CN101777107A - Document protection method, protection module and computer - Google Patents
Document protection method, protection module and computer Download PDFInfo
- Publication number
- CN101777107A CN101777107A CN200910105050A CN200910105050A CN101777107A CN 101777107 A CN101777107 A CN 101777107A CN 200910105050 A CN200910105050 A CN 200910105050A CN 200910105050 A CN200910105050 A CN 200910105050A CN 101777107 A CN101777107 A CN 101777107A
- Authority
- CN
- China
- Prior art keywords
- classified document
- network
- document
- user
- classified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a document protection method, which is used for restricting the process of a confidential document which is related to the network and is involved in an appointed document. The invention also relates to a document protection module and computer. By adopting the document protection method, the Trojans can be prevented from leaking the confidential documents of the user through the network, so the confidentiality of the document of the user is improved.
Description
Technical field
The present invention relates to computer realm, relate in particular to a kind of document protection method, protection module and computing machine.
Background technology
At present, the existing computer technology that file is protected mainly is that file or folder is encrypted, or to file or folder carry out general looking into poison, virus killing is handled.
The inventor finds that there is following technical matters at least in prior art in implementing process of the present invention:
No matter how powerful the security protection instrument of user installation is, as long as the hacker thinks that user's classified document has the value of utilization, the hacker all can utilize various leaks (comprising vulnerability of application program, operating system leak), disclose or undocumented 0day leak, take various means that the user is planted trojan horse program, as long as user's online, user's classified document can be gone out by leakage by network.
Summary of the invention
Embodiment of the invention technical matters to be solved is; a kind of document protection method, protection module and computing machine are provided; can limit process relevant with network, that relate to the classified document in the specified folder; thereby prevent that trojan horse program from revealing away user's classified document by network, improved the security performance of user file.
For solving the problems of the technologies described above, the embodiment of the invention adopts following technical scheme:
A kind of document protection method comprises:
Process relevant with network, that relate to the classified document in the specified folder is limited.
A kind of protection module comprises:
Detecting unit is used for detecting the process of classified document relevant with network, that relate to specified folder;
Processing unit is used for the detected described process of described detecting unit is limited.
A kind of computing machine, described computing machine is used for executive process, comprising:
Protection module is used for the described process of classified document relevant with network, that relate to specified folder is limited.
The beneficial effect of the embodiment of the invention is:
By a kind of document protection method, protection module and computing machine are provided; process relevant with network, that relate to the classified document in the specified folder is limited; thereby prevent that trojan horse program from revealing away user's classified document by network, improved the security performance of user file.
Below in conjunction with accompanying drawing the embodiment of the invention is described in further detail.
Description of drawings
Fig. 1 is the first embodiment synoptic diagram of document protection method of the present invention;
Fig. 2 is the second embodiment synoptic diagram of document protection method of the present invention;
Fig. 3 is the first embodiment synoptic diagram of computing machine of the present invention;
Fig. 4 is the second embodiment synoptic diagram of computing machine of the present invention.
Embodiment
The embodiment of the invention provides a kind of document protection method; mainly process relevant with network, that relate to the classified document in the specified folder is limited; particularly; the above-mentioned process relevant with network can be the process of carrying out network operation; the process of accesses network or network is carried out process of file loading etc. for example; the process that relates to the classified document in the specified folder can be the process that classified document is operated, and for example copies the process of classified document or reads process of classified document etc.
Illustrate that below by two specific embodiments how carrying out above-mentioned restriction handles.
Fig. 1 is the first embodiment synoptic diagram of document protection method of the present invention, and with reference to this figure, this method mainly comprises:
101, a certain concrete process is operated the classified document in the specified folder, particularly, a certain concrete process can be the process of hacker's trojan horse program correspondence of planting in user computer, perhaps process of the application program correspondence on the user's computer etc., classified document can be the file of user definition need to be keep secret, as enterprise's far-seeing plan word file or profit control excel file etc., can be classified document to be copied or reads etc. to the operation of classified document;
102, forbid described concrete process accesses network, particularly, the hacker can be by planting an independently trojan horse program, the process of trojan horse program correspondence can be moved automatically and read or copy classified document, process can be visited local area network or internet then, the classified document that reads or copy is sent to assigned address in local area network or the internet by network interface, like this, the hacker can obtain user's classified document easily, and taked after 102 the restriction processing, even the process of trojan horse program correspondence reads or copied classified document, can not visit local area network or internet, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of trojan horse program correspondence; The hacker also can be by revising certain application program on the user's computer, utilize the process of this amended application program correspondence, obtain user's classified document, method is similar to the above, taked after 102 the restriction processing, even the process of amended application program correspondence reads or has copied classified document, can not visit local area network or internet, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of amended application program correspondence.
Fig. 2 is the second embodiment synoptic diagram of document protection method of the present invention, and with reference to this figure, this method mainly comprises:
201, a certain concrete process accesses network, particularly, a certain concrete process can be the process of hacker's trojan horse program correspondence of planting in user computer, perhaps process of the application program correspondence on the user's computer etc.;
202, forbid that described concrete process operates the classified document in the specified folder, particularly, classified document can be the file of user definition need to be keep secret, as enterprise's far-seeing plan word file or profit control excel file etc., operation to classified document can be classified document to be copied or reads etc., the hacker can be by planting an independently trojan horse program, the process of trojan horse program correspondence can be moved automatically and visit local area network or internet, process can read or copy classified document then, the classified document that reads or copy is sent to assigned address in local area network or the internet by network interface, like this, the hacker can obtain user's classified document easily, and taked after 202 the restriction processing, even the process of trojan horse program correspondence has been visited local area network or internet, can not read or copy classified document, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of trojan horse program correspondence; The hacker also can be by revising certain application program on the user's computer, utilize the process of this amended application program correspondence, obtain user's classified document, method is similar to the above, taked after 202 the restriction processing, even the process of amended application program correspondence has been visited local area network or internet, can not read or copy classified document, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of amended application program correspondence.
Implement the document protection method of the invention described above embodiment; can limit process relevant with network, that relate to the classified document in the specified folder; thereby prevent that trojan horse program from revealing away user's classified document by network, improved the security performance of user file.
Computing machine to the embodiment of the invention describes below, and simultaneously, the protection module to the embodiment of the invention describes in the lump.
Fig. 3 is the first embodiment synoptic diagram of computing machine of the present invention, and with reference to this figure, this computing machine mainly comprises execution module 301, protection module 302, wherein:
Execution module 301 links to each other with protection module 302;
Execution module 301 is carried out various processes;
Protection module 302; the process relevant with network, that relate to the classified document in the specified folder that execution module 301 is carried out limits; particularly; the above-mentioned process relevant with network can be the process of carrying out network operation; the process of accesses network or network is carried out process of file loading etc. for example; the process that relates to the classified document in the specified folder can be the process that classified document is operated, and for example copies the process of classified document or reads process of classified document etc.
Fig. 4 is the second embodiment synoptic diagram of computing machine of the present invention, and on the basis of the computing machine of first embodiment of the invention shown in Figure 3, above-mentioned protection module 302 can also comprise:
Detecting unit 3021 detects process relevant with network, that relate to the classified document in the specified folder;
Processing unit 3022 limits detecting unit 3021 detected processes;
Particularly, following two kinds of situations can be arranged:
(1) detecting unit 3021 detected processes are for operating the also process of accesses network to the classified document in the specified folder, then to handle can be to forbid above-mentioned process accesses network to the restriction carried out of processing unit 3022, detecting unit 3021 detected processes can be the processes of hacker's trojan horse program correspondence of planting in user computer, perhaps process of the application program correspondence on the user's computer etc., classified document can be the file of user definition need to be keep secret, as enterprise's far-seeing plan word file or profit control excel file etc., can be classified document to be copied or reads etc. to the operation of classified document; The hacker can be by planting an independently trojan horse program, the process of trojan horse program correspondence can be moved automatically and read or copy classified document, process can be visited local area network or internet then, the classified document that reads or copy is sent to assigned address in local area network or the internet by network interface, like this, the hacker can obtain user's classified document easily, and processing unit 3022 has carried out after the restriction processing, even the process of trojan horse program correspondence reads or has copied classified document, can not visit local area network or internet, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of trojan horse program correspondence; The hacker also can be by revising certain application program on the user's computer, utilize the process of this amended application program correspondence, obtain user's classified document, function is similar to the above, processing unit 3022 has carried out after the restriction processing, even the process of amended application program correspondence reads or has copied classified document, can not visit local area network or internet, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of amended application program correspondence;
(2) detecting unit 3021 detected processes are accesses network and process that the classified document in the specified folder is operated, then to handle can be to forbid that above-mentioned process operates classified document to the restriction carried out of processing unit 3022, detecting unit 3021 detected processes can be the process of hacker's trojan horse program correspondence of planting in user computer, perhaps process of the application program correspondence on the user's computer etc.; Classified document can be the file of user definition need to be keep secret, as enterprise's far-seeing plan word file or profit control excel file etc., operation to classified document can be classified document to be copied or reads etc., the hacker can be by planting an independently trojan horse program, the process of trojan horse program correspondence can be moved automatically and visit local area network or internet, process can read or copy classified document then, the classified document that reads or copy is sent to assigned address in local area network or the internet by network interface, like this, the hacker can obtain user's classified document easily, and processing unit 3022 has carried out after the restriction processing, even the process of trojan horse program correspondence has been visited local area network or internet, can not read or copy classified document, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of trojan horse program correspondence; The hacker also can be by revising certain application program on the user's computer, utilize the process of this amended application program correspondence, obtain user's classified document, function is similar to the above, processing unit 3022 has carried out after the restriction processing, even the process of amended application program correspondence has been visited local area network or internet, can not read or copy classified document, thereby classified document can not be sent to above-mentioned assigned address by network interface, like this, the hacker can't obtain user's classified document by the process of amended application program correspondence.
Implement protection module 302 and the computing machine of the invention described above embodiment; protection module 302 can limit process relevant with network, that relate to the classified document in the specified folder; thereby prevent that trojan horse program from revealing away user's classified document by network, improved the security performance of user file.
In addition, one of ordinary skill in the art will appreciate that all or part of flow process that realizes in the foregoing description method, be to instruct relevant hardware to finish by program, described program can be stored in the computer-readable recording medium, this program can comprise the flow process as the embodiment of above-mentioned each side method when carrying out.Wherein, described storage medium can be magnetic disc, CD, read-only storage memory body (Read-OnlyMemory, ROM) or at random store memory body (Random Access Memory, RAM) etc.
The above is the specific embodiment of the present invention; should be pointed out that for those skilled in the art, under the prerequisite that does not break away from the principle of the invention; can also make some improvements and modifications, these improvements and modifications also are considered as protection scope of the present invention.
Claims (10)
1. a document protection method is characterized in that, comprising:
Process relevant with network, that relate to the classified document in the specified folder is limited.
2. the method for claim 1 is characterized in that, described process relevant with network, that relate to the classified document in the specified folder is limited is specially:
Described classified document is operated when described process, forbidden that described process visits described network.
3. the method for claim 1 is characterized in that, described process relevant with network, that relate to the classified document in the specified folder is limited is specially:
Visited described network when described process, forbidden that described process operates described classified document.
4. as claim 2 or 3 described methods, it is characterized in that described being operating as read or copied.
5. as claim 2 or 3 described methods, it is characterized in that described network is local area network or internet.
6. a protection module is characterized in that, comprising:
Detecting unit is used for detecting the process of classified document relevant with network, that relate to specified folder;
Processing unit is used for the detected described process of described detecting unit is limited.
7. module as claimed in claim 6 is characterized in that, described process has been for having operated and visited the process of described network to described classified document, and then described processing unit is used to forbid that described process visits described network.
8. module as claimed in claim 6 is characterized in that, described process is the process of having visited described network and described classified document is operated, and then described processing unit is used to forbid that described process operates described classified document.
9. as claim 7 or 8 described methods, it is characterized in that described being operating as read or copied.
10. computing machine, described computing machine is used for executive process, it is characterized in that, comprising:
Protection module is used for the described process of classified document relevant with network, that relate to specified folder is limited.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910105050A CN101777107A (en) | 2009-01-14 | 2009-01-14 | Document protection method, protection module and computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910105050A CN101777107A (en) | 2009-01-14 | 2009-01-14 | Document protection method, protection module and computer |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101777107A true CN101777107A (en) | 2010-07-14 |
Family
ID=42513567
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910105050A Pending CN101777107A (en) | 2009-01-14 | 2009-01-14 | Document protection method, protection module and computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101777107A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019128545A1 (en) * | 2017-12-29 | 2019-07-04 | Oppo广东移动通信有限公司 | Process handling method, and electronic device and computer-readable storage medium |
-
2009
- 2009-01-14 CN CN200910105050A patent/CN101777107A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2019128545A1 (en) * | 2017-12-29 | 2019-07-04 | Oppo广东移动通信有限公司 | Process handling method, and electronic device and computer-readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9117094B2 (en) | Data location obfuscation | |
| US9292679B2 (en) | Regulating access to and protecting portions of applications of virtual machines | |
| US20180189508A1 (en) | Method and apparatus for range based checkpoints in a storage device | |
| US11841956B2 (en) | Systems and methods for data lifecycle protection | |
| EP3779745A1 (en) | Code pointer authentication for hardware flow control | |
| KR101052400B1 (en) | Methods for Delegating Access, Machine-readable Storage Media, Devices, and Processing Systems | |
| US9286486B2 (en) | System and method for copying files between encrypted and unencrypted data storage devices | |
| JP2006134307A (en) | System and method for aggregating knowledge base of antivirus software applications | |
| US10783041B2 (en) | Backup and recovery of data files using hard links | |
| KR20090028122A (en) | Data security apparatus | |
| CN102902914A (en) | Method and device for achieving terminal tracelessness | |
| US10970421B2 (en) | Virus immune computer system and method | |
| US10091213B2 (en) | Systems and methods to provide secure storage | |
| JP6255336B2 (en) | Secure data storage method and device | |
| TWI592824B (en) | Data processing system capable of securing files | |
| US9990493B2 (en) | Data processing system security device and security method | |
| Chen et al. | {PEARL}: Plausibly Deniable Flash Translation Layer using {WOM} coding | |
| JP2018508883A (en) | Mechanisms for tracking contaminated data | |
| US20110145596A1 (en) | Secure Data Handling In A Computer System | |
| CN101777107A (en) | Document protection method, protection module and computer | |
| Lee et al. | Classification and analysis of security techniques for the user terminal area in the internet banking service | |
| JP2009253490A (en) | Memory system encrypting system | |
| CN104866740A (en) | Static analysis preventing method and device for files | |
| Tan et al. | Where's the" up"?! A Comprehensive (bottom-up) Study on the Security of Arm Cortex-M Systems | |
| CN108073819B (en) | Document protection method and system based on dynamic redirection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20100714 |