IP address or the actual geographic position of the user; it is also possible to include identification information of the user person, such as a key set by the user person, by which it is possible to avoid a situation in which others call a confidential document with the user's computer, thereby causing the user to assume responsibility for disclosure. The method of the embodiment runs in a document calling server and is used for implanting characteristic information related to calling in a confidential document, and the method specifically comprises the following steps:
step 201, receiving a request of calling a confidential document from a user terminal;
step 202, acquiring a corresponding confidential document according to the confidential document request;
step 203, generating the feature information of the calling confidential document according to the calling confidential document request;
step 204, generating a transparent layer according to the characteristic information;
step 205, merging the confidential document and the transparent layer into an uneditable confidential document copy and sending the confidential document copy to the user terminal.
A confidential document in this context refers to a company or organization internal document that is not allowed to publish the contents of the document on an external network. The external network refers to the internet, or an internal network of other companies or organizations.
By the method of the embodiment, the feature information called at this time can be implanted into the confidential document, and the information of the user calling the confidential document can be obtained through the feature information, so that which user leaks the confidential document to an external network can be determined.
As one aspect of the embodiments herein, after receiving a request for invoking a confidential document from a user terminal, the method further includes determining whether the user has permission to invoke the confidential document according to identity information of the user; and when the user has the right to call the confidential document, acquiring the confidential document corresponding to the request for calling the confidential document.
In this step, different users may have different authorities, the confidential documents also have different authority levels, the user operating the user terminal can call the corresponding confidential documents according to the authority of the user, when the authority of the user is lower than the authority level of the called confidential documents, the request of the user for calling the confidential documents is not allowed, and the failure reason for calling the confidential documents by the user terminal is fed back because: the rights are insufficient.
The request for calling the confidential documents may include a file name, user identity information, a reason for calling the confidential documents, time information, position information, user terminal information and the like, wherein the user identity information is information input by a user when logging in a user terminal or when calling the confidential documents is initiated; the file name is information input when a user initiates to call the classified document; the reason for calling the confidential documents is information input when a user initiates to call the confidential documents; the time information is the system time when the document calling server obtains the request for calling the confidential document, or can also comprise the time information when the user initiates the calling of the confidential document; the position information is information automatically collected by the user terminal when the user initiates to call the classified document; the user terminal information is information automatically collected by the user terminal when the user initiates to call the classified document. If the authority information associated with the user identity information is matched with the authority level of the called confidential document, namely, the authority of the user is greater than or equal to the authority level of the confidential document, searching a confidential document database or a server according to the file name of the called confidential document, finding out the confidential document with the same or similar file name, and recording the user identity information of the operation of calling the confidential document, the reason for calling the confidential document and time information.
As an aspect of the embodiments herein, further comprising, after acquiring the corresponding confidential document according to the confidential document request,
and converting the confidential document into a non-editable format.
In this step, for example, the classified document may be converted into a document in a JPG format or a document in a PDF format.
As an aspect of the embodiments herein, further comprising generating the feature information of the called classified document according to the called classified document request,
and generating characteristic information in a two-dimensional code form according to the request for calling the confidential document.
In this step, for example, the user identity information, the time information, and the user terminal information in the confidential document request may be called to generate the two-dimensional code, and the specific step may refer to a technical scheme for generating the two-dimensional code in the prior art, which is not described herein again.
In other embodiments, in addition to generating the feature information in the form of a two-dimensional code, other patterns or color combinations having an information storage function may be generated.
As an aspect of this embodiment, in generating a transparent layer according to the feature information, further includes generating a transparent layer;
and arranging the characteristic information in the two-dimensional code form at the specified position of the transparent layer.
In this step, as shown in fig. 3a, a schematic diagram of a correspondence relationship between the secret-related document and the feature information in the transparent layer in the embodiment of this document is shown, in which a horizontal line represents a text of the secret-related document, a dashed-line frame represents the transparent layer, and the feature information in the form of a two-dimensional code is arranged at an upper left corner, an upper right corner, a lower left corner, and the like of the transparent layer, so that characters or pictures of a text part of the secret-related document can be avoided. And after the transparent layer and the confidential document are overlapped, the characteristic information in the two-dimensional code form at the lower left corner of the transparent layer is positioned in the no-content area at the lower left corner of the confidential document.
As an aspect of the embodiments herein, further comprising arranging the feature information in the form of the two-dimensional code in a position specified by the transparent layer,
analyzing the typesetting information of the confidential document;
and according to the typesetting information, arranging the characteristic information in the two-dimensional code form at the specified position of the transparent layer relative to the content-free area of the confidential document.
In this step, as shown in fig. 3b, it is a schematic diagram of a corresponding relationship between feature information in a secret-related document and a transparent layer in this embodiment of the present disclosure, if after analyzing layout information of the secret-related document, there is no text or picture at the left lower side of the secret-related document, and the feature information in the form of a two-dimensional code may be displayed in the content-free region, where a gray dashed frame in the secret-related document represents the content-free region, the feature information in the form of the two-dimensional code is arranged at a position corresponding to the transparent layer and the content-free region in the secret-related document, and in the diagram, because the transparent layer and the secret-related document are not completely overlapped, the feature information in the form of the two-dimensional code in the transparent layer is not located in the gray dashed frame of the secret-related document.
As an aspect of the embodiments herein, arranging the feature information in the form of the two-dimensional code in a specified position of the transparent layer with respect to the content-free area of the confidential document according to the layout information further comprises,
splitting the characteristic information in the two-dimensional code form into a plurality of parts;
according to the coordinate information of the confidential document non-content area, arranging at least one part of feature information on a transparent layer corresponding to the confidential document non-content area;
and recording coordinate information of the content-free area of the confidential document in which the characteristic information of each part is arranged.
In this step, as shown in fig. 3c, a schematic diagram of splitting the feature information in the form of a two-dimensional code in the embodiment of this document is shown, in this embodiment of this figure, the feature information in the form of a two-dimensional code is split into 9 parts, which are respectively identified by 1, 2, and 3 … 9, as shown in fig. 3d, a schematic diagram of placing the feature information in the form of a two-dimensional code after splitting in the embodiment of this document in a no-content region of a confidential document is shown, the feature information in the form of a two-dimensional code after splitting in a transparent layer in this figure is directly located in the no-content region of the confidential document, no-content region is displayed, after analyzing the confidential document, the no-content regions are respectively located at 9 positions in the figure, wherein the no-content regions are mainly between lines of the confidential document, between characters, or between paragraphs, or between columns, or columns, and these no-content regions are referred to as no-content regions of the concerned parts of the, and the characteristic information split into 9 parts, in this example, the characteristic information of each part is a dot matrix graphic block of a two-dimensional code, and the characteristic information is respectively arranged on the transparent layers corresponding to the 9 positions of the confidential document. In the embodiment shown in fig. 3d, the feature information of 9 parts is uniformly arranged in the content-free area between the concerned parts of the confidential document, so that the problem that the related information of the confidential document cannot be analyzed if the content-free area is shielded or erased when the feature information is arranged in a certain part of the confidential document in a concentrated manner. And recording coordinate information of all the 9 parts of feature information, and obtaining the 9 parts of feature information at the position specified by the coordinate information when the security server identifies the confidential document, so that the feature information can be spliced into a complete two-dimensional code form, and information which is stored in the security server and is related to a user calling the confidential document can be conveniently obtained.
As an aspect of the embodiment herein, after combining the confidential document and the transparent layer into a non-editable copy of the confidential document and sending the copy to the user terminal,
performing preset hash calculation on the confidential document copy to obtain a corresponding first hash value;
and storing a first hash value corresponding to the confidential document copy.
In this step, the confidential document copy is stored as a binary file consisting of 0 and 1, the binary file is subjected to hash calculation such as MD5 to obtain a corresponding hash value, that is, an MD5 value, and the MD5 value and a unique identifier of the corresponding confidential document copy are stored, where the unique identifier of the confidential document copy includes information including information such as a file name, a version, a calling time, and a calling user of the confidential document, or may further include information including feature information, and when MD5 values are the same, the corresponding confidential document copy and the corresponding calling user information can be found.
By the method of the embodiment, the characteristic information related to calling can be implanted into the confidential documents called by the user in the document calling server, so that the confidential documents called by the user can be tracked each time, and the traceability and the safety of the confidential documents are ensured.
Fig. 4 is a flowchart of a method for tracing to a source of a confidential document according to an embodiment of the present disclosure, where a process of verifying the confidential document disclosed on an external network (or an internal network) is described in the present disclosure, and the feature information implanted in the confidential document is identified, so as to obtain information stored in the feature information and used for calling the confidential document, where the information includes, for example, user information, time information, location information, and the like used for calling the confidential document. The method runs in a security server, can acquire data information from an external network, and specifically comprises the following steps:
step 401, obtaining a copy of a suspicious confidential document;
step 402, identifying whether the suspicious confidential document copy is a confidential document copy;
step 403, acquiring characteristic information of the confidential document copy at the designated position in the form of the two-dimensional code;
and step 404, analyzing the characteristic information in the two-dimensional code form, and acquiring related information for calling the confidential document copy.
By the method of the embodiment, whether the confidential documents on the external network comprise the characteristic information can be judged, so that whether the documents are confidential document copies originated from the company can be judged, the information for calling the confidential documents can be acquired through the characteristic information in the contents of the confidential document copies, education such as warning and criticizing for the divulging users and the like for strengthening the confidentiality consciousness can be performed, or economic or legal punishment can be performed, so that the behavior of divulging the confidential documents inside the company is avoided, and the company loss can be recovered to a certain extent.
As an aspect of embodiments herein, in obtaining a copy of a suspect confidential document further comprises,
and acquiring the open suspicious confidential documents in the external network or the internal network according to the document names.
In this step, a similar or identical classified document name may be searched from the external network or the internal network by using a web crawler technology or a keyword search technology, wherein the classified document name may be expanded by using a semantic recognition technology or other technical means to form a plurality of similar synonyms or synonyms, and the corresponding suspicious classified documents may be searched from the external network or the internal network according to the synonyms or synonyms.
As one aspect of embodiments herein, further comprising in obtaining identifying whether the suspect copy of the security-related document is a copy of a security-related document,
performing predetermined hash calculation on the suspicious confidential document copy to obtain a corresponding second hash value;
comparing the second hash value with a first hash value stored in advance; and if the second hash value is equal to the first hash value, the suspicious security-related document copy is a security-related document copy.
In this step, the suspicious security-related document may be a text-formed document, or may also be a picture-formed document, or may be a document formed of both text and graphics, in whatever format, the storage is performed in binary form, so that the hash calculation is performed on the binary file of the suspected confidential document copy, for example, the hash calculation of MD5 may be used, wherein, the hash algorithm adopted at the moment is the same as the hash algorithm adopted when the file calling server forms the confidential document copy in the previous step, the second hash value of the suspicious confidential document copy calculated in the step is compared with the first hash value recorded in the previous step, if the suspicious confidential document copy is the same as the confidential document copy generated by the document calling server, the suspicious confidential document copy is the confidential document copy; if not, the suspicious confidential document copy is different from the confidential document copy generated by the document calling server, and the suspicious confidential document copy is discarded, or the subsequent steps are continuously executed, namely, whether the suspicious confidential document copy has corresponding characteristic information or whether the content of characters or pictures in the suspicious confidential document copy is the same as or similar to the confidential documents in the database is judged.
As an aspect of the embodiments herein, further comprising obtaining the feature information in the form of a two-dimensional code at the designated location of the confidential document copy,
and acquiring the characteristic information in the two-dimensional code form according to the pre-stored designated position of the no-content area of the confidential document.
In the step, when the document calling server arranges the feature information in the form of the two-dimensional code at the specified position of the transparent layer corresponding to the content-free area of the confidential document according to the layout information of the confidential document, the layout information of different confidential documents is stored, and the feature information in the form of the two-dimensional code is arranged at the specified position information of the content-free area of the confidential document. In the step of this embodiment, the feature information in the form of the two-dimensional code is obtained according to the stored specified position, for example, the feature information in the form of the two-dimensional code is obtained at the lower left of the confidential document (as shown in fig. 3 b).
As an aspect of the embodiments herein, further comprising obtaining the feature information in the form of a two-dimensional code at the designated location of the confidential document copy,
acquiring the characteristic information of a plurality of parts according to the coordinate information of the content-free area of the confidential document, which is pre-stored and is provided with the characteristic information of each part;
and splicing the characteristic information of the plurality of parts to obtain complete characteristic information in the form of the two-dimensional code.
In the step, after the document calling server records the characteristic information in the form of the two-dimensional code in the step, each part of the characteristic information is arranged in the coordinate information of the no-content area of the confidential document. In the step of this embodiment, partial feature information of corresponding positions in the confidential document is obtained according to the coordinate information, the feature information of the portions is spliced, and 9 portions of feature information are spliced as shown in fig. 3c to form complete feature information in the form of two-dimensional code.
As an aspect of the embodiment herein, the obtaining of the related information for calling the confidential document copy includes calling the confidential document to form user information, calling time information, calling location information, and user terminal information used in calling the confidential document copy.
In this step, the user information includes a user name, the calling location information includes geographical location information, an IP address, and the like, and the user terminal information used in calling includes a MAC address of the computer and the like.
As an aspect of the embodiment herein, after parsing the feature information in the form of the two-dimensional code, obtaining the related information for invoking the confidential document copy,
and sending the related information to a specified user.
In this step, the designated user may include a system administrator or a worker responsible for security of the confidential documents, and may be notified by means of e-mail, short mobile phone message, APP message push, or the like.
By the method of the embodiment, the export of confidential documents can be effectively managed, and the detailed operation logs are analyzed and checked; the writing and extraction of the characteristic information of the confidential document are realized, and powerful technical support is provided for file tracing; according to the related information of calling the confidential documents obtained from the confidential document copy, risk analysis and display are carried out on the confidential documents disclosed by the external network or the internal network, so that the leakage persons are found out more accurately, and the same leakage person is prevented from being leaked again.
Fig. 5 is a schematic structural diagram of a document calling server in an embodiment of the present disclosure, where functional modules involved in completing tracing of a confidential document by the document calling server are described in the present disclosure, where each functional module may be implemented by a dedicated chip or a general chip having a data processing function, or may be implemented by a functional module formed by a software program, or implemented by a chip and a software program function, and specifically includes:
a receiving unit 501, configured to receive a request for calling a confidential document from a user terminal;
an obtaining unit 502, configured to obtain a corresponding secret-related document according to the secret-related document request;
a feature information unit 503, configured to generate feature information of the called classified document according to the called classified document request;
a layer generating unit 504, configured to generate a transparent layer according to the feature information;
and a secret-related document copy generating unit 505, configured to merge the secret-related document and the transparent layer into a non-editable secret-related document copy, and send the copy to the user terminal.
As an aspect of the embodiment herein, the apparatus further includes an authority unit 506, configured to determine whether the user has authority to invoke the confidential document according to the identity information of the user; and when the user has the right to call the confidential document, acquiring the confidential document corresponding to the request for calling the confidential document.
As an aspect of the embodiment herein, a conversion unit 507 is further included for converting the confidential documents into a non-editable format.
As an aspect of the embodiment herein, the characteristic information unit 503 is further configured to generate characteristic information in a form of a two-dimensional code according to the request for invoking a confidential document.
As an aspect of this embodiment, the layer generating unit 504 further includes,
the layer generating module 5041 is configured to generate a transparent layer;
an arranging module 5042, configured to arrange the feature information in the form of the two-dimensional code at a position specified by the transparent layer.
As an aspect of this embodiment, the layer generating unit 504 further includes,
an analysis module 5043, configured to analyze the layout information of the confidential document;
the layout module 5042 is further configured to arrange the feature information in the form of the two-dimensional code at a specific position of the transparent layer relative to the content-free region of the confidential document according to the layout information.
As an aspect of this embodiment, the layer generating unit 504 further includes,
a splitting module 5044, configured to split the feature information in the two-dimensional code form into multiple parts;
the arranging module 5042 is further configured to arrange at least one part of feature information on a transparent layer corresponding to the confidential document no-content area according to the coordinate information of the confidential document no-content area;
and the recording module 5045 is used for recording the coordinate information of the content-free area of the confidential document where the characteristic information of each part is arranged.
As an aspect of embodiments herein, the document invocation server further includes,
a hash calculation unit 508, configured to perform predetermined hash calculation on the confidential document copy to obtain a corresponding first hash value;
a storage unit 509, configured to store a corresponding relationship between the confidential document copy and the first hash value.
Through the document calling server of the embodiment, the feature information related to calling can be implanted into the confidential document called by the user in the document calling server, so that the confidential document called by the user each time can be tracked, and the traceability and the safety of the confidential document can be ensured.
As shown in fig. 6, which is a schematic structural diagram of a security server in an embodiment of this document, it is described in this figure that the security server obtains a public document from an external network or an internal network, and screens out a suspicious security-related document copy that may be confidential, and determines whether the suspicious security-related document copy is a confidential document copy, if the suspicious security-related document copy is a confidential document copy, then analyzes feature information implanted in the confidential document copy, and can obtain related information for calling the confidential document, so as to obtain user information for disclosing the confidential document copy in the external network or the internal network, all functional units in the security server can be implemented by a dedicated chip or a general chip or a software program, and specifically includes,
the document acquisition unit 601 is configured to acquire a suspicious confidential document copy;
an identifying unit 602, configured to identify whether the suspicious confidential document copy is a confidential document copy;
the characteristic information acquisition unit 603 is used for acquiring characteristic information in a two-dimensional code form at the designated position of the confidential document copy;
and the analyzing unit 604 is configured to analyze the feature information in the two-dimensional code form to obtain related information for invoking the confidential document copy.
As an aspect of the embodiments herein, the document obtaining unit 601 is further configured to obtain a suspicious confidential document that is disclosed in an external network or an internal network according to a document name.
As an aspect of embodiments herein, the security server further comprises,
a hash calculation unit 605, configured to perform predetermined hash calculation on the suspicious confidential document copy to obtain a corresponding second hash value;
a comparing unit 606, configured to compare the second hash value with a first hash value stored in advance; and if the second hash value is equal to the first hash value, the suspicious security-related document copy is a security-related document copy.
As an aspect of the embodiment herein, the feature information obtaining unit 603 is further configured to obtain the feature information in the form of the two-dimensional code according to a specified position of a pre-stored content-free region of the confidential document.
As an aspect of the embodiments herein, the feature information obtaining unit 603 is further configured to obtain feature information of a plurality of portions according to coordinate information of a content-free area of the confidential document where each portion of feature information is arranged, which is stored in advance;
the characteristic information obtaining unit 603 further includes a splicing module 6031, configured to splice the plurality of portions of characteristic information to obtain complete characteristic information in the form of the two-dimensional code.
As an aspect of the embodiments herein, the security server further includes a sending unit 607 for sending the relevant information to a specified user.
Through the security server of the embodiment, the export of the confidential documents can be effectively managed, and the detailed operation logs are analyzed and checked; the writing and extraction of the characteristic information of the confidential document are realized, and powerful technical support is provided for file tracing; according to the related information of calling the confidential documents obtained from the confidential document copy, risk analysis and display are carried out on the confidential documents disclosed by the external network or the internal network, so that the leakage persons are found out more accurately, and the same leakage person is prevented from being leaked again.
Fig. 7 is a flowchart of a method for tracing a confidential document according to an embodiment of the present disclosure, where a complete process of a user downloading a confidential document in an internal network is described in the present diagram, in the process, a document call server adds feature information of the confidential document called this time to a confidential document copy sent to the user, and when the user discloses the confidential document copy in an external network or an internal network, the confidential document copy carries called related information, such as information, time information, location information, and the like of the user, so that the user who leaks the confidential document copy can be known in a subsequent embodiment by identifying the related information, and closed-loop tracking and protection of the confidential document are implemented, and the method specifically includes:
in step 701, a user inside a company logs in to an internal network.
In this step, the user logs in to the system using a username and password, where the username serves as the user identity information.
At step 702, the user enters a confidential document that the user wants to invoke.
In this step, the content input by the user includes the name of the confidential document. The security calling method may further include a user authorization code input when the confidential document is called, wherein the user authorization code is used for preventing other users from calling the confidential document by assuming the name of the user after logging in an internal network by using the user name and the password of the user, and the security of calling the confidential document can be further enhanced.
As another embodiment, the document invoking server may further display a message dialog box that requires the user to input a personal authorization code, where the user inputs an authorization code for invoking the confidential document in the dialog box, such as a password pre-stored by a person, or a personal authorization code pre-assigned by the document invoking server for the user, where the personal authorization code is different from a login password used by the user when logging in, so as to avoid that other users invoke the confidential document on behalf of the user after logging in to the internal network using the user name and the password of the user, thereby further ensuring that the confidential document invoking behavior is operated by the user, and further enhancing security of invoking the confidential document.
In step 703, the document calling server determines the user's authority, if the user's authority meets the called classified document authority level, step 704 is entered, otherwise step 715 is entered.
In this step, the document calling server finds the authority corresponding to the user according to the user name input by the user during login, and obtains the authority level corresponding to the confidential document according to the name of the confidential document input by the user. If the user's permission is greater than or equal to the permission level of the confidential document called by the user, go to step 704. And if the authority level of the confidential document called by the user is less than the authority level of the confidential document called by the user, the step 715 is carried out, and the access is denied.
Step 704, the document calling server obtains the confidential document to be called by the user.
In the step, the confidential documents are stored in a confidential document database, and the document calling server searches the confidential documents to be called in the confidential document database according to the confidential document names input by the user.
Step 705, the document calling server records the relevant information of the user calling the confidential document this time.
In this step, the document calling server records the user name, the IP address of the user terminal used by the user, the time when the user initiates the request for calling the confidential document, the location information of the user terminal, and the information such as the file name of the called confidential document.
At step 706, the document invocation server converts the confidential document into a non-editable document format.
In this step, the document call server may convert the word-format secret-related document into a jpg-format document, or may also convert the word-format secret-related document into a PDF-format document.
And 707, the document calling server generates feature information in a two-dimensional code form according to the relevant information of the called confidential document.
In this step, the document calling server may generate a two-dimensional code from the user name, the file name of the confidential document, the time when the user initiates the request for calling the confidential document, and the IP address of the user terminal used by the user, which are obtained in the above steps. In other embodiments, the two-dimensional code may also be generated according to other relevant information of the confidential documents.
In step 708, the document calling server splits the feature information in the form of the two-dimensional code to form a plurality of partial two-dimensional codes as shown in fig. 3 c.
In this step, the document call server may, for example, split the feature information in the form of a two-dimensional code into 9 parts of feature information, where the feature information of each part is a partial two-dimensional code formed by a dot matrix image. The content specifically contained, namely the relevant information of the confidential document, cannot be identified by the dot matrix image of each part alone, and the relevant information of the confidential document called and stored in the confidential document can be obtained only by splicing the two-dimensional codes of all 9 parts together for identification.
Step 709, the document calling server analyzes the confidential document to obtain the typesetting information of the confidential document.
In this step, the OCR technology in the prior art may be adopted to identify a text region, a picture region, and a content-free region in the confidential document. The content-free area is an area without document content in the attention area of the classified document and the characters or pictures. For example, blank areas between characters and pictures in a confidential document, blank areas between lines of characters, blank areas between characters and characters, blank areas between columns of characters, and blank areas between fields of characters and segments.
And step 710, the document calling server forms a transparent layer, and arranges all the split feature information in the two-dimensional code form in the non-content area of the transparent layer corresponding to the confidential document.
In this step, the 9 pieces of feature information in the form of two-dimensional codes may be arranged in different content-free areas, respectively. For example, the characteristic information in the form of a partial two-dimensional code with the number of 1 is arranged in blank areas among character sections of the confidential document; arranging characteristic information in the form of a partial two-dimensional code with the reference number 2 in blank areas between lines of characters; and arranging part of feature information in the two-dimensional code form, which is marked as 3, in blank areas among the characters, and in the same way, arranging all feature information in the two-dimensional code form in the confidential document.
In another embodiment, the characteristic information in the form of each two-dimensional code may be arranged in a blank area between specific character rows, for example, the characteristic information in the form of a partial two-dimensional code with the reference number 1 is arranged in a blank area between a first row of characters and a second row of characters as shown in fig. 3 d; arranging characteristic information in the form of a partial two-dimensional code with the reference number 2 in a blank area between the second row of characters and the third row of characters; and arranging the part of the feature information in the two-dimensional code form, which is marked as 3, in a blank area between the third row of characters and the fourth row of characters, and so on until all parts of the feature information in the two-dimensional code form are arranged.
In step 711, the document call server records the position information of the feature information arrangement in all the two-dimensional codes.
In this step, the document call server may record the coordinates of the position where the feature information in the form of each partial two-dimensional code is arranged. The coordinates of the characteristic information in the form of a partial two-dimensional code, for example, with the reference numeral 1, are x1y1(ii) a The coordinate of the characteristic information in the form of the two-dimensional code with the reference number 2 is x2y2(ii) a The coordinate of the characteristic information in the form of the partial two-dimensional code denoted by reference numeral 3 is x3y3And so on.
And step 712, the document calling server superimposes the transparent layer and the non-editable confidential document to synthesize a non-editable confidential document copy.
In this step, the feature information in the two-dimensional code form on the transparent layer corresponds to the no-content area of the confidential document, so that the feature information in the two-dimensional code form does not block the text or picture information of the confidential document, and the formed confidential document copy can be in a non-editable PDF format or a jpg format.
In step 713, the document call server performs hash operation on the confidential document copy to obtain a corresponding hash value, and stores the hash value and the corresponding relationship between the confidential document copy and the hash value.
In this step, for example, an MD5 hash operation method may be used to perform a hash operation on the confidential document copy to obtain a corresponding hash value.
And 714, the document calling server sends the confidential document copy to the user terminal.
Step 715, the classified document calling request is terminated.
The tracing method for the confidential documents running on the document calling server is completed, and the characteristic information related to calling can be implanted into the confidential documents called by the user in the document calling server, so that the confidential documents called by the user each time can be traced, and the traceability and the safety of the confidential documents are ensured. Even for generic documents, the traceability method herein is applicable.
Fig. 8 is a flowchart of a method for tracing to a source of a confidential document according to an embodiment of the present disclosure, where in the flowchart, it is described that a security server searches for a suspicious copy of the confidential document on an external network, and analyzes and identifies feature information in a two-dimensional code form in the copy of the confidential document, so as to obtain related information about calling the confidential document in the copy of the confidential document, such as information of the user, time information, location information, and the like, thereby implementing closed-loop tracking and protection of the confidential document, and specifically includes:
step 801, the security server searches for a suspected confidential document copy of the external network.
In this step, the security server searches all documents in the external network using the names of all confidential document files as keywords. Wherein the search can be performed using existing techniques such as semantic recognition, keyword matching, etc. In semantic recognition, the file names of the confidential documents can be analyzed into multiple synonyms or synonyms, all documents are searched by taking the synonyms and the synonyms as keywords, and after the suspicious confidential documents are found, the suspicious confidential documents are downloaded.
Step 802, the security server performs hash operation on the suspicious confidential document copy to obtain a corresponding hash value.
In this step, the suspicious confidential document copy is subjected to hash operation by using the same hash operation method as that in the above step 713, so as to obtain a corresponding hash value.
And 803, comparing the hash value of the suspicious confidential document copy with the hash value of the stored confidential document copy, if the hash values are the same, entering 804, and otherwise entering 809.
In this step, if the hash value of the suspicious security-related document copy is the same as the hash value of the stored security-related document copy, the suspicious security-related document copy is determined to be the security-related document copy.
And step 804, the security server acquires the stored position information of the feature information arrangement in the two-dimensional code form from the document calling server.
Step 805, the security server acquires partial feature information in the form of the two-dimensional code at the designated position of the confidential document copy according to the position information arranged by the acquired feature information in the form of the two-dimensional code.
In this step, when the positional information of the arrangement of the characteristic information in the form of the partial two-dimensional code denoted by reference numeral 1 is x1y1If so, acquiring the corresponding part of the feature information in the two-dimensional code form at the corresponding position of the confidential document copy, and marking the feature information in the two-dimensional code form of the No. 1 part; when the position information of the arrangement of the feature information in the partial two-dimensional code form denoted by reference numeral 2 is x2y2If so, acquiring the characteristic information of the corresponding part in the two-dimensional code form at the corresponding position of the confidential document copy, and marking the characteristic information in the two-dimensional code form of the No. 2 part; and repeating the steps until all the characteristic information in the two-dimensional code form is obtained.
And 806, splicing all the parts of the characteristic information in the two-dimensional code form by the security server to form complete characteristic information in the two-dimensional code form.
In this step, the position of the feature information in the two-dimensional code form of each part is arranged according to the number of the feature information in the two-dimensional code form of each part that is acquired. For example, the feature information of the two-dimensional code form of the part No. 1 is arranged at the leftmost position of the first line of the two-dimensional code, the feature information of the two-dimensional code form of the part No. 2 is arranged at the middle position of the first line of the two-dimensional code, the feature information of the two-dimensional code form of the part No. 3 is arranged at the rightmost position of the first line of the two-dimensional code, and so on until the feature information of the complete two-dimensional code form is obtained by splicing.
In step 807, the security server identifies relevant information for calling a confidential document stored in the feature information in the two-dimensional code form.
In this step, the security server analyzes the feature information in the form of the two-dimensional code to obtain a user name for calling the confidential document, a file name of the confidential document, time for the user to initiate a request for calling the confidential document, and an IP address of a user terminal used by the user.
And step 808, the security server sends the analyzed relevant information for calling the confidential document to a system administrator.
So that the system administrator can remind or otherwise perform related operations on the user who divulges the confidential document.
Step 809, obtaining the copy of the confidential document in the next external network, and returning to step 801.
By the method for tracing the source of the confidential documents running in the security server in the embodiment, the export of the confidential documents can be effectively managed, and the detailed operation logs are analyzed and checked; the writing and extraction of the characteristic information of the confidential document are realized, and powerful technical support is provided for file tracing; according to the related information of calling the confidential documents obtained from the confidential document copy, risk analysis and display are carried out on the confidential documents disclosed by the external network or the internal network, so that the leakage persons are found out more accurately, and the same leakage person is prevented from being leaked again.
As shown in fig. 9, which is a schematic structural diagram of a document invocation server or a security server in the present embodiment, both of which may be run in a computing device in the present embodiment, the computing device 902 may include one or more processing devices 904, such as one or more Central Processing Units (CPUs), each of which may implement one or more hardware threads. Computing device 902 may also include any storage resources 906 for storing any kind of information, such as code, settings, data, and the like. For example, without limitation, storage resources 906 may include any one or more of the following in combination: any type of RAM, any type of ROM, flash memory devices, hard disks, optical disks, etc. More generally, any storage resource may use any technology to store information. Further, any storage resource may provide volatile or non-volatile reservation of information. Further, any storage resources may represent fixed or removable components of computing device 902. In one case, when processing device 904 executes associated instructions that are stored in any storage resource or combination of storage resources, computing device 902 can perform any of the operations of the associated instructions. The computing device 902 also includes one or more drive mechanisms 908, such as a hard disk drive mechanism, an optical disk drive mechanism, or the like, for interacting with any storage resource.
Computing device 902 may also include input/output module 910(I/O) for receiving various inputs (via input device 912) and for providing various outputs (via output device 914). One particular output mechanism may include a presentation device 916 and an associated Graphical User Interface (GUI) 918. Computing device 902 may also include one or more network interfaces 920 for exchanging data with other devices via one or more communication links 922. One or more communication buses 924 couple the above-described components together.
Communication link 922 may be implemented in any manner, such as over a local area network, a wide area network (e.g., the Internet), a point-to-point connection, etc., or any combination thereof. Communication link 922 may include any combination of hardwired links, wireless links, routers, gateway functions, name servers, etc., governed by any protocol or combination of protocols.
Embodiments herein also provide a computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
receiving a request for calling the classified document from a user terminal;
acquiring a corresponding confidential document according to the confidential document request;
generating characteristic information of the called confidential document according to the request for calling the confidential document;
generating a transparent layer according to the characteristic information;
and combining the confidential document and the transparent layer into an uneditable confidential document copy and sending the confidential document copy to the user terminal.
The computer device provided by the embodiments herein can also implement all the methods of the embodiments shown in fig. 2, 3 a-3 d, and 7.
Corresponding to the methods in fig. 2, 3 a-3 d, 7, embodiments herein also provide a computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the above-described method.
Embodiments herein also provide computer readable instructions, wherein when executed by a processor, the program causes the processor to perform all the methods of the embodiments shown in fig. 2, 3 a-3 d, 7.
Embodiments herein also provide a computer device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the computer program:
acquiring a copy of the suspicious confidential document;
identifying whether the suspicious confidential document copy is a confidential document copy;
acquiring characteristic information of a two-dimensional code form at a designated position of a confidential document copy;
and analyzing the characteristic information in the two-dimensional code form to obtain the related information for calling the confidential document copy.
The computer device provided by the embodiments herein can also implement all the methods of the embodiments shown in fig. 3 a-3 d, fig. 4, and fig. 8.
Corresponding to the methods in fig. 3 a-3 d, fig. 4, fig. 8, the present embodiments also provide a computer readable storage medium having stored thereon a computer program, which when executed by a processor performs the steps of the above-mentioned method.
Embodiments herein also provide computer readable instructions, wherein when executed by a processor, the program causes the processor to perform all the methods of the embodiments shown in fig. 3 a-3 d, fig. 4, fig. 8.
It should be understood that, in various embodiments herein, the sequence numbers of the above-mentioned processes do not mean the execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments herein.
It should also be understood that, in the embodiments herein, the term "and/or" is only one kind of association relation describing an associated object, meaning that three kinds of relations may exist. For example, a and/or B, may represent: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Those of ordinary skill in the art will appreciate that the elements and algorithm steps of the examples described in connection with the embodiments disclosed herein may be embodied in electronic hardware, computer software, or combinations of both, and that the components and steps of the examples have been described in a functional general in the foregoing description for the purpose of illustrating clearly the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided herein, it should be understood that the disclosed system, apparatus, and method may be implemented in other ways. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the units is only one logical division, and other divisions may be realized in practice, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may also be an electric, mechanical or other form of connection.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purposes of the embodiments herein.
In addition, functional units in the embodiments herein may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solutions of the present invention may be implemented in a form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The principles and embodiments of this document are explained herein using specific examples, which are presented only to aid in understanding the methods and their core concepts; meanwhile, for the general technical personnel in the field, according to the idea of this document, there may be changes in the concrete implementation and the application scope, in summary, this description should not be understood as the limitation of this document.

Claims (19)

1. A tracing method for confidential documents is characterized by comprising the following steps,
receiving a request for calling the classified document from a user terminal;
acquiring a corresponding confidential document according to the confidential document request;
generating characteristic information of the called confidential document according to the request for calling the confidential document;
generating a transparent layer according to the characteristic information;
and combining the confidential document and the transparent layer into an uneditable confidential document copy and sending the confidential document copy to the user terminal.
2. The method of claim 1, further comprising, after receiving a request for invoking the confidential document from the user terminal, determining whether the user has permission to invoke the confidential document based on the identity information of the user; and when the user has the right to call the confidential document, acquiring the confidential document corresponding to the request for calling the confidential document.
3. The method of claim 1, further comprising, after requesting the corresponding confidential document from the confidential document,
and converting the confidential document into a non-editable format.
4. The method of claim 1, further comprising generating feature information for the calling classified document according to the calling classified document request,
and generating characteristic information in a two-dimensional code form according to the request for calling the confidential document.
5. The method according to claim 4, further comprising generating a transparent layer according to the feature information,
generating a transparent layer;
and arranging the characteristic information in the two-dimensional code form at the specified position of the transparent layer.
6. The method according to claim 5, further comprising arranging the feature information in the form of the two-dimensional code in a position specified by the transparent layer,
analyzing the typesetting information of the confidential document;
and according to the typesetting information, arranging the characteristic information in the two-dimensional code form at the specified position of the transparent layer relative to the content-free area of the confidential document.
7. The method according to claim 6, further comprising arranging the feature information in the form of the two-dimensional code in a specified position of the transparent layer with respect to the content-free area of the confidential document according to the layout information,
splitting the characteristic information in the two-dimensional code form into a plurality of parts;
according to the coordinate information of the confidential document non-content area, arranging at least one part of feature information on a transparent layer corresponding to the confidential document non-content area;
and recording coordinate information of the content-free area of the confidential document in which the characteristic information of each part is arranged.
8. The method according to claim 1, further comprising, after combining the confidential document and the transparent overlay into a non-editable copy of the confidential document and sending the copy to the user terminal,
performing preset hash calculation on the confidential document copy to obtain a corresponding first hash value;
and storing a first hash value corresponding to the confidential document copy.
9. A tracing method for confidential documents is characterized by comprising the following steps,
acquiring a copy of the suspicious confidential document;
identifying whether the suspicious confidential document copy is a confidential document copy;
acquiring characteristic information of a two-dimensional code form at a designated position of a confidential document copy;
and analyzing the characteristic information in the two-dimensional code form to obtain the related information for calling the confidential document copy.
10. The method of claim 9, further comprising, in obtaining a copy of the suspect confidential document,
and acquiring the open suspicious confidential documents in the external network or the internal network according to the document names.
11. The method of claim 9, further comprising, in obtaining an identification of whether the suspect copy of a security-related document is a copy of a security-related document,
performing predetermined hash calculation on the suspicious confidential document copy to obtain a corresponding second hash value;
comparing the second hash value with a first hash value stored in advance; and if the second hash value is equal to the first hash value, the suspicious security-related document copy is a security-related document copy.
12. The method of claim 9, further comprising obtaining the feature information in the form of a two-dimensional code at the designated location of the confidential document copy,
and acquiring the characteristic information in the two-dimensional code form according to the pre-stored designated position of the no-content area of the confidential document.
13. The method of claim 12, further comprising obtaining the feature information in the form of a two-dimensional code at the specified location of the confidential document copy,
acquiring the characteristic information of a plurality of parts according to the coordinate information of the content-free area of the confidential document, which is pre-stored and is provided with the characteristic information of each part;
and splicing the characteristic information of the plurality of parts to obtain complete characteristic information in the form of the two-dimensional code.
14. The method of claim 13, wherein obtaining information related to the invoking of the confidential document copy includes invoking the confidential document to form user information, invoking time information, invoking location information, and user terminal information used in invoking the confidential document copy.
15. The method of claim 13, further comprising, after parsing the feature information in the form of the two-dimensional code and obtaining information related to invoking the confidential document copy,
and sending the related information to a specified user.
16. A document invocation server, characterized by comprising,
the receiving unit is used for receiving a request for calling the classified document from the user terminal;
the acquisition unit is used for acquiring the corresponding confidential documents according to the confidential document request;
the characteristic information unit is used for generating the characteristic information of the calling confidential document according to the calling confidential document request;
the layer generating unit is used for generating a transparent layer according to the characteristic information;
and the confidential document copy generating unit is used for merging the confidential document and the transparent layer into an uneditable confidential document copy and sending the uneditable confidential document copy to the user terminal.
17. A secure server, comprising,
the document acquisition unit is used for acquiring a suspicious confidential document copy;
the identification unit is used for identifying whether the suspicious confidential document copy is a confidential document copy;
the characteristic information acquisition unit is used for acquiring characteristic information in a two-dimensional code form at the designated position of the confidential document copy;
and the analysis unit is used for analyzing the characteristic information in the two-dimensional code form and acquiring related information for calling the confidential document copy.
18. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the method of any of the preceding claims 1-15 when executing the computer program.
19. A computer-readable storage medium, characterized in that the computer-readable storage medium has stored thereon a computer program which, when being executed by a processor, carries out the method of any one of the preceding claims 1 to 15.
CN202011043616.9A 2020-09-28 2020-09-28 Method for tracing source of confidential document, document calling server and security server Pending CN112115433A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011043616.9A CN112115433A (en) 2020-09-28 2020-09-28 Method for tracing source of confidential document, document calling server and security server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011043616.9A CN112115433A (en) 2020-09-28 2020-09-28 Method for tracing source of confidential document, document calling server and security server

Publications (1)

Publication Number Publication Date
CN112115433A true CN112115433A (en) 2020-12-22

Family

ID=73797303

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011043616.9A Pending CN112115433A (en) 2020-09-28 2020-09-28 Method for tracing source of confidential document, document calling server and security server

Country Status (1)

Country Link
CN (1) CN112115433A (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140380060A1 (en) * 2013-06-23 2014-12-25 Arnab Ganguly Electronic authentication document system and method
CN108563930A (en) * 2018-04-16 2018-09-21 深圳市联软科技股份有限公司 A kind of method, apparatus, medium and the system of confidential document addition watermark

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140380060A1 (en) * 2013-06-23 2014-12-25 Arnab Ganguly Electronic authentication document system and method
CN108563930A (en) * 2018-04-16 2018-09-21 深圳市联软科技股份有限公司 A kind of method, apparatus, medium and the system of confidential document addition watermark

Similar Documents

Publication Publication Date Title
US11127088B2 (en) Cross-blockchain interaction method, system, computer device, and storage medium
US7940929B1 (en) Method for processing documents containing restricted information
CN109784922B (en) Electronic contract signing method, electronic contract signing device, computer equipment and storage medium
US10853570B2 (en) Redaction engine for electronic documents with multiple types, formats and/or categories
CN110532811B (en) PDF (Portable document Format) signature method and PDF signature system
US9697352B1 (en) Incident response management system and method
EA034354B1 (en) System and method for document information authenticity verification
US20090089663A1 (en) Document management workflow for redacted documents
CN111625809B (en) Data authorization method and device, electronic equipment and storage medium
CN111415233B (en) Bank electronic certificate inquiry function generation method based on blockchain multiparty authorization
EP3543891B1 (en) A computer implemented method and a system for tracking of certified documents lifecycle and computer programs thereof
CN112287270A (en) Content auditing method and device
CN111797430A (en) Data verification method, device, server and storage medium
US20210377277A1 (en) Service providing system, information processing system, and use permission assigning method
CN112150113A (en) Method, device and system for borrowing file data and method for borrowing data
CN113064562A (en) Man-machine interaction printing method and system based on block chain
Washizaki et al. Taxonomy and literature survey of security pattern research
CN113205304A (en) Business process configuration method, device, equipment and storage medium
CN117076245A (en) Trusted traceability system based on block chain implementation
CN115242433B (en) Data processing method, system, electronic device and computer readable storage medium
US11507686B2 (en) System and method for encrypting electronic documents containing confidential information
CN112115433A (en) Method for tracing source of confidential document, document calling server and security server
CN114625622A (en) Data processing method and watermark processing device
CN111639313B (en) File transmission method, device, terminal and computer readable storage medium
CN114417397A (en) Behavior portrait construction method and device, storage medium and computer equipment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination