CN102073824B - Method for generating and updating unique identifier of encrypted document - Google Patents
Method for generating and updating unique identifier of encrypted document Download PDFInfo
- Publication number
- CN102073824B CN102073824B CN201110005756.1A CN201110005756A CN102073824B CN 102073824 B CN102073824 B CN 102073824B CN 201110005756 A CN201110005756 A CN 201110005756A CN 102073824 B CN102073824 B CN 102073824B
- Authority
- CN
- China
- Prior art keywords
- document
- unique identification
- segmentation
- cryptographic hash
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a method for generating and updating a unique identifier of an encrypted document. The method comprises the following steps of: segmenting the document; calculating and saving a Hash value corresponding to each segment of the document; segmenting the document once again after the document is modified; calculating a Hash value corresponding to each segment of the document; comparing whether Hash values of each segment before and after the document is modified are changed or not to acquire a modification proportion of the document; and determining whether a new unique identifier of the encrypted document is generated or not according to the modification proportion. The method solves the problem that a plurality of documents have the same identifier but different contents after the document is modified.
Description
Technical field
The present invention relates to the encryption and decryption technology field of various documents in computing machine, be specifically related to a kind of method that encrypted document uniquely identified generates and upgrades.
Background technology
Along with going deep into of IT application in enterprises application, the most of work of enterprise staff all completes on computers, the important achievement such as various reports, form, design drawing all exist with the form of e-file, and electronic document is easy to reveal by the approach such as mail, movable storage device, bring very large potential safety hazard to enterprise.In order to prevent the leakage of confidential document, one of conventional method is that confidential document is encrypted, even outflow of document like this, unauthorized user also cannot opening document.
For the document of encrypting, if control the authority of document, specify some people or some group can access the encrypted document of appointment, each document must have a unique identification information, the authorization message of the unique identification information of document and document is associated, can in opening document, judge whether active user has authority.In prior art, the unique identification of each document is generally to distribute in creating encrypted document, so just there is a defect, if after document has been authorized and has been distributed to other people, the people who has editing authority of document original author or appointment has revised again this section of document, the unique identification of amended document is the same with the unique identification of document before amendment, but document content may have very big difference, that is to say and may exist mark many sections of documents identical but that content is different to exist, confusion when can causing document mandate like this, if amended document wishes to use new authorization message, but because document unique identification does not change, can cause the mandated program of the document before amendment also and then to change.
Summary of the invention
The invention provides a kind of method that encrypted document uniquely identified generates and upgrades, the mark that solved the multiple documents that cause after file modification is identical but problem that content is different.Described method is applied to document authority management system, the document Rights Management System comprises terminal computer and control of authority server, this control of authority server is for storing the unique identification of all documents and corresponding authorization message, this terminal computer is for obtaining from control of authority server communication the authorization message that document is corresponding, and determine encrypted document operating right according to authorization message, and carry out the control of authority, it is characterized in that comprising:
A, creating when encrypted document, terminal computer generates the unique identification of encrypted document according to document content, simultaneously, document content is carried out segmentation and calculates the cryptographic hash of each segmentation, be stored in this encrypted document the cryptographic hash of this unique identification and each segmentation of encrypted document as additional information;
The unique identification of B, encrypted document that generation is obtained and the authorization message generating while creating encrypted document send to control of authority server to preserve;
C, when after amendment encrypted document during to encrypted document mandate, terminal computer reads the cryptographic hash of document content, unique identification and front each segmentation of document of amendment of amended encrypted document, amended document content is carried out segmentation and calculates the cryptographic hash of each segmentation, to revise the cryptographic hash of rear each segmentation of document and read the cryptographic hash comparison that obtains each segmentation of document, the ratio of the quantity of the cryptographic hash that calculating changes and total segments, judge whether this ratio is greater than predetermined threshold, if be greater than predetermined threshold execution step D; If be less than or equal to predetermined threshold execution step E;
D, calculate new document unique identification according to amended document content, and new document unique identification and new segmentation cryptographic hash are kept in document as additional information, new document unique identification and authorization message are sent to control of authority server, execution step F;
E, original document unique identification and authorization message are sent to control of authority server, execution step F;
F, control of authority server are preserved unique identification and are judged that whether the document unique identification receiving changes, if changed, sets it as new document and preserves.
Wherein, the unique identification that generates document is that document content is calculated to MD5 value, using this MD5 value as unique identification.
Wherein, the cryptographic hash of calculating document each segmentation be to the segmented content of each segmentation of document carry out respectively getting after MD5 calculating in MD5 value several the cryptographic hash as this segmentation.
Wherein, encrypted document is segmented into according to length encrypted document is carried out to segmentation.
The present invention by the larger document of amendment is generated to new unique identification, has improved encrypt go, the stability of document authority management, avoided same document multiple differences to repair the confusion of dry plate document mandate between this.
Brief description of the drawings
Fig. 1 is the system chart of the generation of embodiment of the present invention mark and the system of renewal;
Fig. 2 is the process flow diagram of the generation of embodiment of the present invention encrypted document and authorization flow;
Fig. 3 is the process flow diagram of the amendment of embodiment of the present invention encrypted document and authorization flow.
Embodiment
Describe the specific embodiment of the present invention in detail below in conjunction with accompanying drawing.
Document authority management system of the present invention forms as shown in Figure 1.Be divided into terminal computer and control of authority server two parts, control of authority server is for storing the unique identification of all documents and corresponding authorization message, and control of authority server comprises control of authority module and authority information database.On terminal computer, there is a control of authority Agent, be responsible for and control of authority server communication, obtain the authorization message that document is corresponding, and determine according to authorization message this machine calculates whether there is corresponding limiting operation encrypted document, and carry out the control of authority.Terminal computer need to be told the unique identification of permission server the document in the time of the authorization message to a document of permission server acquisition request.
Document unique identification generally generates and generates and sends to server when authorizing for the first time at document and preserves, the document product process in the present invention as shown in Figure 2:
1) document author creates encrypted document and acts on behalf of to encrypted document mandate by control of authority;
2) control of authority agency reads the content of document;
3) according to the unique identification of document content and Information generation document, document uniquely identified generating algorithm can have various ways, but condition that must be satisfied is that can to calculate by document content the probability that unique identification, uniquely identified Length Ratio unique identification fixing and different content document is identical lower, conventional unique identification generating algorithm is hash algorithm, for example, document content is calculated to MD5 value;
4) document content is calculated to a cryptographic hash according to length segmentation and to each section, the cryptographic hash of all segmentations and document unique identification are stored in document as additional information, the section length of document does not limit, and section length can be adjusted, the cryptographic hash of segmentation is whether the content in order to identify corresponding segments changes, and the method for a few that can adopt segmented content to carry out getting wherein after MD5 calculating is carried out;
5) unique identification of document and authorization message are sent to server;
6) server is kept at unique identification and authorization message in authority information database.
Flow process when document is modified and again authorizes is as shown in Figure 3:
1) document reviser revises encrypted document and acts on behalf of to encrypted document mandate by control of authority;
2) control of authority agency reads the content of document, segmentation cryptographic hash and the unique identification of preservation;
3) calculate according to document content the segmentation cryptographic hash making new advances, compare with the segmentation cryptographic hash of preserving, calculate the amendment ratio of document, computing method are that the quantity of segmentation cryptographic hash that changes is divided by total segments, if whether the amendment ratio of judgement document is greater than predetermined value, if be greater than predetermined value, think that amended document and former document difference are larger, can be used as a new document and treat;
4), if the difference of document exceedes predetermined value, calculate according to amended document content the document unique identification making new advances, and document unique identification and new segmentation cryptographic hash are kept in document as additional information;
5) if document difference exceedes predetermined value, unique identification new document and authorization message are sent to server, otherwise do not change according to document, original unique identification and authorization message are issued to server;
6) server is kept at unique identification and authorization message in authority information database, if unique identification changes, is that new document is preserved with regard to being used as.
Method of the present invention is by calculating the situation of change of document, when document variation ratio exceedes predetermined value, the document of amendment being used as to a new document treats, solved after document identification generates and no longer changed, cause document to be modified and again authorize after can the former document of impact the problem of authorization message.
The foregoing is only preferred embodiment of the present invention, be not limited to the present invention, all any amendments of making, be equal to replacement and improvement etc., within being all contained in protection scope of the present invention within the present invention spirit and principle.
Claims (3)
1. the method that encrypted document uniquely identified generates and upgrades, described method is applied to document authority management system, the document Rights Management System comprises terminal computer and control of authority server, this control of authority server is for storing the unique identification of all documents and corresponding authorization message, this terminal computer is for obtaining from control of authority server communication the authorization message that document is corresponding, and determine encrypted document operating right according to authorization message, and carry out the control of authority, it is characterized in that comprising:
A, creating when encrypted document, terminal computer generates the unique identification of encrypted document according to document content, simultaneously, according to length, document content is carried out segmentation and calculates the cryptographic hash of each segmentation, be stored in this encrypted document the cryptographic hash of this unique identification and each segmentation of encrypted document as additional information;
The unique identification of B, encrypted document that generation is obtained and the authorization message generating while creating encrypted document send to control of authority server to preserve;
C, when after amendment encrypted document during to encrypted document mandate, terminal computer reads the cryptographic hash of document content, unique identification and front each segmentation of document of amendment of amended encrypted document, amended document content is carried out segmentation and calculates the cryptographic hash of each segmentation, to revise the cryptographic hash of rear each segmentation of document and read the cryptographic hash comparison that obtains each segmentation of document, whether the cryptographic hash quantity that judgement changes is greater than predetermined threshold with the ratio of total segments, if be greater than predetermined threshold execution step D; If be less than or equal to predetermined threshold execution step E;
D, calculate new document unique identification according to amended document content; and new document unique identification and new segmentation cryptographic hash are kept in document as additional information; new document unique identification and authorization message are sent to control of authority server, execution step F;
E, original document unique identification and authorization message are sent to control of authority server, execution step F;
F, control of authority server are preserved unique identification and are judged that whether the document unique identification receiving changes, if changed, sets it as new document and preserves.
2. the method for claim 1, is characterized in that: generate the unique identification of document for document content is calculated to MD5 value, using this MD5 value as unique identification.
3. the method for claim 1, is characterized in that: the cryptographic hash of calculating each segmentation of document is that the segmented content of each segmentation of document is carried out respectively getting several the cryptographic hash as this segmentation in MD5 value after MD5 calculating.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110005756.1A CN102073824B (en) | 2011-01-12 | 2011-01-12 | Method for generating and updating unique identifier of encrypted document |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110005756.1A CN102073824B (en) | 2011-01-12 | 2011-01-12 | Method for generating and updating unique identifier of encrypted document |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102073824A CN102073824A (en) | 2011-05-25 |
CN102073824B true CN102073824B (en) | 2014-06-04 |
Family
ID=44032360
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110005756.1A Active CN102073824B (en) | 2011-01-12 | 2011-01-12 | Method for generating and updating unique identifier of encrypted document |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102073824B (en) |
Families Citing this family (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102223229A (en) * | 2011-06-21 | 2011-10-19 | 航天科工深圳(集团)有限公司 | Method for safe transmission of data in public network |
CN102662995B (en) * | 2012-03-15 | 2015-09-30 | 播思通讯技术(北京)有限公司 | A kind of method that quick position mobile phone application data upgrades |
CN106250436A (en) * | 2016-07-26 | 2016-12-21 | 东软集团股份有限公司 | The method and device of management form data |
CN107256364B (en) * | 2017-06-27 | 2018-07-24 | 焦点科技股份有限公司 | One kind being based on encrypted document track of genes method |
CN107368472B (en) * | 2017-07-26 | 2021-01-05 | 成都科来软件有限公司 | Storage method of document analysis result capable of being iteratively optimized |
CN107833011A (en) * | 2017-10-16 | 2018-03-23 | 北京互动百科网络技术股份有限公司 | A kind of post joins automatic Verification method and device |
CN108200044B (en) * | 2017-12-28 | 2021-02-19 | 宁德时代新能源科技股份有限公司 | Vehicle-mounted program file encryption method and system |
CN109977699B (en) * | 2019-03-26 | 2022-04-01 | 贝富(广州)新技术有限公司 | House property information storage method, system and storage medium based on block chain |
CN111753505B (en) * | 2019-09-30 | 2024-10-22 | 北京沃东天骏信息技术有限公司 | Document processing method, device, server and storage medium |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1126398C (en) * | 1996-09-05 | 2003-10-29 | 艾利森公司 | System for preventing electronic memory tampering |
CN1798034A (en) * | 2004-12-31 | 2006-07-05 | 中国科学院声学研究所 | Method for upgrading software of digital terminal system in DVB system |
CN101115226A (en) * | 2006-07-28 | 2008-01-30 | 明基电通股份有限公司 | Cover letter checking system and method |
CN101291325A (en) * | 2007-04-17 | 2008-10-22 | 三星电子株式会社 | Method for encryption for information and decryption method for information |
CN100539497C (en) * | 2003-05-07 | 2009-09-09 | 三星电子株式会社 | A kind of method that the content provider is authenticated and guarantees content integrity |
CN101809566A (en) * | 2007-10-01 | 2010-08-18 | 微软公司 | File hash identifier calculates efficiently |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7509477B2 (en) * | 2006-04-12 | 2009-03-24 | Microsoft Corporation | Aggregating data from difference sources |
JP5329184B2 (en) * | 2008-11-12 | 2013-10-30 | 株式会社日立製作所 | Public key certificate verification method and verification server |
-
2011
- 2011-01-12 CN CN201110005756.1A patent/CN102073824B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1126398C (en) * | 1996-09-05 | 2003-10-29 | 艾利森公司 | System for preventing electronic memory tampering |
CN100539497C (en) * | 2003-05-07 | 2009-09-09 | 三星电子株式会社 | A kind of method that the content provider is authenticated and guarantees content integrity |
CN1798034A (en) * | 2004-12-31 | 2006-07-05 | 中国科学院声学研究所 | Method for upgrading software of digital terminal system in DVB system |
CN101115226A (en) * | 2006-07-28 | 2008-01-30 | 明基电通股份有限公司 | Cover letter checking system and method |
CN101291325A (en) * | 2007-04-17 | 2008-10-22 | 三星电子株式会社 | Method for encryption for information and decryption method for information |
CN101809566A (en) * | 2007-10-01 | 2010-08-18 | 微软公司 | File hash identifier calculates efficiently |
Also Published As
Publication number | Publication date |
---|---|
CN102073824A (en) | 2011-05-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN102073824B (en) | Method for generating and updating unique identifier of encrypted document | |
US20240086561A1 (en) | System and method for data management and security for digital manufacturing | |
US11610017B2 (en) | Managing group authority and access to a secured file system in a decentralized environment | |
US7162633B2 (en) | Method and apparatus for hierarchical assignment of rights to documents and documents having such rights | |
EP1698991B1 (en) | Method and computer-readable medium for generating usage rights for an item based upon access rights | |
WO2021012548A1 (en) | Blockchain-based data processing method and system, and electronic apparatus and storage medium | |
US20080271157A1 (en) | Evaluating removal of access permissions | |
US10320757B1 (en) | Bounded access to critical data | |
US8621237B1 (en) | Protecting against cryptographic key exposure in source code | |
CN103906054A (en) | Method and system for authorization of software function modules of internet of things | |
CN104967620A (en) | Access control method based on attribute-based access control policy | |
CN105512565A (en) | Method and server for preventing electronic document leakage | |
US20120317145A1 (en) | Method and apparatus for file assurance | |
CN104834835A (en) | Universal digital rights protection method under Windows platform | |
EP3769488A1 (en) | Cryptographically enforced data exchange | |
US8863304B1 (en) | Method and apparatus for remediating backup data to control access to sensitive data | |
CN103745166A (en) | Method and device for inspecting file attribute value | |
CN113395271A (en) | Data security access method in cloud computing platform and cloud computing platform | |
CN116090000A (en) | File security management method, system, device, medium and program product | |
CN109033882A (en) | A kind of safe dissemination method of retrospective big data and system | |
CN116401691A (en) | File authority management method, device, system, computer equipment and medium | |
CN105631310A (en) | Efficient trusted process authentication scheme | |
CN114584318A (en) | Access control method of certificate and secret key, electronic equipment and storage medium | |
CN111222929A (en) | Electronic invoice application method and device supporting dynamic file permission | |
US11928371B2 (en) | 3D printing verification using audio snippets |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent for invention or patent application | ||
CB02 | Change of applicant information |
Address after: 518034 Guangdong city of Shenzhen province Nanshan District Nantou port two road forward hot electrons strategic emerging industrial park 4 Building 4 floor 401 Applicant after: Shenzhen Antech Technology Co.,Ltd. Address before: 518034, room 1319, East Building, CLP information building, news Road, Shenzhen, Guangdong, Futian District Applicant before: Shenzhen Antech Technology Co.,Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant |