CN102457503A - Secret key control device based on file authority management - Google Patents
Secret key control device based on file authority management Download PDFInfo
- Publication number
- CN102457503A CN102457503A CN2010105239909A CN201010523990A CN102457503A CN 102457503 A CN102457503 A CN 102457503A CN 2010105239909 A CN2010105239909 A CN 2010105239909A CN 201010523990 A CN201010523990 A CN 201010523990A CN 102457503 A CN102457503 A CN 102457503A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- controlled device
- cipher controlled
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a secret key control device based on file authority management. In the device provided by the invention, a user name of a user, a code and use authority of each file are packaged and stored to the secret key control device. The stored information is compared with relevant information in an authorization server by the device; the service determines whether the user has the authority to use the file; and finally, the secret key control device executes a file request of the user who has corresponding file operation authority.
Description
Technical field
The present invention relates to a kind of cipher controlled device based on document authority management; Especially a kind of storage device of supporting hot plug; This device has encapsulated user login information and document rights of using information, through with certificate server in relevant information compare, the response user request.The invention belongs to communication technical field.
Background technology
A kind of cipher controlled device based on document authority management, essence are a kind of devices that has encapsulated user login information and document rights of using, guarantee the fail safe of document function.
Because it is frequent day by day to utilize computer software to handle the frequency of various affairs, therefore how protected file has become an important problem.So-called " protected file " means to file and encrypts and safeguard measure such as authority setting, makes the people who does not have the authority file opening can't see the content of file.
In the prior art, some software adds the authority setting hereof, for example, can use the user's of file recognition data, and record is hereof as the authority setting data.When some users desire file opening, software promptly relatively this user's recognition data whether be recorded in the authority setting data.If user's recognition data does not write down hereof, then refuse the user and use this document.Utilize this mechanism, which user the owner of file or manager can set can be used for which file, with the file content of protection confidentiality.
Yet; The major defect of this known file protection mechanism: if user's log-on message is known by other users; Other users just can be through this user's log-on message log file system so; Promptly had the stable rights of using same with this user, the fail safe of file system will can not get ensureing.
The present invention is directed to this problem of the ubiquitous fail safe of current file management system; User's the log-on message and the rights of using information of file are encapsulated in the cipher controlled device; And pass through the mutual of cipher controlled device and server, judges has lack of competence to operate to file.Because the user is encapsulated in the cipher controlled device the operating right of file, even user's log-on message is known by other people, other users can not carry out any operation to file.Existing file management system fail safe is lower, can not satisfy the requirement of current each enterprise.
Summary of the invention
The objective of the invention is to: to the deficiency of above prior art existence; Proposition is encapsulated into user's the log-on message and the rights of using information of file in the cipher controlled device; And through cipher controlled device and server alternately; Judges has lack of competence to operate to file, thereby realizes the fail safe of document system.Obviously, existing document file management system can not satisfy gerentocratic demand.
Summary of the invention
The objective of the invention is to:, propose the document authority assembly that a kind of document rights of using that can be directed against each user are duplicated and authorized, thereby better meet gerentocratic demand to the deficiency that above prior art exists.
In order to reach above purpose, document file management system of the present invention contains following assembly:
Client operating software---be used for carrying out mutual software systems with the cipher controlled device;
The cipher controlled device---be used to store user's the log-on message and the operating right information of document.
More than two assemblies form by following each widget:
Client operating software is made up of following assembly:
Client end interface---be used for carrying out alternately with the cipher controlled device;
The key management assembly---in order to the cipher controlled device to be set; The key management assembly is made up of following method:
The Set function---in order to log-on message and the file privilege limit information that the user is set;
The Logout function---in order to the cancellation of original information in the key management apparatus;
The Write function---in order to the storage chip writing information;
The Read function---in order to from the storage chip sense information;
The Login function---in order to the login document file management system;
The Matching function---in order to from the operating right information of match user to file;
The cipher controlled device consists of the following components:
Storage chip---in order to storage user's the log-on message and the rights of using information of file;
The user uses step to be:
Step 1: the cipher controlled device is connected with the USB interface of server, to the cipher controlled device electric power is provided by server.
Step 2: use client operating software; Call the Set function of key management assembly; Obtain the user's that client end interface fills in log-on message and file privilege limit information; Call the Write function in the key management assembly then, the client end interface fill message is converted into binary code, the storage chip in the cipher controlled device is write the log-on message and the file privilege limit information of access customer.
Step 3: use client operating software; When the login document file management system; Call the Login function in the key management assembly, the storage chip from the cipher controlled device is read user's log-on message, sends logging request to server; According to the response of server, make the user can login document file management system automatically.
Step 4: when with document file management system in file carry out calling the Read function in the key management assembly when mutual, the storage chip from the cipher controlled device is read user's file privilege limit information.Call the Matching function again, the operating right from the current filesselected of file permission information matches read if the user has corresponding file operation authority, then responds user's request.
So; The user only needs the cipher controlled device is connected with server; Afterwards, by the operating right information of cipher controlled device storage user, even other people have known user's log-on message about file; But the operating right information that does not have file can not be operated any file in the document file management system.Guarantee the fail safe of document function.
Embodiment
Embodiment one
Use Microsoft VisualStudio.Net developing instrument exploitation client operating software, use database management tools SqlServer2000 special-purpose on the market to set up the needed database of system, concrete mode is:
Client operating software is made up of following assembly:
Client operating software---be used for carrying out mutual software systems with the cipher controlled device;
The cipher controlled device---be used to store user's the log-on message and the operating right information of document.
More than two assemblies form by following each widget:
Client operating software is made up of following assembly:
Client end interface---be used for carrying out alternately with the cipher controlled device;
The key management assembly---in order to the cipher controlled device to be set; The key management assembly is made up of following method:
The Set function---in order to log-on message and the file privilege limit information that the user is set;
The Logout function---in order to the cancellation of original information in the key management apparatus;
The Write function---in order to the storage chip writing information;
The Read function---in order to from the storage chip sense information;
The Login function---in order to the login document file management system;
The Matching function---in order to from the operating right information of match user to file;
The cipher controlled device consists of the following components:
Storage chip---in order to storage user's the log-on message and the rights of using information of file;
The user uses step to be:
Step 1: the cipher controlled device is connected with the USB interface of server, to the cipher controlled device electric power is provided by server.
Step 2: use client operating software; Call the Set function of key management assembly; Obtain the user's that client end interface fills in log-on message and file privilege limit information; Call the Write function in the key management assembly then, the client end interface fill message is converted into binary code, the storage chip in the cipher controlled device is write the log-on message and the file privilege limit information of access customer.
Step 3: use client operating software; When the login document file management system; Call the Login function in the key management assembly, the storage chip from the cipher controlled device is read user's log-on message, sends logging request to server; According to the response of server, make the user can login document file management system automatically.
Step 4: when with document file management system in file carry out calling the Read function in the key management assembly when mutual, the storage chip from the cipher controlled device is read user's file privilege limit information.Call the Matching function again, the operating right from the current filesselected of file permission information matches read if the user has corresponding file operation authority, then responds user's request.
Except that the foregoing description, the present invention can also have other execution modes.All employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop on the protection range of requirement of the present invention.
Claims (3)
1. cipher controlled device based on document authority management; It is characterized in that user's the log-on message and the rights of using information of file are encapsulated in the cipher controlled device; And pass through the mutual of cipher controlled device and server, judges has lack of competence to operate to file.
2. according to the said a kind of cipher controlled device based on document authority management of claim 1, it is characterized in that: the cipher controlled device is a kind of storage device of supporting hot plug.
3. according to the said a kind of cipher controlled device based on document authority management of claim 1, it is characterized in that: the cipher controlled device comprises storage chip, in order to storage user's the log-on message and the rights of using information of file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105239909A CN102457503A (en) | 2010-10-29 | 2010-10-29 | Secret key control device based on file authority management |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010105239909A CN102457503A (en) | 2010-10-29 | 2010-10-29 | Secret key control device based on file authority management |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102457503A true CN102457503A (en) | 2012-05-16 |
Family
ID=46040166
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010105239909A Pending CN102457503A (en) | 2010-10-29 | 2010-10-29 | Secret key control device based on file authority management |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102457503A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424407A (en) * | 2013-08-27 | 2015-03-18 | 宇宙互联有限公司 | Storage management system and method |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1485746A (en) * | 2002-09-27 | 2004-03-31 | 鸿富锦精密工业(深圳)有限公司 | Management system and method for user safety authority limit |
| CN101043319A (en) * | 2006-03-22 | 2007-09-26 | 鸿富锦精密工业(深圳)有限公司 | Digital content protective system and method |
-
2010
- 2010-10-29 CN CN2010105239909A patent/CN102457503A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1485746A (en) * | 2002-09-27 | 2004-03-31 | 鸿富锦精密工业(深圳)有限公司 | Management system and method for user safety authority limit |
| CN101043319A (en) * | 2006-03-22 | 2007-09-26 | 鸿富锦精密工业(深圳)有限公司 | Digital content protective system and method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104424407A (en) * | 2013-08-27 | 2015-03-18 | 宇宙互联有限公司 | Storage management system and method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9563757B1 (en) | Secure digital credential sharing arrangement | |
| CN101364984B (en) | Method for guarantee safety of electronic file | |
| CN109525570B (en) | Group client-oriented data layered security access control method | |
| CN106534199B (en) | Distributed system certification and rights management platform under big data environment based on XACML and SAML | |
| US8683569B1 (en) | Application access control system | |
| CN101953111A (en) | System and method for securing data | |
| CN103679050A (en) | Security management method for enterprise-level electronic documents | |
| CN104392405A (en) | Electronic medical record safety system | |
| CN101894242B (en) | System and method for protecting information safety of mobile electronic equipment | |
| CN102307114A (en) | Management method of network | |
| CN106533693B (en) | Access method and device of railway vehicle monitoring and overhauling system | |
| CN103413100B (en) | File security protection system | |
| EP3185465A1 (en) | A method for encrypting data and a method for decrypting data | |
| CN106603488A (en) | Safety system based on power grid statistical data searching method | |
| CN113468576B (en) | Role-based data security access method and device | |
| CN102790770B (en) | Electronic document concentrated preservation and takeout safety management system and method | |
| CN105279453A (en) | Separate storage management-supporting file partition hiding system and method thereof | |
| CN107888608A (en) | A kind of encryption system for protecting computer software | |
| CN104468491A (en) | Virtual desktop system and method based on secure channel | |
| JP4587688B2 (en) | Encryption key management server, encryption key management program, encryption key acquisition terminal, encryption key acquisition program, encryption key management system, and encryption key management method | |
| CN100571123C (en) | Be used to realize that application system and safety chip carry out mutual device and method | |
| CN112347440A (en) | User access authority separate-setting system of industrial control equipment and use method thereof | |
| Alawneh et al. | Defining and analyzing insiders and their threats in organizations | |
| CN102457503A (en) | Secret key control device based on file authority management | |
| CN106650492B (en) | A kind of multiple device file guard method and device based on security catalog |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20120516 |