CN101777099B - Document protection method and system - Google Patents
Document protection method and system Download PDFInfo
- Publication number
- CN101777099B CN101777099B CN200910105051XA CN200910105051A CN101777099B CN 101777099 B CN101777099 B CN 101777099B CN 200910105051X A CN200910105051X A CN 200910105051XA CN 200910105051 A CN200910105051 A CN 200910105051A CN 101777099 B CN101777099 B CN 101777099B
- Authority
- CN
- China
- Prior art keywords
- operation request
- current operation
- application program
- output apparatus
- input
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a document protection method, which comprises the following steps: a present operation request of an application program corresponding to a confidential document in an appointed document is obtained, the present operation request is judged whether an operation request caused by the local input/output device, if the present operation request is an operation request caused by the local input/output device, the operation request is responded, and otherwise, the operation request is not responded. In addition, the invention also provides a document protection system. By adopting the document protection method and the system, the operation request caused by the local input/output device can be identified, so the hacker can be prevented from reading or copying the confidential document by simulating the operation request of the input/output device through a program, thereby improving the confidentiality of the document.
Description
Technical field
The present invention relates to computer realm, relate in particular to a kind of document protection method and system.
Background technology
At present, the existing computer technology that file is protected mainly is that file or folder is encrypted, or to file or folder carry out general looking into poison, virus killing is handled.
The inventor finds that there is following technical matters at least in prior art in implementing process of the present invention:
No matter how powerful the security protection instrument of user installation is, as long as the hacker thinks that user's classified document has the value of utilization, the hacker all can utilize various leaks (comprising vulnerability of application program, operating system leak), disclose or undocumented 0day leak, take various means that the user is planted trojan horse program, as long as user's online, the hacker can read or copy user's classified document by the operation of process simulation input-output apparatus.
Summary of the invention
Embodiment of the invention technical matters to be solved is; a kind of document protection method and system are provided; obtain the current operation request of the corresponding process of application program to the classified document in the specified folder; and according to judging that whether current operation request is the judged result of the operation requests that causes of local input-output apparatus; respond or do not respond described operation requests; thereby the operation requests that local input-output apparatus causes is discerned; avoid the hacker to read or copy user's classified document, strengthened the confidentiality of file by the operation requests of process simulation input-output apparatus.
For solving the problems of the technologies described above, the embodiment of the invention adopts following technical scheme:
A kind of document protection method comprises:
Obtain the current operation request of the corresponding process of application program to the classified document in the specified folder;
Judge whether described current operation request is the operation requests that local input-output apparatus causes, if, respond described current operation request, otherwise do not respond described current operation request,
Wherein, describedly judge whether described current operation request is that the operation requests that local input-output apparatus causes comprises:
Obtain first moment and second moment, described first is after described application program obtains described current operation request constantly, inquire the moment of the driver of described input-output apparatus, described second constantly is the moment that described driver obtains last time described input-output apparatus incident;
Judge described first constantly and described second time that constantly differs whether less than pre-set threshold, if then respond described current operation request, otherwise do not respond described current operation request.
A kind of file protecting system comprises:
Application program unit is used for obtaining the current operation request of the corresponding process of application program to the classified document of specified folder;
The driver unit, be used to judge whether the current operation request that described application program unit obtains is the operation requests that local input-output apparatus causes, the result who returns described judgement to described application program unit is to trigger described application program unit response or not respond described current operation request
Wherein, described driver unit comprises:
Record cell is used to write down described application program after obtaining described current operation request, inquires first moment of the driver of described input-output apparatus; Write down second moment of the last time described input-output apparatus incident of described driver acquisition;
Judging unit, be used to judge described first constantly and described second time that constantly differs whether less than pre-set threshold;
The judged result transmitting element is used for returning to described application program unit the result of described judgment unit judges,
When the result who judges when being, application program unit responds current operation request, otherwise application program unit does not respond current operation request.
The beneficial effect of the embodiment of the invention is:
By a kind of document protection method and a kind of file protecting system are provided; obtain the current operation request of the corresponding process of application program to the classified document in the specified folder; judge whether described current operation request is the operation requests that local input-output apparatus causes; if; respond described operation requests; otherwise do not respond described operation requests; thereby the operation requests that local input-output apparatus causes is discerned; avoid the hacker to read or copy user's classified document, strengthened the confidentiality of file by the operation requests of process simulation input-output apparatus.
Below in conjunction with accompanying drawing the embodiment of the invention is described in further detail.
Description of drawings
Fig. 1 is the main process flow diagram of the document protection method of the embodiment of the invention;
Fig. 2 is the specific embodiment synoptic diagram of document protection method of the present invention;
Fig. 3 is the primary structure figure of the file protecting system of the embodiment of the invention;
Fig. 4 is the specific embodiment synoptic diagram of file protecting system of the present invention.
Embodiment
Fig. 1 is the main process flow diagram of the document protection method of the embodiment of the invention, and with reference to this figure, this method mainly comprises:
101, obtain the current operation request of the corresponding process of application program to the classified document in the specified folder, particularly, application program can be word program, powerpoint program or auto cad program etc., application program when operation to process should be arranged, classified document can be doc formatted file, ppt formatted file or dwg formatted file etc., can be request of reading or copying request etc. to the current operation request of classified document;
102, judge whether described current operation request is the operation requests that local input-output apparatus causes, if respond described current operation request, otherwise do not respond described current operation request.
Below by a specific embodiment above-mentioned deterministic process is described.
Fig. 2 is the specific embodiment synoptic diagram of document protection method of the present invention, and with reference to this figure, this method mainly comprises:
201, application program obtains the current operation request of its corresponding process to the classified document in the specified folder, particularly, application program can be word program, powerpoint program or auto cad program etc., application program when operation to process should be arranged, classified document can be doc formatted file, ppt formatted file or dwg formatted file etc., can be request of reading or copying request etc. to the current operation request of classified document;
202, application program is after obtaining current operation request, need know whether current operation request is the operation requests that local mouse/keyboard causes, therefore, application program is after obtaining current operation request, the driver of inquiry mouse/keyboard, current operation request can be application prompts users when confirming, the user is by the affirmation message of local mouse/keyboard generation;
203, the driver of mouse/keyboard obtains first moment and second moment, first is the moment of the driver of application asks mouse/keyboard constantly, second obtains the last time moment of mouse/keyboard incident for the driver of mouse/keyboard constantly, and the driver of mouse/keyboard is obtaining the mouse/keyboard incident from the first second constantly nearest moment;
204, the driver of mouse/keyboard judge first constantly and second time that constantly differs whether less than pre-set threshold, particularly, threshold value can be in 1 millisecond to 1000 milliseconds scope value, as 50 milliseconds, 65 milliseconds etc.;
205, the driver of mouse/keyboard returns 204 results that judge to application program, to trigger application response or not respond current operation request;
206, application program is handled according to the result of 205 judgements of returning, when the result who judges is first constantly with second time that constantly differs during less than pre-set threshold, the application response current operation request, for example current operation request is to read the classified document of doc form, then when the result who judges be first constantly with second time that constantly differs during less than pre-set threshold, application program (word program) promptly responds current operation request with the classified document of opening the doc form; Current operation request is to open the classified document of ppt form, then the result when judgement is when first moment being not less than pre-set threshold with second time that constantly differs, application program (word program) does not promptly respond current operation request, can not open the classified document of ppt form.
As a kind of embodiment, be judged as when being when 204, in the corresponding process lifetime of application program, application response is to other operation requests of classified document, or response is to the operation requests of other classified documents in the specified folder, like this, needing local mouse/keyboard to confirm when process is operated classified document on the one hand could be successful, on the other hand, too many for fear of user interactions, the application program (software) that the user can be allowed to visit the classified document in the specified folder is put into the trusted software tabulation, after, after trusted software was activated the process of becoming, in process lifetime, process only needed the user to confirm once to get final product with local mouse/keyboard to the operation of the classified document in the secure file folder.
As a kind of embodiment, said method can also comprise to be encrypted with the encryption system of file system classified document, (New Technology File System NTFS) encrypts etc., thereby further guarantees the safety of classified document when storage as New Technology File System.
As a kind of embodiment, said method can also comprise whether to above-mentioned process be the detection that the process of display window is arranged, particularly, detect the size whether above-mentioned process have window displayed and window and be not less than 50 * 50 pixels, if not, then do not respond above-mentioned current operation request, forbid of the operation of above-mentioned current operation request classified document.
Implement the document protection method of the invention described above embodiment; by obtaining the current operation request of the corresponding process of application program to the classified document in the specified folder; judge whether described current operation request is the operation requests that local input-output apparatus causes; if; respond described operation requests; otherwise do not respond described operation requests; thereby the operation requests that local input-output apparatus causes is discerned; avoid the hacker to read or copy user's classified document, strengthened the confidentiality of file by the operation requests of process simulation input-output apparatus.
File protecting system to the embodiment of the invention describes below.
Fig. 3 is the primary structure figure of the file protecting system of the embodiment of the invention, and with reference to this figure, this system mainly comprises application program unit 301, driver unit 302, wherein:
Fig. 4 is the specific embodiment synoptic diagram of file protecting system of the present invention; with reference to this figure; this system is on the basis of the file protecting system of the embodiment of the invention shown in Figure 3; refinement driver unit 302; driver unit 302 comprises record cell 3021, judging unit 3022, judged result transmitting element 3023, wherein:
Application program is after obtaining current operation request, need know whether current operation request is the operation requests that local input-output apparatus causes, therefore, application program is after the message that obtains current input-output apparatus, the driver of inquiry input-output apparatus, the message of current mouse/keyboard can be application prompts user when confirming, the affirmation message that the user produces by local mouse/keyboard;
Judging unit 3022, judge first constantly and second time that constantly differs whether less than pre-set threshold, particularly, threshold value can be in 1 millisecond to 1000 milliseconds scope value, as 50 milliseconds, 65 milliseconds etc.;
Judged result transmitting element 3023, return the result that judging unit 3022 is judged to application program unit 301, to trigger application response or not respond current operation request, like this, application program is handled according to the result of the judgement of returning, when the result who judges is first constantly with second time that constantly differs during less than pre-set threshold, the application response current operation request, for example current operation request is to read the classified document of doc form, then when the result who judges be first constantly with second time that constantly differs during less than pre-set threshold, application program (word program) promptly responds current operation request with the classified document of opening the doc form; Current operation request is to open the classified document of ppt form, then the result when judgement is when first moment being not less than pre-set threshold with second time that constantly differs, application program (word program) does not promptly respond current operation request, can not open the classified document of ppt form.
Wherein, application program can be moved in application program unit 301, and local input/output procedure can move in driver unit 302.
As a kind of embodiment, above-mentioned file protecting system can also comprise a ciphering unit, can encrypt with the encryption system of file system classified document, encrypts etc. as NTFS, thereby further guarantees the safety of classified document when storage;
As a kind of embodiment, above-mentioned file protecting system can also comprise that one detects processing unit, can whether be the detection that the process of display window is arranged to above-mentioned process, particularly, detect the size whether above-mentioned process have window displayed and window and be not less than 50 * 50 pixels, if not, then do not respond above-mentioned current operation request, forbid of the operation of above-mentioned current operation request classified document;
As a kind of embodiment, input-output apparatus can be a mouse/keyboard etc.
As a kind of embodiment, above-mentioned file protecting system can be applicable in the computing machine, also can be applied in other equipment that comprise classified document.
Implement the file protecting system of the invention described above embodiment; obtain the current operation request of the corresponding process of application program by application program unit 301 to the classified document in the specified folder; driver unit 302 judges whether described current operation request is the operation requests that local input-output apparatus causes; if; respond described operation requests; otherwise do not respond described operation requests; thereby the operation requests that local input-output apparatus causes is discerned; avoid the hacker to read or copy user's classified document, strengthened the confidentiality of file by the operation requests of process simulation input-output apparatus.
In addition, one of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by program, described program can be stored in the computer-readable recording medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-OnlyMemory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above is the specific embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also are considered as protection scope of the present invention.
Claims (8)
1. a document protection method is characterized in that, comprising:
Obtain the current operation request of the corresponding process of application program to the classified document in the specified folder;
Judge whether described current operation request is the operation requests that local input-output apparatus causes, if, respond described current operation request, otherwise do not respond described current operation request,
Wherein, describedly judge whether described current operation request is that the operation requests that local input-output apparatus causes comprises:
Obtain first moment and second moment, described first is after described application program obtains described current operation request constantly, inquire the moment of the driver of described input-output apparatus, described second constantly is the moment that described driver obtains last time described input-output apparatus incident;
Judge described first constantly and described second time that constantly differs whether less than pre-set threshold, if then respond described current operation request, otherwise do not respond described current operation request.
2. the method for claim 1 is characterized in that, described threshold value is 1 millisecond, 50 milliseconds or 1000 milliseconds.
3. the method for claim 1 is characterized in that, described method also comprises:
Be judged as when being when described, in described process lifetime, response is to other operation requests of described classified document, or response is to the operation requests of other classified documents in the described specified folder.
4. the method for claim 1 is characterized in that, described method also comprises:
Described classified document is encrypted with the encryption system of file system.
5. the method for claim 1 is characterized in that, described method also comprises:
Detect the size whether described process have window displayed and window and be not less than 50 * 50 pixels, if not, then do not respond described current operation request, forbid of the operation of described current operation request described classified document.
6. as each described method in the claim 1 to 5, it is characterized in that described local input-output apparatus is local mouse/keyboard.
7. a file protecting system is characterized in that, comprising:
Application program unit is used for obtaining the current operation request of the corresponding process of application program to the classified document of specified folder;
The driver unit, be used to judge whether the current operation request that described application program unit obtains is the operation requests that local input-output apparatus causes, the result who returns described judgement to described application program unit is to trigger described application program unit response or not respond described current operation request
Wherein, described driver unit comprises:
Record cell is used to write down described application program after obtaining described current operation request, inquires first moment of the driver of described input-output apparatus; Write down second moment of the last time described input-output apparatus incident of described driver acquisition;
Judging unit, be used to judge described first constantly and described second time that constantly differs whether less than pre-set threshold;
The judged result transmitting element is used for returning to described application program unit the result of described judgment unit judges,
When the result who judges when being, application program unit responds current operation request, otherwise application program unit does not respond current operation request.
8. system as claimed in claim 7 is characterized in that, described threshold value is 1 millisecond, 50 milliseconds or 1000 milliseconds, and described local input-output apparatus is local mouse/keyboard, and described system applies is in computing machine.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910105051XA CN101777099B (en) | 2009-01-14 | 2009-01-14 | Document protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910105051XA CN101777099B (en) | 2009-01-14 | 2009-01-14 | Document protection method and system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101777099A CN101777099A (en) | 2010-07-14 |
| CN101777099B true CN101777099B (en) | 2011-12-28 |
Family
ID=42513560
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910105051XA Expired - Fee Related CN101777099B (en) | 2009-01-14 | 2009-01-14 | Document protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101777099B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP3082319B1 (en) * | 2015-04-16 | 2018-09-26 | Alcatel Lucent | Personalized access to storage device through a network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1642171A (en) * | 2003-11-27 | 2005-07-20 | 奥西-技术有限公司 | Secure data transmission in a network system of image processing devices |
| CN1755573A (en) * | 2004-09-30 | 2006-04-05 | 富士通株式会社 | Computer system management method, computer management system and program |
| CN101246536A (en) * | 2008-03-06 | 2008-08-20 | 北京鼎信高科信息技术有限公司 | Method for encrypting and decrypting computer files based on process monitoring |
-
2009
- 2009-01-14 CN CN200910105051XA patent/CN101777099B/en not_active Expired - Fee Related
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1642171A (en) * | 2003-11-27 | 2005-07-20 | 奥西-技术有限公司 | Secure data transmission in a network system of image processing devices |
| CN1755573A (en) * | 2004-09-30 | 2006-04-05 | 富士通株式会社 | Computer system management method, computer management system and program |
| CN101246536A (en) * | 2008-03-06 | 2008-08-20 | 北京鼎信高科信息技术有限公司 | Method for encrypting and decrypting computer files based on process monitoring |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101777099A (en) | 2010-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103620612B (en) | Comprise the computing equipment of port and guest domain | |
| US8856937B1 (en) | Methods and systems for identifying fraudulent websites | |
| EP2754081B1 (en) | Dynamic cleaning for malware using cloud technology | |
| US10509905B2 (en) | Ransomware mitigation system | |
| CN103988467B (en) | Ensure the encryption system and method for software encryption technique safety | |
| US8336100B1 (en) | Systems and methods for using reputation data to detect packed malware | |
| US8869286B1 (en) | Systems and methods for analyzing client-side storage security for internet applications | |
| Kara | A basic malware analysis method | |
| CN111083107A (en) | Block chain-based network security vulnerability collection processing method | |
| US8751568B1 (en) | Systems and methods for data loss prevention | |
| KR102460078B1 (en) | Method of making efficient backup space for original file using difference (delta) extraction method in disarming operation and apparatus therefor | |
| CN105930728A (en) | Application examining method and device | |
| CN101694683A (en) | Method for preventing Trojans ferrying via movable memories to steal files | |
| CN101777099B (en) | Document protection method and system | |
| Mateus-Coelho et al. | Exploring cyber criminals and data privacy measures | |
| Mail et al. | Malware detection system using cloud sandbox, machine learning | |
| Kaczmarek et al. | Operating system security by integrity checking and recovery using write‐protected storage | |
| Farhadi et al. | Compliance checking of open source EHR applications for HIPAA and ONC security and privacy requirements | |
| JP7320462B2 (en) | Systems and methods for performing tasks on computing devices based on access rights | |
| US20110145596A1 (en) | Secure Data Handling In A Computer System | |
| WO2016068996A1 (en) | Security record transfer in a computing system | |
| Choi et al. | Vendor-independent monitoring on programmable logic controller status for ICS security log management | |
| JP2019501592A (en) | Improved storage system | |
| CN102262717B (en) | Method, device and equipment for changing original installation information and detecting installation information | |
| TW201629767A (en) | Determine protective measure for data that meets criteria |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20111228 Termination date: 20200114 |