CN112231744A - Method and system for limiting reading of open files - Google Patents
Method and system for limiting reading of open files Download PDFInfo
- Publication number
- CN112231744A CN112231744A CN201910694383.XA CN201910694383A CN112231744A CN 112231744 A CN112231744 A CN 112231744A CN 201910694383 A CN201910694383 A CN 201910694383A CN 112231744 A CN112231744 A CN 112231744A
- Authority
- CN
- China
- Prior art keywords
- private key
- public
- restricted
- document
- limitation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 49
- YTAHJIFKAKIKAV-XNMGPUDCSA-N [(1R)-3-morpholin-4-yl-1-phenylpropyl] N-[(3S)-2-oxo-5-phenyl-1,3-dihydro-1,4-benzodiazepin-3-yl]carbamate Chemical compound O=C1[C@H](N=C(C2=C(N1)C=CC=C2)C1=CC=CC=C1)NC(O[C@H](CCN1CCOCC1)C1=CC=CC=C1)=O YTAHJIFKAKIKAV-XNMGPUDCSA-N 0.000 claims description 4
- GNFTZDOKVXKIBK-UHFFFAOYSA-N 3-(2-methoxyethoxy)benzohydrazide Chemical compound COCCOC1=CC=CC(C(=O)NN)=C1 GNFTZDOKVXKIBK-UHFFFAOYSA-N 0.000 claims description 3
- FGUUSXIOTUKUDN-IBGZPJMESA-N C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 Chemical compound C1(=CC=CC=C1)N1C2=C(NC([C@H](C1)NC=1OC(=NN=1)C1=CC=CC=C1)=O)C=CC=C2 FGUUSXIOTUKUDN-IBGZPJMESA-N 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 7
- 239000000284 extract Substances 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 1
- 238000007796 conventional method Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention relates to a method and a system for limiting and reading public files, which are used for a non-member and a member to read, wherein the non-member can only read non-limited contents, and the member can read limited contents besides the non-limited contents. The block chain technology is introduced, and the file is provided for all the non-members and the members so as to ensure the accuracy, consistency and the like of the file. The method can obtain the data for identification from the document to determine whether the system receiving the document meets membership, and automatically open the limited content of the document to realize the limited reading method of the public document.
Description
Technical Field
The invention belongs to the technical field of document disclosure, and particularly relates to a method and a system for limiting and reading a partially-disclosed and partially-limited published document.
Background
With the popularization of computers and the internet, electronic documents have gradually replaced paper documents, becoming the main media for exchanging documents.
Although, electronic documents have the advantage of being delivered over the internet compared to traditional paper documents; however, electronic documents still have some problems regarding authenticity, dissemination, duplication and confidentiality. Authenticity refers to the fact that electronic documents do not readily determine who the issuer is, even though the issuer can be confirmed, the electronic documents are likely to be tampered with; the transmissibility and the reproducibility mean that the electronic document is easily transmitted to all corners of the world through the Internet and is copied; and, confidentiality means that the electronic document needs to be encrypted and decrypted to fulfill the purpose of being appointed to a specific person for reading.
In some electronic document applications, such as investment publications, stock proposals, contract publications, etc., different contents are provided according to the needs or ratings of different viewers. The traditional method is that different encrypted contents can be provided for different viewers, so that a specific viewer can read the electronic file related to the specific viewer in a self-decryption mode; however, when the number of viewers is large, it is necessary to create and provide "multiple copies" of electronic documents corresponding to the number of viewers, and the creation process is very complicated and is not favorable for the transmission and storage of electronic documents; in an extended application, in order to find the authenticity of an electronic file, a block chain technology is introduced, and in the process of introducing the block chain technology, all readers simultaneously own the electronic files of all readers; in practice, however, a single viewer need only have one copy of his own associated electronic file, and not others.
The traditional method solves the problem of authenticity of the electronic file, and can also enable a designated reader to read; however, the conventional method still has many disadvantages, such as:
1. all the viewers need to backup all the electronic files, which means that all the viewers need redundant space to store all the electronic files, including the electronic files of themselves and others.
2. For customized electronic files provided to each viewer, separate encryption and decryption processes for the electronic files are required, which would burden the system.
3. For example, some contents of the investment disclosure can be arbitrarily disclosed to unrestricted viewers to attract unrestricted viewers to read, and if the unrestricted viewers want to obtain the complete investment disclosure, the complete investment disclosure can be obtained by adding members.
4. The customized electronic document requires the reader to own private key to obtain the contents of the investment brochure, so that the reader needs to read the electronic document in a decryption manner.
In view of this, the present invention provides a method and a system for restricting and viewing public documents, so as to solve the disadvantages of the prior art.
Disclosure of Invention
The invention provides a method and a system for limiting and reading a public document, and a first object is to provide a method for limiting and reading a public document, which can select non-limited contents and the limited contents in a single document to produce a document for members and non-members to read.
A second object of the present invention is to provide a method for restricting viewing of a document, which enables a non-member to view unlimited contents of the document and enables a member to view limited contents of the document in addition to the unlimited contents.
The third objective of the present invention is to introduce the blockchain technique into the above-mentioned limited document browsing method, and provide the document to all non-members and members, so as to ensure the correctness and consistency of the document.
The fourth objective of the present invention is to limit the reading method according to the above-mentioned published documents, wherein the document provider only needs to provide a document to the non-members and the members, and does not occupy the storage space of the non-members and the members.
The fifth objective of the present invention is to obtain the identifiable data from the document to determine whether the system receiving the document meets membership, and automatically open the restricted content of the document according to the above-mentioned limited document viewing method.
The sixth object of the present invention is to realize a limited viewing method for a public document according to the limited viewing system for a public document.
In order to achieve the above and other objects, the present invention provides a limited reading method for a public document, which is applied to a public document, the public document is composed of a public data segment, a first limited data segment and a second limited data segment, the public document provides a general member, a first member and a second member to conditionally read at least one of the public data segment, the first limited data segment and the second limited data segment, wherein the public document is based on HyperText Markup Language (HyperText Markup Language) codes, the limited reading method for the public document comprises a step a of obtaining a first public key of the first member and a second public key of the second member, the first member has a first private key corresponding to the first public key and the second member has a second private key corresponding to the second public key; b, establishing a public data section, a first limitation data section and a second limitation data section on the declaration mark of the public document, wherein the public data section provides public contents, the first contents of the first limitation data section are encrypted by a first limitation public key, the second contents of the second limitation data section are encrypted by a second limitation public key, and the first limitation public key is provided with a corresponding first limitation private key and the second limitation public key is provided with a corresponding second limitation private key; c, respectively inserting general member identification sections related to general members, first member identification sections of the first members and second member identification sections of the second members into the declaration marks of the public documents; selectively encrypting at least one of a first restriction private key and a second restriction private key by using a first public key in the first member identity section, and selectively encrypting at least one of the first restriction private key and the second restriction private key by using a second public key in the second member identity section, wherein the first restriction private key and the second restriction private key are respectively selected in the first member identity section and the second member identity section; and e, publishing the public document to a general member, a first member and a second member on the Internet.
Further, the method also comprises the following steps:
step f: the general member, the first member and the second member obtaining the public document from the Internet and viewing the public content of the public data section from the public document;
step g: decoding the first member identity section and the second member identity section by using the first private key of the first member to obtain the first limit private key, the second limit private key or a second limit private key respectively; and
step h: the first restricted content is decrypted by the first restricted private key to browse first content, and the second restricted content is decrypted by the second restricted private key to browse second content.
Further, the step g further comprises the following steps:
step i, if the first private key of the first member decodes the first member identity segment and the first limiting private key, the second limiting private key or the second limiting private key can not be obtained, the first member can not decode the first limiting data segment through the first limiting private key and the first member can not decode the second limiting data segment through the second limiting private key; if the second private key of the second member decodes the first member identification segment and cannot acquire the first limitation private key, the second limitation private key or the second limitation private key, the second member cannot decode the first limitation data segment through the first limitation private key and the second member cannot decode the second limitation data segment through the second limitation private key.
Further, in step c, the following step j is also included:
step j-1: obtaining a third public key of a third member, wherein the third member has a third private key corresponding to the third public key;
step j-2: adding a third member identity segment to the claim mark of the publication;
step j-3: selectively encrypting at least one of the first restricted private key and the second restricted private key with a third public key in the third membership field; and
step j-4: an updated publication including the third membership field replaces the Internet publication.
Further, after step j, the method further comprises step k:
step k-1: the third member obtaining the updated open document from the Internet and viewing the open content of the open document section from the updated open document;
step k-2: decoding the third member identity segment using the third private key of the third member to obtain the first restricted private key, the second restricted private key or both; and
step k-3: the first restricted content is decrypted by the first restricted private key to browse the first content, and the second restricted content is decrypted by the second restricted private key to browse the second content.
Further, in step k2, the method further comprises the following steps:
step k-4: if the third private key of the third member decodes the third member identity segment and cannot acquire the first restriction private key, the second restriction private key or both, the third member cannot decode the first restriction data segment through the first restriction private key and the third member cannot decode the second restriction data segment through the second restriction private key.
Further, the general member, the first member, the second member and the third member have the same updated public document.
The disclosure provides a public document restricted viewing system, which is applied to a public document for a general member, a first member and a second member to conditionally read the public document, wherein the first member has a first public key and a first private key, the second member has a second public key and a second private key, and the public document restricted viewing system includes a database, a processing unit, a servo unit and a browsing unit. The database stores published documents. The processing unit is connected with the database. The processing unit encodes the public document by using the hypertext markup language, establishes a first member identity section, a second member identity section, a public data section, a first limitation data section and a second limitation data section in the public document, and sets the authority of the first member and the second member for viewing the public data section, the first limitation data section and the second limitation data section in the first member identity section and the second member identity section respectively. The servo unit is connected with the processing unit. The server unit receives the public document and issues the public document on the Internet; and the browsing unit is connected to the Internet. The browsing unit provides the general member, the first member and the second member with an access request for obtaining the public document to the servo unit, the general member, the first member and the second member automatically reach the identity section of the first member or the second member according to the mark in the public document after obtaining the first private key of the first member or the second private key of the second member, obtain the private key allowed to browse the first limited data section to decode the first limited data section to browse the first content or obtain the private key allowed to browse the second limited data section to decode the second limited data section to browse the second content, and further combine the content of the public data section and the first content and the second content allowed to browse to the corresponding general member, the first member and the second member to browse.
Further, the processing unit encrypts the first restricted data segment with a first restricted public key and encrypts the second restricted data segment with a second restricted public key in the public document, and inserts a first restricted private key corresponding to the first restricted public key, a second restricted private key corresponding to the second restricted public key, or the first restricted private key and the second restricted private key in the first member identity segment and the second member identity segment of the public document, respectively, wherein the second restricted private keys of the first restricted private key and the second restricted public key are encrypted with the first public key of the first member and the second public key of the second member, respectively.
Further, the first private key of the first member decrypts the first member id and the second private key of the second member decrypts the second member id, so as to obtain the first restricted private key for decrypting the first restricted data segment and the second restricted private key for decrypting the second restricted data segment, respectively.
Compared with the prior art, the invention provides a method and a system for limiting and reading the open documents, and the invention concept of the invention has the following advantages:
1. all viewers do not need to store/backup all electronic files, only one copy of the electronic file.
2. Only special judgment conditions are added in the process of coding the electronic file, and the burden of a system is not caused.
3. The system can be immediately and dynamically provided for non-members, the non-members can read the public information without limitation, and if the non-members are attracted by the public information, the whole contents of the investment disclosure can be obtained by updating the electronic document in a manner of adding to the members.
Drawings
Fig. 1 is a flowchart illustrating a method for restricting a viewing of a public document according to a first embodiment of the present invention.
Fig. 2 is a state diagram illustrating the limited viewing method of the disclosed document shown in fig. 1 according to the present invention.
Fig. 3 is a schematic diagram illustrating the encoding of the disclosure of fig. 1 of the present invention.
Fig. 4 is a block diagram schematically illustrating a public document restriction viewing system according to a second embodiment of the present invention.
Description of the reference numerals
2 publication
4 the Internet
10 public document limited reading system
12 database
14 processing unit
16 servo unit
18 browsing unit
VR Access request
Method steps S11-S15.
Detailed Description
For a fuller understanding of the objects, features and advantages of the present invention, reference should be made to the following detailed description taken in conjunction with the accompanying drawings. The description is as follows:
in the present disclosure, "a" or "an" is used to describe the units, elements and components described herein. This is done for convenience of illustration only and to provide a general sense of the scope of the invention. Accordingly, unless clearly indicated to the contrary, such description should be read to include one, at least one and the singular also includes the plural.
As used herein, the terms "comprises," "comprising," "includes," "including," "has," "having" or any other similar term are intended to cover a non-exclusive inclusion. For example, an element, structure, article, or apparatus that comprises a plurality of elements is not limited to only those elements but may include other elements not expressly listed or inherent to such element, structure, article, or apparatus. In addition, unless expressly stated to the contrary, the term "or" is intended to mean an inclusive "or" rather than an exclusive "or". Please refer to fig. 1, which is a flowchart illustrating a single public document restricted viewing method according to a first embodiment of the present invention. In fig. 1, a limited viewing method of a public document is applied to a public document. A public document is composed of a public data segment, a first limited data segment and a second limited data segment. The public document provides a general member, a first member and a second member to conditionally read at least one of the public data section, the first restricted data section and the second restricted data section. Wherein the publication is based on HyperText Markup Language (HyperText Markup Language) encoding. The disclosed file limited reading method comprises the following steps:
beginning at step S11, a first public key of a first member and a second public key of a second member are obtained. Wherein the first member has a first private key corresponding to the first public key and the second member has a second private key corresponding to the second public key.
In step S12, a public data segment, a first restricted data segment and a second restricted data segment are created in the declaration mark of the public document. The public data segment provides public content, the first content of the first limitation data segment is encrypted by a first limitation public key, the second content of the second limitation data segment is encrypted by a second limitation public key, the first limitation public key is provided with a corresponding first limitation private key, and the second limitation public key is provided with a corresponding second limitation private key.
In step S13, the general member identification section of the related general member, the first member identification section of the first member and the second member identification section of the second member are inserted into the declaration mark of the public document.
At step S14, selectively encrypting at least one of the first restriction private key and the second restriction private key with the first public key in the first membership field, and selectively encrypting at least one of the first restriction private key and the second restriction private key with the second public key in the second membership field.
Step S15, the public document is distributed to the general member, the first member and the second member on the Internet.
In another embodiment, after the step S15, the method further includes the following step for the general member, the first member and the second member to conditionally view the restrictive content.
In step S16, the general member, the first member and the second member obtain the public document from the Internet and read the public content of the public document segment from the public document.
Step S17, the first member identification segment is decoded by the first private key of the first member and the second member identification segment is decrypted by the second private key of the second member, so as to obtain the first limitation private key, the second limitation private key or both. In another embodiment, if the first member's first private key decodes the first member identification field and cannot acquire the first restriction private key, the second restriction private key, or both, the first member cannot decode the first restriction data field through the first restriction private key and the first member cannot decode the second restriction data field through the second restriction private key; if the second private key of the second member decodes the first member identity segment and cannot acquire the first limitation private key, the second limitation private key or the second limitation private key, the second member cannot decode the first limitation data segment through the first limitation private key and the second member cannot decode the second limitation data segment through the second limitation private key.
Step S18, decrypting the first limited content with the first limited private key to browse the first content, and decrypting the second limited content with the second limited private key to browse the second content.
In another embodiment, if the public document is published and a third member is added, the method comprises the steps of (1) obtaining a third public key of the third member, wherein the third member has a third private key corresponding to the third public key; (2) adding a third member identity section to the declared mark of the public document; (3) selectively encrypting at least one of the first restriction private key and the second restriction private key with a third public key in a third membership segment; and (4) an updated publication including a third membership field in place of the Internet-located publication.
Therefore, the common member, the first member, the second member and the third member all obtain the same updated public document. Wherein the third member can obtain the updated open document from the internet and read the open content of the open data section from the updated open document; decoding the third member identity segment by using a third private key of a third member to respectively obtain a first limit private key, a second limit private key or a third limit private key; and decrypting the first restricted content by the first restriction private key to browse the first content, and decrypting the second restricted content by the second restriction private key to browse the second content; in the foregoing, if the third private key of the third member decodes the third member identity segment and cannot obtain the first limitation private key, the second limitation private key or both, the third member cannot decode the first limitation data segment through the first limitation private key and the third member cannot decode the second limitation data segment through the second limitation private key.
Referring to fig. 2, a state diagram of the limited document viewing method of fig. 1 according to the present invention will be described. In FIG. 2, a plurality of main endpoints are included, which are client, browser, key bank, server and document. The server provides files to the client (including non-members and members) and the client browses the files through the browser.
For example, the server extracts the document language code of the document, and provides the document from the server, the document program code of the document has been embedded with the identification information related to the member and non-member client in advance, the declaration tags related to the member and non-member, such as the tags of < member > </member > and < non-member > </non-member >, are defined in the HTML head tag of the document, the number of the tags can be one or more; and, with respect to the declared tags of the limited content and the unlimited content, for example, tags of < unlimited content > </unlimited content > and < limited content > </limited content >, the number of tags thereof may be one or more.
Here, three-bit clients a, B, and C with membership and two-bit ordinary (or non-member) clients D and E are taken as examples, which respectively assume that the client a can read restricted contents 1,2, and 3; the client B can read the restricted contents 1 and 2; and, the client C can read the limitation content 2. In addition, the clients A, B and C can freely read the unlimited contents. It should be noted that in this embodiment, the file refers to a single file, and the files are all stored in the clients a, B, C, D, and E, and the content of the file is consistent, and when the file changes, the files at the clients a, B, C, D, and E are also changed together, so as to ensure that the clients a, B, C, D, and E all have the file with the consistent content.
According to the above declaration, the private keys of the specified restricted contents 1,2, and 3 can be declared to be encrypted by the public key of the user a between the tag < member a > </member a >; private key between < member B > </member B > that specifies the restricted contents 1 and 2 is encrypted by the public key of the user B; the private key of < member C > </member C > specifying the limitation content 2 is encrypted by the public key of the user C; and the rest non-member clients D and E do not need to be declared additionally. Meanwhile, the tags < unrestricted content > </unrestricted content > and < restricted content > </restricted content > are filled with corresponding material, for example, three parts of restricted content 1,2, and 3, which are distinguished by the tags < restricted content 1> </restricted content 1>, < restricted content 2> </restricted content 2>, and < restricted content 3> </restricted content 3>, respectively, wherein the restricted content between < restricted content 1> </restricted content 1> is encrypted with the public key related to the restricted content 1, and so on, the restricted content between < restricted content 2> </restricted content 2> is encrypted with the public key related to the restricted content 2, and so on, in other embodiments, the number or the paragraph of the restricted content can be increased or decreased according to the requirement.
Returning to the state diagram of fig. 2, suppose that the clients a, B, C, D and E respectively send access requests to the server through the browser to obtain documents, the clients a, B and C are members (hereinafter referred to as members) and the clients D and E are non-members (hereinafter referred to as non-members). Wherein, the document defines the declaration label of the member and the non-member in the encoding process (for example, adopting the hypertext markup language), such as < member A > limits the content 1,2, and the private key of 3 is encrypted by the public key of the user end A </member A > … < member C > limits the private key of the content 2 is encrypted by the public key of the user end C </member C >, < non-member D > </non-member > and < non-member E </non-member > labels. In addition, in the same file, there are tags of the restricted content and the unrestricted content, that is, the < restricted content 1> restricted content 1 (encrypted with the public key associated with the restricted content 1) </restricted content 1>, the < restricted content 2> restricted content 2 (encrypted with the public key associated with the restricted content 2) </restricted content 2> and the < restricted content 3> restricted content 3 (encrypted with the public key associated with the restricted content 3) </restricted content 3 >.
Then, the server sends the document with the document language code to all the browsers belonging to the members A, B and C and the non-members D and E, so that all the members A, B and C and the non-members D and E see the unlimited contents of the document through the browser unpacking, and the browser also receives the encryption program from the key library and the public keys related to the members A, B and C.
Taking member a as an example, when the browser of member a displays non-restricted content, the browser extracts the identification data and the private key of the browser according to the content of the HTML head tag of the document (if the identity is that member a can browse restricted content 1,2 and 3), and when the identification data of member a matches (or is matched with) the identification data of the document, the browser decrypts the restricted viewing content 1,2 and 3 with the private key of member a and displays the restricted viewing content in the browser of member a; on the contrary, if the identification data of the member A does not match (or match) with the identification information of the document, no message is displayed, i.e. the restricted viewing contents 1,2 and 3 cannot be viewed, but the unrestricted viewing contents can still be read; further, taking member C as an example, when the browser of member C displays the non-restricted content, the browser extracts the identification data and the private key of the member C according to the content of the HTML head tag of the document (if the identification is that member C can view the restricted content 2), and when the identification data of member C matches (or matches) the identification data of the document, the browser decrypts the restricted viewing content 2 with the private key of member C, and it should be noted that the HTML head tag of the document only declares that member C can view the restricted content 2, so that the non-declared restricted viewing contents 1 and 3 are included. Even though the member C cannot read the restricted contents 1 and 3, the unrestricted content can be read.
Therefore, as can be understood from the above description, the present invention provides a single file, and in the case where all members and non-members can obtain only one file by declaration of the HTML head tag, it is possible to distinguish the contents viewed by the members and non-members according to the declared contents, and further distinguish which members can view a plurality of restricted contents among the members, and further realize that a designated member can view one or more restricted contents.
For example, the present invention can be applied to a block chain, which is characterized by decentralization, so that members on the internet share a single public document, and the public document sets the viewing authority of each member. A single public document is based on hypertext markup language coding and is composed of a public data segment, a first limitation data segment and a second limitation data segment. Reference is also made to the schematic diagram of fig. 3.
Assume that the members on the Internet have a general member, a first member and a second member, which can obtain a single public document from the Internet. The issuer of the public document expects that the general member, the first member and the second member can conditionally read part or all of the content of the public document according to the setting of the invention side after acquiring the public document.
The issuer first obtains a first public key of a first member and a second public key of a second member. The first member has a first private key owned by the first member besides the first public key, wherein the second public key and the second private key are a key pair; the same applies to the second member, which has a second private key owned by itself in addition to the second public key, wherein the second public key and the second private key are a key pair.
The issuer creates a public data segment, a first restricted data segment, and a second restricted data segment at the declaration label < header > of the publication. Here, the public data section is defined to provide public content for general members or the public to view, and the first restricted data section and/or the second restricted data section can only enable the first member or the second member to view.
The issuer encrypts the first content of the first limitation data segment with a first limitation public key in the public document, and the first limitation public key corresponds to a first limitation private key which can be used for decrypting and utilizing the first limitation public key to obtain the first content; the same applies to the second restricted data segment, wherein the second content of the second restricted data segment is encrypted by the second restricted public key, and the second restricted public key corresponds to the second restricted private key, which can be used for decrypting the second content using the second restricted public key.
In addition, the general member identification section related to the general member, the first member identification section related to the first member and the second member identification section related to the second member are respectively inserted into the claim mark of the public document, for example, the first member identification section is taken as an example, and the first member identification section can be used for storing the encrypted first restriction private key and the encrypted second restriction private key. In the setting of fig. 3, the first member can view the public content, the first content, and the second content through the first member identification section, and the second member can view the public content and the first content through the second member identification section.
Therefore, the issuer can distribute the public document to the general member, the first member and the second member on the internet, in other words, the general member, the first member and the second member have the same public document.
To achieve the above object, the issuer encrypts the first restriction private key and the second restriction private key in the first member identity field by using the first public key of the first member. Therefore, when the first member decrypts the first limitation private key and the second limitation private key encrypted by the first public key by using the first private key, the first limitation private key and the second limitation private key can be obtained. After the first member obtains the first restriction private key, the first member decrypts the first restriction public key by using the first restriction private key to obtain the first content, and decrypts the second restriction public key by using the second restriction private key to obtain the second content.
Similarly, the issuer encrypts the first restricted private key with a second public key of the second member in the second member identification field. Therefore, when the second member decrypts the first restricted private key encrypted by the second public key by using the second private key, the first restricted private key can be obtained. After the second member obtains the first limitation private key, the second member decrypts the first limitation public key by using the first limitation private key to obtain the first content. It should be noted that the second membership id only has the second public key to encrypt the first restricted private key, and the second restricted private key cannot be obtained, and thus the second content cannot be read.
Therefore, in the above-described manner, it is possible to restrict different members from obtaining contents to be viewed individually in the same public document.
In another embodiment, the issuer may split the identity field and the data field of the public document into two public documents, and issue the two public documents on the blockchain, and when the issuer wants to add or delete members, it only needs to add/delete member identity field on the public document of the identity field, so as to realize that each member is designated to view the contents designated to be viewed. And based on the characteristics of the block chain, the issuer can reissue the edited public identity segment file to the internet, so that all members hold the latest public identity segment file without reissuing the public file of the data segment, and if the content of the data segment is updated, the public file of the data segment needs to be reissued to the internet.
Referring to fig. 4, a block diagram of a document restricted viewing system according to a second embodiment of the present invention is shown. In fig. 4, the open document limited viewing system 10 is applied to a public document for conditional reading of the public document by general members, a first member and a second member. The first member has a first public key and a first private key, and the second member has a second public key and a second private key.
The document restricted viewing system 10 includes a database 12, a processing unit 14, a server unit 16 and a browsing unit 18.
The database 12 stores the publication 2. The publication 2 can be from a file, a scanner, or an image capturing device.
The processing unit 14 is connected to the database 12 to obtain the public document 2. The processing unit 14 encodes the public document 2 by using the html, and establishes a first member identification segment, a second member identification segment, a public data segment, a first limitation data segment and a second limitation data segment in the public document 2, and sets the permission of the first member and the second member to view the public data segment, the first limitation data segment and the second limitation data segment in the first member identification segment and the second member identification segment respectively. In another embodiment, the processing unit encrypts the first restricted data segment and the second restricted data segment with the first restricted public key and the second restricted public key respectively in the public document 2, and inserts the first restricted private key corresponding to the first restricted public key, the second restricted private key corresponding to the second restricted public key, or the first restricted private key and the second restricted private key in the first member identification segment and the second member identification segment of the public document. The first limiting private key and the second limiting private key of the second limiting public key are encrypted by the first public key of the first member and the second public key of the second member respectively. The first private key of the first member decrypts the first member identification section and the second private key of the second member decrypts the second member identification section, so as to respectively obtain the first limit private key for decrypting the first limit data section and obtain the second limit private key for decrypting the second limit data section
The servo unit 16 is connected to the processing unit 14. The server unit 16 receives the publication 2 and distributes the publication 2 over the Internet 4.
The browsing unit 18 is connected to the Internet 4. The browsing unit 18 provides the general member, the first member, and the second member with an access request VR for obtaining the public document 2 to the server unit 16. The general member, the first member and the second member automatically access the identity segment of the first member or the second member after obtaining the first private key of the first member or the second private key of the second member according to the mark in the public document 2, obtain the private key allowed to browse the first restricted data segment to decode the first restricted data segment and browse the first content, and obtain the private key allowed to browse the second restricted data segment to decode the second restricted data segment and browse the second content, and further combine the content of the public data segment and the first and second contents allowed to browse to corresponding general member, first member and second member to browse.
Compared with the prior art, the invention provides a method and a system for limiting and reading the open documents, and by means of the inventive concept of the invention, the following advantages are achieved:
1. all viewers do not need to store/backup all electronic files, only one copy of the electronic file.
2. Only special judgment conditions are added in the process of coding the electronic file, and the burden of a system is not caused.
3. The method can be immediately and dynamically provided for the non-member, the non-member can read the public information without limitation, if the non-member is attracted by the public information, the electronic document can be updated by adding the member, for example, so as to obtain the complete contents of the investment disclosure.
While the invention has been described in terms of the preferred embodiments, it will be understood by those skilled in the art that the examples are intended in a descriptive sense only and not for purposes of limitation. It should be noted that equivalent variations and substitutions to those of the embodiments are intended to be included within the scope of the present invention. Therefore, the protection scope of the present invention is defined by the claims.
Claims (10)
1. A method for restricting and viewing a public document, comprising: the method is applied to the open document, the open document consists of an open document section, a first limit document section and a second limit document section, the open document provides a general member, a first member and a second member to conditionally read at least one of the open document section, the first limit document section and the second limit document section, wherein the open document is coded based on a hypertext markup language, and the method for the limited viewing of the open document comprises the following steps:
step a: obtaining a first public key of the first member and a second public key of the second member, wherein the first member has a first private key corresponding to the first public key, and the second member has a second private key corresponding to the second public key;
step b: establishing the public data segment, the first limitation data segment and the second limitation data segment on the declaration mark of the public document, wherein the public data segment provides public content, the first content of the first limitation data segment is encrypted by a first limitation public key, the second content of the second limitation data segment is encrypted by a second limitation public key, the first limitation public key is provided with a corresponding first limitation private key, and the second limitation public key is provided with a corresponding second limitation private key;
step c: inserting general member identification sections related to general members, first member identification sections related to first members and second member identification sections related to second members into the declared marks of the public document respectively;
step d: selectively encrypting at least one of the first restricted private key and the second restricted private key with a first public key in the first membership field and selectively encrypting at least one of the first restricted private key and the second restricted private key with a second public key in the second membership field; and
step e: the public document is distributed to the general member, the first member and the second member on the Internet.
2. The method for restricting the viewing of a public document according to claim 1, further comprising the steps of, after the step of:
step f: the general member, the first member and the second member obtaining the public document from the Internet and viewing the public content of the public data section from the public document;
step g: decoding the first member identity section and the second member identity section by using the first private key of the first member to obtain the first limit private key, the second limit private key or a second limit private key respectively; and
step h: the first restricted content is decrypted by the first restricted private key to browse first content, and the second restricted content is decrypted by the second restricted private key to browse second content.
3. The method for restricting the viewing of a public document according to claim 2, further comprising the step of:
step i: if the first private key of the first member decodes the first member identity segment and cannot acquire the first limitation private key, the second limitation private key or the second limitation private key, the first member cannot decode the first limitation data segment through the first limitation private key and the first member cannot decode the second limitation data segment through the second limitation private key; if the second private key of the second member decodes the first member identification segment and cannot acquire the first limitation private key, the second limitation private key or the second limitation private key, the second member cannot decode the first limitation data segment through the first limitation private key and the second member cannot decode the second limitation data segment through the second limitation private key.
4. The method for restricting the viewing of a public document according to claim 1, further comprising, in the step c, a step j of:
step j-1: obtaining a third public key of a third member, wherein the third member has a third private key corresponding to the third public key;
step j-2: adding a third member identity segment to the claim mark of the publication;
step j-3: selectively encrypting at least one of the first restricted private key and the second restricted private key with a third public key in the third membership field; and
step j-4: an updated publication including the third membership field replaces the Internet publication.
5. The method of restricting the viewing of a public document according to claim 4, further comprising, after the step j, the step k of:
step k-1: the third member obtaining the updated open document from the Internet and viewing the open content of the open document section from the updated open document;
step k-2: decoding the third member identity segment using the third private key of the third member to obtain the first restricted private key, the second restricted private key or both; and
step k-3: the first restricted content is decrypted by the first restricted private key to browse the first content, and the second restricted content is decrypted by the second restricted private key to browse the second content.
6. The limited public document viewing method according to claim 5, wherein the step k2 further includes the steps of:
step k-4: if the third private key of the third member decodes the third member identity segment and cannot acquire the first restriction private key, the second restriction private key or both, the third member cannot decode the first restriction data segment through the first restriction private key and the third member cannot decode the second restriction data segment through the second restriction private key.
7. The method of claim 4, wherein the general member, the first member, the second member and the third member have the same copy of the updated public document.
8. A public document restricted viewing system applied to a public document for a general member, a first member and a second member to conditionally read the public document, wherein the first member has a first public key and a first private key, and the second member has a second public key and a second private key, the public document restricted viewing system comprising:
a database for storing the public document;
the processing unit is connected with the database, codes the public document by utilizing a hypertext markup language, establishes a first member identity section, a second member identity section, a public data section, a first limitation data section and a second limitation data section in the public document, and respectively sets the authority of the first member and the second member to read the public data section, the first limitation data section and the second limitation data section in the first member identity section and the second member identity section;
a server unit connected to the processing unit, the server unit receiving the public document and issuing the public document on the Internet;
a browsing unit connected to the Internet, the browsing unit providing the general member, the first member and the second member with an access request for obtaining the public document to the server unit, the general member, the first member and the second member obtain the first private key of the first member or the second private key of the second member according to the mark in the public document, automatically obtaining the private key allowed to browse the first restricted data segment to decode the first restricted data segment to browse the first content, obtaining the private key allowed to browse the second restricted data segment to decode the second restricted data segment to browse the second content, and further combining the content of the public data segment and the first content and the second content allowed to be browsed to the corresponding general member, the first member and the second member for browsing.
9. The system of claim 8, wherein the processing unit encrypts the first restricted data segment with a first restricted public key and encrypts the second restricted data segment with a second restricted public key in the public document, and inserts a first restricted private key corresponding to the first restricted public key, a second restricted private key corresponding to the second restricted public key, or the first restricted private key and the second restricted private key in the first member id segment and the second member id segment of the public document, respectively, wherein the first restricted private key and the second restricted private key of the second restricted public key are encrypted with the first public key of the first member and the second public key of the second member, respectively.
10. The system of claim 9, wherein the first private key of the first member decrypts the first member id and the second private key of the second member decrypts the second member id to obtain the first restricted private key for decrypting the first restricted data segment and the second restricted private key for decrypting the second restricted data segment, respectively.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW108124870 | 2019-07-15 | ||
| TW108124870A TWI687839B (en) | 2019-07-15 | 2019-07-15 | Public document limited viewing method and system thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112231744A true CN112231744A (en) | 2021-01-15 |
| CN112231744B CN112231744B (en) | 2024-02-02 |
Family
ID=69184508
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910694383.XA Active CN112231744B (en) | 2019-07-15 | 2019-07-30 | Method and system for limiting and reading public file |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN112231744B (en) |
| TW (1) | TWI687839B (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1462940A (en) * | 2002-05-29 | 2003-12-24 | 明日工作室股份有限公司 | Deciphering system and method for a browser |
| CN1832398A (en) * | 2006-04-14 | 2006-09-13 | 中国软件与技术服务股份有限公司 | Method and system of file encipher share |
| TW200928994A (en) * | 2007-12-28 | 2009-07-01 | Trade Van Information Services Co | A system and method for protecting electronic media contents with RFID |
| US7921450B1 (en) * | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
| CN103561034A (en) * | 2013-11-11 | 2014-02-05 | 武汉理工大学 | Secure file sharing system |
| TW201447635A (en) * | 2013-06-10 | 2014-12-16 | Jie Chen | Content verification method based on digital signature codes |
| TW201601079A (en) * | 2014-06-25 | 2016-01-01 | Zhen-Yan Shen | Cluster data sharing method and system thereof |
| CN105743646A (en) * | 2016-02-03 | 2016-07-06 | 四川长虹电器股份有限公司 | Encryption method and system based on identity |
| TWM530445U (en) * | 2016-07-14 | 2016-10-11 | Super Fast Digital Technology Printing Co Ltd | School electronic information storage and browsing device |
| CN106233299A (en) * | 2014-04-25 | 2016-12-14 | 三星电子株式会社 | The method of social networking service is provided and performs the server of the method |
| CN107832632A (en) * | 2017-10-30 | 2018-03-23 | 天逸财金科技服务股份有限公司 | Asset certification authorization query method, system, electronic device and computer readable storage medium |
| CN108881240A (en) * | 2018-06-26 | 2018-11-23 | 广州友谱网络科技有限公司 | Member's private data guard method based on block chain |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030208686A1 (en) * | 2002-05-06 | 2003-11-06 | Thummalapally Damodar R. | Method of data protection |
| US9285981B1 (en) * | 2012-07-16 | 2016-03-15 | Wickr Inc. | Discouraging screen capture |
| CN109471844B (en) * | 2018-10-10 | 2022-02-18 | 深圳市达仁基因科技有限公司 | File sharing method and device, computer equipment and storage medium |
-
2019
- 2019-07-15 TW TW108124870A patent/TWI687839B/en active
- 2019-07-30 CN CN201910694383.XA patent/CN112231744B/en active Active
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7921450B1 (en) * | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
| CN1462940A (en) * | 2002-05-29 | 2003-12-24 | 明日工作室股份有限公司 | Deciphering system and method for a browser |
| CN1832398A (en) * | 2006-04-14 | 2006-09-13 | 中国软件与技术服务股份有限公司 | Method and system of file encipher share |
| TW200928994A (en) * | 2007-12-28 | 2009-07-01 | Trade Van Information Services Co | A system and method for protecting electronic media contents with RFID |
| TW201447635A (en) * | 2013-06-10 | 2014-12-16 | Jie Chen | Content verification method based on digital signature codes |
| CN103561034A (en) * | 2013-11-11 | 2014-02-05 | 武汉理工大学 | Secure file sharing system |
| CN106233299A (en) * | 2014-04-25 | 2016-12-14 | 三星电子株式会社 | The method of social networking service is provided and performs the server of the method |
| TW201601079A (en) * | 2014-06-25 | 2016-01-01 | Zhen-Yan Shen | Cluster data sharing method and system thereof |
| CN105743646A (en) * | 2016-02-03 | 2016-07-06 | 四川长虹电器股份有限公司 | Encryption method and system based on identity |
| TWM530445U (en) * | 2016-07-14 | 2016-10-11 | Super Fast Digital Technology Printing Co Ltd | School electronic information storage and browsing device |
| CN107832632A (en) * | 2017-10-30 | 2018-03-23 | 天逸财金科技服务股份有限公司 | Asset certification authorization query method, system, electronic device and computer readable storage medium |
| CN108881240A (en) * | 2018-06-26 | 2018-11-23 | 广州友谱网络科技有限公司 | Member's private data guard method based on block chain |
Non-Patent Citations (1)
| Title |
|---|
| 吴跃: "电商运营平台中监控与后台管理系统的设计", 《中国优秀硕士学位论文全文数据库 信息科技辑》, no. 06, pages 138 - 852 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112231744B (en) | 2024-02-02 |
| TWI687839B (en) | 2020-03-11 |
| TW201942786A (en) | 2019-11-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210211282A1 (en) | Method and system for secure distribution of selected content to be protected on an appliance-specific basis with definable permitted associated usage rights for the selected content | |
| US20230027550A1 (en) | Method and system for secure distribution of selected content to be protected | |
| KR101287518B1 (en) | Apparatus and method for digital rights management for epub-based contents, and apparatus and method for providing epub-based contents according to user authority | |
| US8619982B2 (en) | Method and system for secure distribution of selected content to be protected on an appliance specific basis | |
| JP2021502023A (en) | Data sharing methods, clients, servers, computing devices, and storage media | |
| US9990474B2 (en) | Access control for selected document contents using document layers and access key sequence | |
| JP2009533908A (en) | Method and apparatus for delivering encoded content | |
| WO2014156400A1 (en) | Genetic information storage device, genetic information search device, genetic information storage program, genetic information search program, genetic information storage method, genetic information search method, and genetic information search system | |
| US8359473B1 (en) | System and method for digital rights management using digital signatures | |
| JP2006048464A (en) | Content data distribution system, contents data distribution method, and commodity sales method | |
| CN101370069A (en) | Image encryption/decryption system | |
| JP2000339227A (en) | Data operating method | |
| JP2001043192A (en) | Distributing method for contents | |
| US20060107325A1 (en) | Method for creating and processing data streams that contain encrypted and decrypted data | |
| JP4763453B2 (en) | Data falsification prevention method and data falsification prevention system | |
| KR20210037274A (en) | Apparatus and method for managing contents | |
| US20120197688A1 (en) | Systems and Methods for Verifying Ownership of Printed Matter | |
| US8844821B2 (en) | Multi-layer barcode for print on demand document management | |
| CN112231744A (en) | Method and system for limiting reading of open files | |
| JP2002183141A (en) | Document management system | |
| CN111814182A (en) | File encryption method, file decryption method, file encryption equipment and file decryption equipment and storage medium | |
| CN101989444B (en) | Recording medium data generation method, method and apparatus for reproducing the same | |
| US20100250383A1 (en) | Steganographic media payment system | |
| JP4651630B2 (en) | Information input method and system | |
| JP2006279349A (en) | Schema document processing device and schema document processing method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |