CN101815063A - File security management system applied to network and management method thereof - Google Patents
File security management system applied to network and management method thereof Download PDFInfo
- Publication number
- CN101815063A CN101815063A CN200910194399A CN200910194399A CN101815063A CN 101815063 A CN101815063 A CN 101815063A CN 200910194399 A CN200910194399 A CN 200910194399A CN 200910194399 A CN200910194399 A CN 200910194399A CN 101815063 A CN101815063 A CN 101815063A
- Authority
- CN
- China
- Prior art keywords
- user
- file
- server end
- biological feature
- user biological
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a file security management system applied to a network, which comprises server and a user which are connected through the network, wherein the server is provided with file encryption equipment and user biological characteristic receiving equipment; the server stores and transmits files encrypted by using user biological characteristics as keys to the user; the user is provided with user biological characteristic acquisition equipment and file decryption equipment; and the user decrypts the files transmitted by the server by adopting the user biological characteristics. The file security management system effectively solves the security management problem of the files in the network.
Description
Technical field
The invention belongs to file security control and information encryption deciphering field, particularly relate to a kind of file security control system and management method thereof that is applied to network.
Background technology
At present in the file security control field; the encrypting and decrypting mechanism that adopt more; be that server carries out encipherment protection by symmetric cryptography or rivest, shamir, adelman to file, user side then adopts corresponding key to be decrypted, and its shortcoming is the safety management problem of key; in case key is stolen; then have no safety can say, even and if key be not stolen, after other people intercept and capture ciphertext; also can obtain cleartext information, have bigger potential safety hazard by Brute Force.
Further, prior art is also introduced authentication mechanism, be that file leaves on the server, when the user will obtain this document, to provide the authentication secret of appointing by checking earlier, can obtain file, its advantage is to have only the validated user by checking just can obtain file, just has the defective of the stolen back of authentication secret loss of security equally.
Comparatively advanced at present way is to utilize user's biological characteristic as key, utilizes the uniqueness of biological characteristic, further strengthens safety of files.The existing security mechanism of utilizing biological characteristic is mainly reflected in biological characteristic as authentication secret, the user by self biological characteristic by checking after, server sends to this user with required file.
As Chinese patent application number is the method that 200510107419.8 patent of invention discloses a kind of data encryption storage, comprises that step 1) receives the request that the user creates the storage safety box; 2) biological information based on this user generates subscriber authentication information; 3) create HPA in memory cell, as the space of creating the storage safety box; In safety box, preserve user's authentication information with cipher mode; 4) request of reception user capture safety box; 5) biological information of gathering the user carries out authentication; Checking is passed through, and then enters step 6); Otherwise, enter step 7); 6) receive and process user to safety box and to the operation information of the data of safety box stored; 7) refusing user's is to the visit of safety box.This patent of invention generates the authentication information of visit safety box based on biological information, can solve that the authentication password is forgotten easily or authentication hardware is lost easily, the not high defective of ease for use, and because the uniqueness of biological characteristic, other people are difficult to obtain, so guaranteed safety of files to a certain extent.
Just utilize biological characteristic as authorization information, also have certain risk, can be as other people at the document transmission process steal files after validated user is by checking.
So all there is defective more or less in existing safety protecting mechanism, haves much room for improvement.
Summary of the invention
The objective of the invention is to overcome the deficiencies in the prior art, a kind of file security control system that is applied to network is provided.
Another object of the present invention is to provide the management method of this safety management system.
In order to realize first goal of the invention, the technical scheme of employing is as follows:
A kind of file security control system that is applied to network, comprise the server end and the user side that connect by network, described server end is provided with file encryption equipment and user biological feature receiving equipment, server end storage and the file of encrypting as key with the user biological feature to the user side transmission, described user side is provided with user biological collection apparatus equipment and file decryption equipment, and user side adopts the user biological feature that the file that server end transmits is decrypted.
Server end of the present invention receives user's biological characteristic by user biological feature receiving equipment, and file is encrypted by file encryption equipment as key with this biological characteristic, server end sends user side to is exactly file after encrypting, after user side receives ciphertext, gather biological characteristic by user biological collection apparatus equipment again, and adopt this biological characteristic to be decrypted.So, the present invention is owing to adopt biological characteristic to encrypt, do not worry that key stolen by other people, more safer than existing conventional cryptographic means, and because server end to user side transmission be to encrypt with biological characteristic after ciphertext, do not worry other people steal files in transmission course, overcome and existingly transmitted expressly existing potential safety hazard after as key authentication with biological characteristic.
In the technique scheme, server end is provided with a plurality of servers, and will be by the received user biological feature of user biological feature receiving equipment, and/or the file after encrypting cuts apart, with separate storage on different servers.The present invention is stored on the different servers after with file division, even if when guaranteeing that the hacker breaks through individual servers, can't steal All Files or complete user biological feature.
Further, described server end also is provided with user authority management equipment, and described user authority management equipment embeds user right information in the file of encrypting.
User side of the present invention carries out the paging deciphering to the file that server end transmitted, and promptly according to the browsing pages of user side file is cut apart, and each deciphering, is decrypted when the different page of conversion more only at current browsing pages.By paging deciphering Tabbed browsing, overcome in full and may stay the hidden danger of being brought in Cache or other memory devices to the full text mirror image after the deciphering, and can be in conjunction with further the tightening security property of a plurality of biological characteristics, gather a plurality of biological characteristics of user, as fingerprint, pupil etc., the different pages are encrypted with different biological features during encryption, during reading each is decrypted again, adopt single biological characteristic if overcome, may be after other people steal this biological characteristic on some equipment to the potential safety hazard that is decrypted in full.Whether adopt paging deciphering, and which kind of biological characteristic every page adopted carry out encryption and decryption, also can in authority information, embody.
In order to realize second goal of the invention, the technical scheme of employing is as follows:
A kind of management method that is applied to the file security control system of network comprises the steps:
1) treatment step of server end specifically comprises the registration of accepting the user and authentication operation, reception and the operation of registered user's biological characteristic, file is adopted operation that the user biological feature encrypts and the operation that encrypt file is sent to client;
2) treatment step of client specifically comprises to server end registration and logon operation, uploads the encrypt file operation of user biological characteristic manipulation, the transmission of reception server end and the operation of adopting user biological feature declassified document to server end.
In the technique scheme, described server end also comprises cuts apart user biological feature and/or file, and separate storage is in the operation of different server.
Described user side comprises that also the user makes file, and the operation of the end that uploads onto the server after adopting the user biological feature to file encryption.
Described server end also comprised the second user biological feature that receives this encrypt file of request before encrypt file is sent to client, and carried out verification with the first user biological feature of having stored, only when the consistent operation that just sends file of check results.The user by user side when server end is submitted application for registration to, earlier user's first biological characteristic end that uploads onto the server, when stand-by user orientation server requires to transmit file, send the second user biological feature at user side to server end, after server end receives the second user biological feature, check with the first user biological feature, checked unanimity, just respond this requirement.
Described server end comprises also and adopts the second user biological feature to replace the step that the first user biological feature is encrypted that the described second user biological feature and the first user biological feature are inequality.This scheme relatively is suitable for file uploader and file download person situation inequality, that is to say, end after the file uploader is encrypted with the first user biological feature by user side uploads onto the server ciphertext, and file download person is when needing this document, server end is after approved document download person has this authority, just replace the user side that is sent to file download person after the first user biological feature is encrypted with file download person's the second user biological feature, this moment, file download person just can be decrypted with the biological characteristic of oneself.When this scheme has overcome different user requirement identical file, or same key must be adopted, or various potential safety hazards and the inconvenience that is expressly brought must be in transport process, sent.
The present invention comprises that also server end adopts user authority management equipment that user right information is embedded in the file of encryption, and client deciphering back is carried out the operation permission management process according to this user right information to file.
Described rights management comprises:
1) authority is read-only, only display file content of file content display device then, and shielding is to other operation of this document;
2) authority is for duplicating, then file content display device display file content, and open copy operation to this document;
3) authority is modification, then file content display device display file content, and open retouching operation to this document;
4) authority is deletion, then file content display device display file content, and open deletion action to this document;
5) authority is transmission, then file content display device display file content, and open transmission operation to this document;
6) authority is printing, then file content display device display file content, and open printing to this document;
7) authority is reduction, then file content display device display file content, and open full text restoring operation to this document;
8) authority is above-mentioned 1 to 7 the set more than two or two.
Compared with prior art, the present invention has following advantage:
1, file is downloaded to after the user side, because the decryption key of file is the biological characteristic by the user, so can all guarantee the safe handling of file content anywhere;
2, the file of server end is the file of placing after the user biological feature is encrypted, and is must be user oneself to the deciphering of file;
3, the reader of user side can be according to rights of using in the encrypted file and type of service, the occupation mode of decision file;
4, the reader band image filtering device of user side according to user's age or sex, can filter picture;
5, pass through the user of biological characteristic authentication in the server requirement file in download, server as requested the user authority, the characteristic value that requires the user and require the user rights of using what to the occupation mode of file, replace the original characteristics value, guaranteed the uniqueness that file uses;
6, the user can often upgrade the biological characteristic Value Data of oneself, has guaranteed the randomness of encryption key, prevents that hacker's physical property from cracking.
Description of drawings
Fig. 1 is a management system structural representation of the present invention;
Fig. 2 is a file encryption process schematic diagram of the present invention;
Fig. 3 is a file decryption process schematic diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing invention is described further.
Management system structure of the present invention as shown in Figure 1, comprise the server end and the user side that connect by network, described server end is made up of a plurality of servers, each server is provided with file encryption equipment and user biological feature receiving equipment, server end storage and the file of encrypting as key with the user biological feature to the user side transmission, described user side is provided with user biological collection apparatus equipment and file decryption equipment, and user side adopts the user biological feature that the file that server end transmits is decrypted.
Management method of the present invention comprises the steps:
1) treatment step of server end specifically comprises the registration of accepting the user and authentication operation, reception and the operation of registered user's biological characteristic, file is adopted operation that the user biological feature encrypts and the operation that encrypt file is sent to client;
2) treatment step of client specifically comprises to server end registration and logon operation, uploads the encrypt file operation of user biological characteristic manipulation, the transmission of reception server end and the operation of adopting user biological feature declassified document to server end.
The responsible following processing operation of server end:
Authentification of user, registration;
Registered user's biological characteristic value;
File content is placed on the different servers by certain rule branch, and file content has been done encryption by system to it when depositing;
The user biological characteristic value also is placed on the different servers by certain rule branch;
Synthesize, encrypt according to the user biological characteristic value when file content of customer requirements is downloaded.
User side is responsible for following operation:
Download dedicated reader, install at user side;
User's login;
The biological characteristic value is uploaded;
Biological characteristic value coupling, judgement is same man-hour, server according to encryption rule encrypt file content for download;
User side has been downloaded after the digital content, and by dedicated reader reading file content, reading method is: judge the biological characteristic value during page turning, only understand current page when the biological characteristic value is consistent and be presented at screen or electronic equipments on.
By said structure, can reach following effect:
Even 1 file is downloaded, also can not crack as no authenticate himself;
Even 2 files are stolen, be difficult to find the inlet that cracks, can't obtain expressly;
3, the encrypted content of each file is all different, has cracked a file and also has been difficult to crack second.
File encryption process of the present invention as shown in Figure 2, user's biological characteristic value is made the private key that is used to encrypt simultaneously, and biological characteristic value and rights of using information combined make the watermark data that is used to identify copyright and rights of using, utilize private key that file encryption is become ciphertext, again watermark data is embedded encrypt in the ciphertext synthetic, make final enciphered data, authority information is determined according to the stored authority information of server.
And the deciphering of file as shown in Figure 3, enciphered data is carried out watermark analysis, extract biological characteristic value wherein, start physical characteristics collecting equipment collection user's biological characteristic value simultaneously, and the biological characteristic value of contrast extraction and the biological characteristic value of collection, inconsistent then prompting makes mistakes and withdraws from, if it is consistent, then utilize this biological characteristic value as decryption key, press the type of service decrypts information data in the file, by authority and type of service reading file.
Claims (10)
1. file security control system that is applied to network, comprise the server end and the user side that connect by network, it is characterized in that described server end is provided with file encryption equipment and user biological feature receiving equipment, server end storage and the file of encrypting as key with the user biological feature to the user side transmission, described user side is provided with user biological collection apparatus equipment and file decryption equipment, and user side adopts the user biological feature that the file that server end transmits is decrypted.
2. the file security control system that is applied to network according to claim 1, it is characterized in that server end is provided with a plurality of servers, and will be by the received user biological feature of user biological feature receiving equipment, and/or the file after encrypting cuts apart, with separate storage on different servers.
3. the file security control system that is applied to network according to claim 1 is characterized in that described server end also is provided with user authority management equipment, and described user authority management equipment embeds user right information in the file of encrypting.
4. the file security control system that is applied to network according to claim 1, it is characterized in that described user side carries out the paging deciphering to the file that server end transmitted, promptly file is cut apart according to the browsing pages of user side, and each deciphering is only at current browsing pages, when the different page of conversion, be decrypted again.
5. each described management method that is applied to the file security control system of network of claim 1 to 4 is characterized in that comprising the steps:
1) treatment step of server end specifically comprises the registration of accepting the user and authentication operation, reception and the operation of registered user's biological characteristic, file is adopted operation that the user biological feature encrypts and the operation that encrypt file is sent to client;
2) treatment step of client specifically comprises to server end registration and logon operation, uploads the encrypt file operation of user biological characteristic manipulation, the transmission of reception server end and the operation of adopting user biological feature declassified document to server end.
6. management method according to claim 5 it is characterized in that described server end also comprises user biological feature and/or file are cut apart, and separate storage is in the operation of different server.
7. management method according to claim 5 is characterized in that described user side comprises that also the user makes file, and the operation of the end that uploads onto the server after adopting the user biological feature to file encryption.
8. management method according to claim 5, it is characterized in that described server end is before being sent to client with encrypt file, also comprise the second user biological feature that receives this encrypt file of request, and carry out verification with the first user biological feature of having stored, only when the consistent operation that just sends file of check results.
9. according to claim 5 or 7 described management methods, it is characterized in that described server end also comprises adopts the second user biological feature to replace the step that the first user biological feature is encrypted, and the described second user biological feature and the first user biological feature are inequality.
10. management method according to claim 5, it is characterized in that also comprising that server end adopts user authority management equipment that user right information is embedded in the file of encryption, and the step of according to this user right information file being operated after the client deciphering.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910194399A CN101815063A (en) | 2009-12-04 | 2009-12-04 | File security management system applied to network and management method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910194399A CN101815063A (en) | 2009-12-04 | 2009-12-04 | File security management system applied to network and management method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101815063A true CN101815063A (en) | 2010-08-25 |
Family
ID=42622180
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910194399A Pending CN101815063A (en) | 2009-12-04 | 2009-12-04 | File security management system applied to network and management method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101815063A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102036232A (en) * | 2010-12-17 | 2011-04-27 | 中兴通讯股份有限公司 | Method and device for transmitting and receiving base station data |
| CN102833076A (en) * | 2012-09-17 | 2012-12-19 | 珠海市君天电子科技有限公司 | Account information encryption method and system |
| CN103997504A (en) * | 2014-06-13 | 2014-08-20 | 谭知微 | Identity authentication system and method |
| CN104994098A (en) * | 2015-06-30 | 2015-10-21 | 广东欧珀移动通信有限公司 | File transmission method and relevant device and transmission system |
| CN105260672A (en) * | 2015-09-18 | 2016-01-20 | 宇龙计算机通信科技(深圳)有限公司 | Bio-information storage method, bio-information storage apparatus and terminal |
| CN105554741A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Communication information transmission method and system, and apparatus |
| CN105574387A (en) * | 2015-06-16 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Information security processing method and user terminal |
| CN105656870A (en) * | 2015-06-29 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Data transmission method, device and system |
| CN105893872A (en) * | 2016-03-30 | 2016-08-24 | 识益生物科技(北京)有限公司 | File encryption and decryption method and terminal |
| CN107113170A (en) * | 2017-03-13 | 2017-08-29 | 深圳市汇顶科技股份有限公司 | Biometric templates preservation, verification method and biometric devices, terminal |
| CN107846421A (en) * | 2017-12-20 | 2018-03-27 | 北京明朝万达科技股份有限公司 | A kind of document management method and device |
| CN109547215A (en) * | 2018-12-28 | 2019-03-29 | 鞍钢集团自动化有限公司 | A kind of document information guard method based on mobile terminal fingerprint |
| CN112671782A (en) * | 2020-12-28 | 2021-04-16 | 福建网龙计算机网络信息技术有限公司 | File encryption method and terminal |
-
2009
- 2009-12-04 CN CN200910194399A patent/CN101815063A/en active Pending
Cited By (21)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102036232A (en) * | 2010-12-17 | 2011-04-27 | 中兴通讯股份有限公司 | Method and device for transmitting and receiving base station data |
| CN102833076A (en) * | 2012-09-17 | 2012-12-19 | 珠海市君天电子科技有限公司 | Account information encryption method and system |
| CN102833076B (en) * | 2012-09-17 | 2016-12-21 | 珠海市君天电子科技有限公司 | account information encryption method and system |
| CN103997504B (en) * | 2014-06-13 | 2017-11-10 | 谭知微 | Authentication system and auth method |
| CN103997504A (en) * | 2014-06-13 | 2014-08-20 | 谭知微 | Identity authentication system and method |
| CN105574387A (en) * | 2015-06-16 | 2016-05-11 | 宇龙计算机通信科技(深圳)有限公司 | Information security processing method and user terminal |
| CN105656870B (en) * | 2015-06-29 | 2019-03-08 | 宇龙计算机通信科技(深圳)有限公司 | A kind of data transmission method, apparatus and system |
| CN105656870A (en) * | 2015-06-29 | 2016-06-08 | 宇龙计算机通信科技(深圳)有限公司 | Data transmission method, device and system |
| CN104994098A (en) * | 2015-06-30 | 2015-10-21 | 广东欧珀移动通信有限公司 | File transmission method and relevant device and transmission system |
| CN105554741A (en) * | 2015-06-30 | 2016-05-04 | 宇龙计算机通信科技(深圳)有限公司 | Communication information transmission method and system, and apparatus |
| CN104994098B (en) * | 2015-06-30 | 2018-05-29 | 广东欧珀移动通信有限公司 | Document transmission method and relevant apparatus and Transmission system |
| WO2017045269A1 (en) * | 2015-09-18 | 2017-03-23 | 宇龙计算机通信科技(深圳)有限公司 | Biological information storage method, biological information storage device, and terminal |
| CN105260672A (en) * | 2015-09-18 | 2016-01-20 | 宇龙计算机通信科技(深圳)有限公司 | Bio-information storage method, bio-information storage apparatus and terminal |
| CN105893872A (en) * | 2016-03-30 | 2016-08-24 | 识益生物科技(北京)有限公司 | File encryption and decryption method and terminal |
| CN107113170A (en) * | 2017-03-13 | 2017-08-29 | 深圳市汇顶科技股份有限公司 | Biometric templates preservation, verification method and biometric devices, terminal |
| CN107113170B (en) * | 2017-03-13 | 2019-01-29 | 深圳市汇顶科技股份有限公司 | Biometric templates preservation, verification method and biometric devices, terminal |
| CN107846421A (en) * | 2017-12-20 | 2018-03-27 | 北京明朝万达科技股份有限公司 | A kind of document management method and device |
| CN109547215A (en) * | 2018-12-28 | 2019-03-29 | 鞍钢集团自动化有限公司 | A kind of document information guard method based on mobile terminal fingerprint |
| CN109547215B (en) * | 2018-12-28 | 2022-05-10 | 鞍钢集团自动化有限公司 | Document information protection method based on mobile terminal fingerprint |
| CN112671782A (en) * | 2020-12-28 | 2021-04-16 | 福建网龙计算机网络信息技术有限公司 | File encryption method and terminal |
| CN112671782B (en) * | 2020-12-28 | 2023-03-14 | 福建网龙计算机网络信息技术有限公司 | File encryption method and terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101815063A (en) | File security management system applied to network and management method thereof | |
| CN109410406B (en) | Authorization method, device and system | |
| US8862889B2 (en) | Protocol for controlling access to encryption keys | |
| US8930700B2 (en) | Remote device secure data file storage system and method | |
| CN101958892B (en) | Electronic data protection method, device and system based on face recognition | |
| US9741265B2 (en) | System, design and process for secure documents credentials management using out-of-band authentication | |
| CN105103119B (en) | Data security service system | |
| EP3132368B1 (en) | Method and apparatus of verifying usability of biological characteristic image | |
| US20120017095A1 (en) | Software Service for Encrypting and Decrypting Data | |
| US20150180865A1 (en) | Device and method for identity authentication | |
| EP2544117A1 (en) | Method and system for sharing or storing personal data without loss of privacy | |
| US9280650B2 (en) | Authenticate a fingerprint image | |
| CN101605137A (en) | Safe distribution file system | |
| CN103929434A (en) | File sharing method based on encryption and permission system | |
| CN103067390A (en) | User registration authentication method and system based on facial features | |
| CN105207776A (en) | Fingerprint authentication method and system | |
| CN112632593B (en) | Data storage method, data processing method, device and storage medium | |
| KR20140046474A (en) | Communication method utilizing fingerprint information for authentication | |
| CN101727561A (en) | File security management system and file security management method | |
| JP2005197912A (en) | Method and program for information disclosure control and tamper resistant instrument | |
| CN104715537A (en) | Encryption and decryption method based on digital tags | |
| CN108701200B (en) | Improved memory system | |
| JP6502083B2 (en) | Authentication device, information terminal device, program, and authentication method | |
| CN116132037A (en) | Safety hidden communication method | |
| CN105610778A (en) | Account registration method, account registration apparatus and terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100825 |