201108028 六、發明說明: 【發明所屬之技術領域】 本發明是有關於一種數位識別資訊保全系統及其方 法,特別是有關於一種可針對下載資料進行控管之數位 識別資訊保全系統及其方法。 【先前技術】 目前,由於企業作業電腦化及網際網路的盛行,營 * 業之資料均數位化,企業與各組織對於其内部數位資料 之安全性,也越加重視。目前數位權限管理(Digital Rights Management, DRM )相關技術,各家資訊廠商已 著手發展,並且許多產品陸續上市。然而,市面上各廠 商對數位資料之管理,大部份針對數位資料的功能權限 進行設定,目前缺乏針對數位識別資訊的技術做深入研 究,而舉凡資訊的犯罪行為都需要數位識別資訊,當作 司法上的呈堂證據。但數位識別資訊的易竄改、關聯性 ® 不易確定、不易辨識等特性,常造成數位識別資訊公信 力的不足。因此,當機密資料外洩時,有不易找到完整 犯罪證據的問題。 鑑於習知技藝中,數位識別資訊公信力不足的問 題,為了能夠兼顧解決之,本發明人基於多年研究開發 與諸多實務經驗,提出一種數位識別資訊保全系統及其 方法,以作為改善上述缺點之實現方式與依據。 201108028 【發明内容】 ^有鑑於上述習知技藝之問題,本發明之盆中一曰& 就是在提供-種數位識別資訊保 ς 的 題。彳卜茂f無法^出檔案外茂之完整證據的問 全4是上述目的,依本發明之數位識別資訊保 一處理單元及—輸人單元。讀取單元讀取^用^資 ::錄單元係記錄一下載資訊,資料庫儲存一數位資 枓。處理單元則依據使用者資訊及下载#訊產生一數位 識別資訊,以及’輸人單元將數位識別資訊寫入被下載 之數位資料。 此外,本發明更提出一種數位識別資訊保全方法, 其主要包含下列步驟。首先,利用一讀取單元讀取一使 用者資訊並判斷使用者資訊是否具有一下載權限。接 著,下載儲存於一資料庫之一數位資料後,先利用一記 錄單元紀錄一下載資訊,再利用一處理單元依據使用者 資訊及下載資訊產生一數位識別資訊。最後,透過一輸 入單元將數位識別資訊寫入被下載之數位資料中。 &為使貴審查委員對本發明之技術特徵及所達到 之功效有更進一步之瞭解與認識,謹佐以較佳之實施例 及配合詳細之說明如後。 201108028 【實施方式】 以下將參照相關圖式,說明依本發明較佳實施例之 數位識別資訊保全系統及其方法,為使便於理解,下述 實施例中之相_件係以相同之符號標示來說明。 請^第丨圖’其係為本發^數位朗資訊保全 系統之功能方塊圖。圖中,赵仏吩〇丨吹 —讀取單元U、一記錄單:識別=早全系統包含 00 _ 平70 12、一資料庫13、一處理 ST:及:ί入單元15。讀取單元11讀取-使用者資 ^01,、己t早元12係記錄-下载資訊⑵,資料庫13 及;裁f m。處理單元14則依據使用者資訊1 〇 1 :載貝訊121產生-數位識別資訊141。輸入單元15 將數位識別資訊141寫入數位資料131。 ^中°貝取單元11係電性連接一可攜式儲存裝置 存裝置10係儲存使用者資訊ι〇ι。而使 / 一使用者名稱及-授權碼,在使用者從 下載數位資料131前,處理單元14先比對使 數位眘祖及授權碼是否具有下載權限。而在使用者下載 j 131的過程中,記錄單幻2則記錄了包含下載 時,、網際網路位址(Intemet ρ論c〇i爐⑽,卩 r=s)、網卡編號及下载資料的下載資訊⑵,並將下 數U1經—加密程序後儲存於資料庫13及被下載之 數位資料131中。 ^ 困難數㈣別資訊⑷的公信力問題,常為使用者帶來 # Μ # g遭修改、識別資訊不㈣識等,導致 201108028 不被採信。為了改善此一情況,本發明將從數位識別資 訊H1的圯錄及數位識別資訊141的管理兩方面著手改 善0 數位識別資訊141的記錄··主要是在取得數位識別 資訊的過程中,娜使用者的主機(hQst)獨特的資訊 及上網過程資訊’使其成為具公信力的數位識別資訊。 另一方面,在數位識別資訊M1的管理上,針對數 位識别> efL 141控管,只讓通過認證之合法授權的使用 者應用,當有人嘗試異動數位識別資訊時,異動者資吒 會被記錄’透過以上二種方式,改善數位識別資訊的i ^力,確保數位識別資訊141的機密性 (C〇nfldentiality )、完整性(Integrity )、確實性 (Authenticity)及可利用性(AvailabiiUy)。 本發明在機密數位資料外②的控管上,為—相 ==下2對此一資訊安全的威脅’於使用者:密 數位貝枓下,時,進行全程控管。此設計架構可運用在 企業與機關早位機密數位⑽下載f制機制 性 數位資料㈣的可能性,大幅提昇機密數位資料的= 明參閱第2 ® ’其係為本發明之數位識別資訊保全 方法之步驟流程圖。圖中,數位識別資訊保全方法之 驟如下。 百ί I利用一讀取單元讀取一使用者資訊(步驟 )’ “使用者資訊係儲存於一可攜式電子裝置中,且 201108028 使用者資訊至少包含一使用者名稱及一授權碼,判斷使 '用者資訊的使用者名稱及授權碼是否具有一下載權限 (步驟S22),若有則下載儲存於一資料庫之一數位資料 (步驟S23),若無,則拒絕下載(步驟S221)。下載數 位資料時,利用一記錄單元紀錄一下載資訊(步驟 S24),再利用一處理單元依據使用者資訊及下載資訊產 生一數位識別資訊(步驟S25)。最後,透過一輸入單元 將數位識別資訊加密後寫入被下載之數位資料中(步驟 φ S26)。此外,輸入單元亦將數位識別資訊加密後儲存於 資料庫中中。 由於企業或各組織在針對數位資料下載時,常常只 針對下載動作進行控管,卻沒將下載者的數位識別資訊 進行處理,在數位資料外洩時,並無法提出檔案外洩的 完整證據。有鑑於此問題,本發明即以機密資料下載的 數位識別資訊的有效採樣及管控為目的,提出在數位資 料下載時進行存取控管(access control),不符合條件者 • 不予下載,如符合者則在提供下載時,會將使用者的個 人資訊及下载過程記錄至資料庫。此外,更將數位識別 資訊以加密方式,記錄至被下載的機密資料中,如機密 資料外洩,將比對資料庫及機密資料中之數位識別資 訊,提供企業、組織懲處或司法起訴所需要的證據。 請參閱第3圖,其係為本發明之數位識別資訊保全 系統之資料下載控管步驟流程圖,其主要步驟如下。當 企業或各機關單位之員工進行内部數位資料下載時,會 進入下載資格判斷程序(步驟S31),判斷下載者其是否 201108028 合法),當不符5载身格或下載者電腦網址是否為 -),符“二格:資要求(步驟 J貝冗從集程序(步驟S32)。 名稱之將下载者的數位識料訊,例如:使用者 載資料項目,予 卞'•扁唬下載過程及下 後,會進行另Π 4庫(步驟S33)。記錄完成 進仃另相加密时切部份下載者 斤下载的數位資料裡(步驟S34)。 6 藉此,當此份數位資料不慎外洩,即可 資訊進行追踪,杳出由哪 數位識别 別眘: 者外沒出去,當數位識 3貝戒寫人後’開始設定該數位資料之使用權限(如: =否開放資料複製、列印、異動、加密等權限)進行設 疋(步驟S35),全部程序完成後,即開放下載(步驟S36)。 此外,為了提升數位識別資訊之可信度,本發明更 針對數位識別資訊進行管控,如有人嘗試對數位 做異動時,異動者及其相關資訊將被另行記錄至資料 庫,此資料庫只有系統管理者有權限可予查閱,如有異 動者記錄出現,系統則馬上發送簡訊與電子郵件通知系 統管理者進行處理。 承上所述’本發明之數位識別資訊保全方法,優點 在於此方法提供企業及組織之數位資料下載控管,完整 數位識別資訊收集流程,提供公信力高的數位識別資 訊’嚇阻數位資料外洩的可能性,大幅提昇了數位資料 下载的安全性,進一步保護各機關單位的重要資料 201108028 以上所述僅為舉例性,而非為限性者。任何未脫 ' 離本發明之精神與範疇,而對其進行之等效修改或變 更,均應包含於後附之申請專利範圍中。 201108028 【圖式簡單說明】 第1圖係為本發明之數位識別資訊保全系統之功能方塊 圖, 第2圖係為本發明之數位識別資訊保全方法之步驟流 程圖;以及 第3圖係為本發明之數位識別資訊保全系統之資料下 載控管步驟流程圖。 201108028 【主要元件符號說明】 ' ίο:可攜式儲存裝置; 101 :使用者資訊; 11 :讀取單元; 12 :記錄單元; 121 :下載資訊; 13 :資料庫; 131 :數位資料; φ 14 :處理單元; 141 :數位識別資訊; 15 :輸入單元; S21〜S26 :步驟流程;以及 S31〜S36 :步驟流程。201108028 VI. Description of the Invention: [Technical Field] The present invention relates to a digital identification information security system and method thereof, and more particularly to a digital identification information security system and method thereof for controlling downloading data. [Prior Art] At present, due to the computerization of business operations and the prevalence of the Internet, the information of the industry is digital, and companies and organizations are paying more attention to the security of their internal digital data. At present, digital rights management (DRM) related technologies have been developed by various information vendors, and many products are on the market. However, the management of digital data by various manufacturers in the market is mostly set for the functional authority of digital data. At present, there is a lack of in-depth research on the technology of digital identification information, and the criminal behavior of all information requires digital identification information. Judicial evidence in court. However, the digital identification information is easy to tamper with, the correlation is not easy to identify, and it is difficult to identify, which often causes the lack of credibility of digital identification information. Therefore, when confidential information is leaked, there is a problem that it is difficult to find complete evidence of crime. In view of the problem of insufficient credibility of digital identification information in the prior art, in order to solve the problem, the inventor has proposed a digital identification information security system and its method based on years of research and development and many practical experiences, in order to improve the above disadvantages. Ways and basis. 201108028 [Summary of the Invention] In view of the above-mentioned problems of the prior art, the problem of the digital identification information is provided in the basin of the present invention.彳 茂 f f 无法 无法 无法 无法 f 档案 档案 档案 档案 档案 档案 档案 档案 档案 档案 档案 档案 档案 档案 档案 全 全 档案 全 档案 档案 档案 档案 全 全 全 档案 档案 档案 档案 档案The reading unit reads the information and downloads the information, and the database stores a number of assets. The processing unit generates a digital identification information based on the user information and the download #, and the 'input unit writes the digital identification information to the downloaded digital data. In addition, the present invention further provides a digital identification information preservation method, which mainly includes the following steps. First, a user is used to read a user information and determine whether the user information has a download authority. Then, after downloading the digital data stored in one database, the first recording unit uses a recording unit to record a downloading information, and then uses a processing unit to generate a digital identification information based on the user information and the download information. Finally, the digital identification information is written into the downloaded digital data through an input unit. For a better understanding and understanding of the technical features and the efficacies of the present invention, the preferred embodiments and the detailed description are as follows. 201108028 [Embodiment] Hereinafter, a digital identification information security system and a method thereof according to a preferred embodiment of the present invention will be described with reference to the related drawings. For ease of understanding, the phase elements in the following embodiments are denoted by the same symbols. To illustrate. Please ^第图图' is the functional block diagram of the system. In the figure, Zhao Wei commands blowing - reading unit U, a record sheet: identification = early full system including 00 _ flat 70 12, a database 13, a processing ST: and: ί into unit 15. The reading unit 11 reads - user capital ^01, has t early 12 data records - download information (2), database 13 and; The processing unit 14 generates the digital identification information 141 according to the user information 1 〇 1 : the beacon 121. The input unit 15 writes the digital identification information 141 to the digital material 131. ^中°Betching unit 11 is electrically connected to a portable storage device. The storage device 10 is for storing user information ι〇ι. And / user name and - authorization code, before the user downloads the digital data 131, the processing unit 14 first compares whether the digital cautious and the authorization code have download permission. In the process of downloading j 131 by the user, the record single magic 2 records the download, the Internet address (Intemet ρ on c〇i furnace (10), 卩r=s), the network card number and the downloaded data. The information (2) is downloaded, and the next U1 is encrypted and stored in the database 13 and the downloaded digital data 131. ^ Difficult number (4) Other information (4) The credibility problem often leads to the user # Μ # g being modified, identifying information not (four), etc., resulting in 201108028 not being accepted. In order to improve the situation, the present invention will improve the recording of the digital identification information 141 from both the recording of the digital identification information H1 and the management of the digital identification information 141. Mainly in the process of obtaining the digital identification information, Na is used. The host's (hQst) unique information and online process information 'make it a credible digital identification. On the other hand, in the management of the digital identification information M1, for the digital identification > efL 141 control, only the legally authorized user of the authentication is applied, and when someone attempts the transaction digital identification information, the transaction information will be Recording 'through the above two methods, improving the i ^ force of digital identification information, ensuring the confidentiality (C〇nfldentiality), integrity (Integrity), authenticity (Authenticity) and availability (AvailabiiUy) of the digital identification information 141. The invention is based on the control of the confidential digital data 2, which is - phase == 2 is a threat to information security. When the user: the number of digits is below, the whole process is controlled. This design architecture can be used to download the system-based digital data (4) in the early-stage confidentiality (10) of the enterprise and the organization, and greatly improve the confidential digital data. Refer to the 2 ® ' which is the digital identification information preservation method of the present invention. Step flow chart. In the figure, the digital identification information preservation method is as follows. The user information is stored in a portable electronic device by using a reading unit. The user information is stored in a portable electronic device, and the 201108028 user information includes at least one user name and an authorization code. Whether the user name and the authorization code of the user information have a download permission (step S22), if yes, downloading one of the digital data stored in a database (step S23), and if not, rejecting the download (step S221) When the digital data is downloaded, a download unit records a download information (step S24), and then a processing unit generates a digital identification information according to the user information and the download information (step S25). Finally, the digital identification is performed through an input unit. After the information is encrypted, it is written into the downloaded digital data (step φ S26). In addition, the input unit encrypts the digital identification information and stores it in the database. Since the enterprise or organizations download the digital data, often only The download action is controlled, but the digital identification information of the downloader is not processed. When the digital data is leaked, the file cannot be submitted outside the file. In view of this problem, the present invention aims to provide effective access control and control of digital identification information downloaded by confidential data, and proposes access control when digital data is downloaded, and does not meet the requirements. If the download is not provided, the user's personal information and download process will be recorded in the database. In addition, the digital identification information will be encrypted and recorded into the downloaded confidential information, such as confidential information. The data leakage will compare the digital identification information in the database and the confidential information to provide evidence required by the enterprise, organization punishment or judicial prosecution. Please refer to Figure 3, which is the information of the digital identification information security system of the present invention. The main steps of the download control flow chart are as follows: When the employee of the enterprise or each organization unit downloads the internal digital data, it will enter the download qualification judgment program (step S31) to determine whether the downloader is legal 201108028, if it does not match 5 Whether the physical or downloader's computer URL is -), the character "two grids: capital requirements (step J shell redundancy from the set program ( Step S32). The name of the downloader's digital information, for example, the user carries the data item, and after the download process and the next, the other library will be performed (step S33). When the other phase is encrypted, the digital data downloaded by the downloader is cut (step S34). 6 Therefore, when the digital data is accidentally leaked, the information can be tracked, and the number of digits identified by the discriminant: Did not go out, when the number of people know 3 to write a person, 'start to set the use of the digital data (such as: = no open data copy, print, transaction, encryption, etc.) to set up (step S35), all procedures After the completion, the download is opened (step S36). In addition, in order to improve the credibility of the digital identification information, the present invention further controls the digital identification information. If someone tries to make a change to the digital position, the transaction and related information will be It will be recorded separately to the database. Only the system administrator has the authority to view it. If there is a change in the record, the system will immediately send a message and email to notify the system administrator. According to the above-mentioned digital identification information preservation method of the present invention, the advantage is that the method provides the digital data download control of the enterprise and the organization, the complete digital identification information collection process, and the digital identification information with high credibility is provided to deter content digital data leakage. The possibility of greatly improving the security of digital data downloading and further protecting the important information of various agencies and units 201108028 The above is only an example, not a limitation. Any changes or modifications to the spirit and scope of the present invention are intended to be included in the scope of the appended claims. 201108028 [Simplified description of the drawings] Fig. 1 is a functional block diagram of the digital identification information security system of the present invention, and Fig. 2 is a flow chart of the steps of the digital identification information preservation method of the present invention; The flow chart of the data download control step of the digital identification information security system of the invention. 201108028 [Description of main component symbols] ' ίο: Portable storage device; 101: User information; 11: Reading unit; 12: Recording unit; 121: Downloading information; 13: Database; 131: Digital data; φ 14 : processing unit; 141: digital identification information; 15: input unit; S21~S26: step flow; and S31~S36: step flow.
1111