CN102902931A - File encryption system and file encryption method - Google Patents
File encryption system and file encryption method Download PDFInfo
- Publication number
- CN102902931A CN102902931A CN201110320966XA CN201110320966A CN102902931A CN 102902931 A CN102902931 A CN 102902931A CN 201110320966X A CN201110320966X A CN 201110320966XA CN 201110320966 A CN201110320966 A CN 201110320966A CN 102902931 A CN102902931 A CN 102902931A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- mark
- close
- database
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a file encryption system and a file encryption method. The file encryption system is carried on an operation system platform and comprises a database module, an encryption module and a related module, wherein the database module establishes a database file under each drive letter of a computer hard disk to store time of encrypting a file, a file name of the encrypted file, a file full path of the encrypted file and a file encryption grade; the related module is related to an operation system to monitor the operation to the file by a user, generates a corresponding instruction according to the operation to the file by the user and transmits the instruction to the encryption module; and the encryption module receives the instruction, operates the time of encrypting the file, the file name of the encrypted file, the file full path of the encrypted file and the file encryption grade, which are stored by the database file under the drive letter related to user operation, according to the instruction to mark the encryption grade of the file, and meanwhile, realizes the binding between encryption information and an electronic file, so that the encryption information of the electronic file is not lost in a transmission and copying process, and the safety and the controllability of the file are improved.
Description
Technical field
The present invention relates to the network communication security fields, relate in particular to the close system of a kind of files-designated and files-designated decryption method.
Background technology
Along with the universalness of network, network communication has incorporated the every aspect of contemporary society's productive life, and the safe and secret problem of communication information is also paid attention to by people gradually.The sender also makes when realizing file transfer by network and sends the control that successful file has broken away from the sender, the sender is difficult to use and the propagation of Transmit message are limited, thereby the file that the sender is faced sent is abused or the danger of malice propagation.
For addressing the above problem, prior art CN101826964A discloses a kind of outgoing document security management system of supporting collaborative work.This safety management system Generates Certificate and authority, the user is carried out on-line authentication and to the query monitor of daily record, file status, realizes the moment of outgoing document is followed the tracks of control by concentrating, and prevents diffusion of information.
Prior art is just sent out outward for file monitoring and inquiry is provided, but the files-designated confidential information is not lost can't guarantee other operations that the user carries out file the time.
The prior art is to client in addition, and namely message in-coming person carries out other management of single level, and file is carried out single rank management equally.All give identical level of confidentiality authority to all clients, All Files simply is divided into transmits and can not transmit.This type of management obviously can't realize multi-level Encryption management and control, can't realize giving the part authority to the part client for partial document.
Summary of the invention
Do not lose in transmission, reproduction process acceptance of the bid confidential information and digital signature in order to realize e-file, raising is to security and the controllability of file, the present invention proposes the close system of a kind of files-designated and files-designated decryption method, can realize the demarcation of e-file security information, finish simultaneously the binding of mark confidential information and e-file, e-file is not lost in transmission, reproduction process acceptance of the bid confidential information and digital signature, improved security and controllability to the concerning security matters e-file.
The invention provides the close system of a kind of files-designated, the close system of this document mark is equipped on the operating system platform, comprises database module, the close module of mark and relating module; This database module is the creation database file under each drive of hard disc of computer, and this database file store files marked the close time, marked the filename of ciphertext part, marked file complete trails and the file level of confidentiality of ciphertext part; This relating module is related with this operating system, and supervisory user generates command adapted thereto and this command is marked close module to this operation of file according to the user the operation of file; This marks the instruction that close module receives the transmission of this relating module, is marked the close time, is marked the filename of ciphertext part, the file complete trails of being marked the ciphertext part and file level of confidentiality and carry out corresponding operating according to the file that the database file under this instruction pair drive relevant with this user's operation is stored.
Simultaneously the close system of files-designated of the present invention is not higher than user's level of confidentiality to alternative file level of confidentiality that the user provides, and the own level of confidentiality of file level of confidentiality and user is matched well mutually, avoids the user to bypass the immediate leadership marking close.
The present invention also provides a kind of files-designated decryption method, and the method comprises: creation database file store files is marked the close time, is marked the filename of ciphertext part, the file complete trails of being marked the ciphertext part and file level of confidentiality under each drive of hard disc of computer; Supervisory user is to the operation of file, according to the user operation of file generated corresponding instruction; Marked the close time with the file that this user operates the database file storage under the relevant drive, marked the filename of ciphertext part, the file complete trails of being marked the ciphertext part and file level of confidentiality and operate according to this instruction pair.
Beneficial effect of the present invention is, the close system of this document mark demarcates by file being carried out level of confidentiality, the control that realization is demarcated e-file security information, finish the binding of mark confidential information and e-file, e-file is not lost in transmission, reproduction process acceptance of the bid confidential information and digital signature, improved security and controllability to file.The close system of files-designated more can make the own level of confidentiality of file level of confidentiality and user match well mutually in certain embodiments in addition, avoid the user bypass the immediate leadership the mark close.
Description of drawings
Fig. 1 is the block scheme of close one embodiment of system of files-designated of the present invention;
Fig. 2 is the block scheme of the relating module of the close system of files-designated of the present invention;
Fig. 3 is the block scheme of the close module of mark of the close system of files-designated of the present invention;
Fig. 4 is the close user interface of files-designated of the close system of files-designated of the present invention;
Fig. 5 is the block scheme of close another embodiment of system of files-designated of the present invention;
Fig. 6 is the process flow diagram according to the disclosed files-designated decryption method of one embodiment of the invention;
Fig. 7 is the process flow diagram of files-designated decryption method of the present invention.
Embodiment
The present invention proposes the close system of a kind of files-designated, can realize the control to the demarcation of e-file security information, finish the binding of mark confidential information and e-file, e-file is not lost in transmission, reproduction process acceptance of the bid confidential information and digital signature, improve security and controllability to file.
Fig. 1 is the block scheme of an embodiment of the close system of files-designated of the present invention.In an embodiment, as shown in Figure 1, the close system 1 of files-designated is equipped on the operating system platform, comprises database module 11, the close module 12 of mark and relating module 13.Database module 11 creation database file under each drive of hard disc of computer is used for storage by the mark confidential information of the close file of mark.Even moveable magnetic disc Offhost, security information still are kept on this moveable magnetic disc.
Relating module 13 is associated with operating system, and supervisory user is to the operation of file, according to the operation generation command adapted thereto of user to file.As shown in Figure 2, this relating module 13 comprises acquisition of information module 131 and instruction generation module 132.Acquisition of information module 131 is called the API supervisory user to the operation of file, obtains the filename, file path, user of the operated file of user to action type and the running time of file operation.The action type that instruction generation module 132 obtains according to this acquisition of information module 131 generates corresponding instruction.The user comprises the action type of file in certain embodiments of the invention: mark ciphertext part, xcopy, shearing file, deleted file.But the present invention does not limit and above-mentioned listed action type.This instruction generation module 132 is marked close instruction, duplicate instructions, shearing instruction, delete instruction according to the user to the close operation of the mark of file, replicate run, shearing manipulation and the corresponding generation of deletion action.The filename of the file that relating module 13 is operated with the user, file path, user to the command of file operation time and generation to marking close module 12.
Marking close module 12 is connected with database module 11, relating module 13, filename, file path, instruction and the user of the file that the user of reception relating module 13 transmission is operated is to the running time of file, and the mark confidential information of storing according to the database file under this instruction pair drive relevant with operation carries out corresponding operating.
Its acceptance of the bid confidential information comprise the mark close people, mark the close time, marked the ciphertext part filename, marked the ciphertext part the file complete trails, marked the level of confidentiality of ciphertext part etc.
Mark close module 12 and mark close instruction to the mark confidential information that is write or revise this document by the database under the drive of mark ciphertext part place according to this; According to reading and copy the mark confidential information that this is replicated file the database of duplicate instructions under being replicated file place drive, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup; According to the mark confidential information of shearing instruction and read and copy from being sheared database under the drive of file place this shearing file, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, deletes simultaneously the mark confidential information of this shearing file in the database that is sheared under the drive of file place; Mark confidential information according to this deleted file of deletion the database of delete instruction under the drive of deleted file place.
In certain embodiments of the invention, mark close module 12 and comprise subscriber interface module 121, level of confidentiality filtering module 122, the close execution module 123 of mark and receiver module 124, as shown in Figure 3, level of confidentiality filtering module 122 receives the close instruction of mark of receiver module 124 transmission, level of confidentiality according to the user filters out the alternative file level of confidentiality that is higher than user's level of confidentiality, and the alternative file level of confidentiality that is not higher than user's level of confidentiality is provided to subscriber interface module 121.For user selection.Subscriber interface module 121 is revealed in operating system File " attribute " hurdle, as shown in Figure 4 with label form.Subscriber interface module 121 provides selectable file level of confidentiality according to the alternative file level of confidentiality that level of confidentiality filtering module 122 provides to the user.The user selects a file level of confidentiality that this document is set by subscriber interface module 121.Subscriber interface module 121 obtains the file level of confidentiality of user selection input, transfers to the close execution module 123 of mark of the close module of mark.The user determines that the close operation of mark will be obtained by relating module 13.Relating module 13 generates the close instruction of mark according to this operation and its filename, file path, user with the operated file of user is sent to the file operation time marks close module 12.The receiver module 124 of marking close module 12 receive the operated file of user that relating modules 13 send filename, file path, the user is to file operation time and instruction and transfer to the close execution module 123 of mark, triggers the close execution module of mark to being write the mark confidential information by the database under the drive of mark ciphertext part place.After information writes and finishes, mark close execution module 123 to close the finishing of subscriber interface module 121 feedback marks, subscriber interface module 121 shows the close people's of mark user name and marks the close time.Subscriber interface module adopts drop-down menu formula interface among Fig. 4, and this user interface can be and chooses formula interface or input type interface in other embodiments.In certain embodiments, mark and only comprise subscriber interface module 121, level of confidentiality filtering module 122 in the close module 12 and mark close execution module 123, mark close execution module 123 and directly receive information from relating module 13 transmission.In further embodiments, level of confidentiality filtering module 122 can be integrated in the subscriber interface module 121, makes subscriber interface module 121 have the function that level of confidentiality is filtered.The retouching operation that the user carries out the mark confidential information of file can be used as the close operation of mark of specific type, writes amended mark confidential information and deletes former mark confidential information to mark the database of the close execution module 123 of close instruction triggers mark under the mark ciphertext part place drive that is modified.
Fig. 5 is the block scheme of another embodiment of the close system of files-designated of the present invention.This embodiment and embodiment illustrated in fig. 1 basic identical, its difference is, the close system of files-designated also comprises user log-in block 14 in the present embodiment.User log-in block 14 is connected with the close module 12 of mark.User log-in block 14 reads the user name of user input, obtains user's level of confidentiality, user name and user's level of confidentiality is transferred to this mark close module 12.
In a preferred embodiment of the present invention, the close system of files-designated and other application systems are used in conjunction with.Described other application systems for example can be the system that mailing system, Subscriber Management System or other need are marked close operation, carried out management and control to marking ciphertext part and file level of confidentiality file.The close system of files-designated provides integrated interface, other application systems can be carried out by interface the login of the close system of files-designated, thus to file mark close and mark ciphertext part and level of confidentiality management and control, obtain the files-designated confidential information, the close grade of files-designated is set and in authority, is downloaded marking close file.Other application systems can be carried out the file download by the ChooseDownloadDir method, and the mark confidential information of the file after the download can not lost.
In a preferred embodiment, database module 11 creates the database file of " sensinfo.db " by name under each drive of hard disc of computer.When marking when close, mark close module 12 security information of selecting is write in " sensinfo.db " database file.Record is marked close people, is marked the information such as close time, filename, file complete trails in the database file.The close system of user's login interface log file mark that the user provides by user log-in block 14, after the user logins successfully, user log-in block 14 reads the user name of user input, obtains user's level of confidentiality of this user name that other application systems provide or that obtain by the user name retrieval.User log-in block 14 transfers to the close module 12 of mark with user name and user's level of confidentiality.In certain embodiments, the user not the close system of log file mark then can not mark close or the file level of confidentiality is made amendment file.In an embodiment of the present invention, can adopt the Login method to login to the close system of files-designated, use the Logout method to nullify when withdrawing from.The user of login can not obtain mark ciphertext part security information by the GetSensInfo method, also can obtain by GetFileLength the size of file.
Relating module 13 calls the API supervisory user to the operation of file, catch the user close to the mark that file carries out, copy, shear, the operation such as deletion.Simultaneously administration module 13 obtains filename, the file path of file destination, user's running time.
Monitor the user such as relating module 13 file destination is carried out the close operation of files-designated, then generate the close command of mark to marking close module 12.After marking close module 12 and receiving this and mark close instruction, 122 filterings of level of confidentiality filtering module are higher than the alternative file level of confidentiality of user's level of confidentiality, provide the alternative file level of confidentiality that is not higher than user's level of confidentiality to subscriber interface module 121, subscriber interface module 121 is revealed in " attribute " hurdle of operating system File with label form.The alternative file level of confidentiality that subscriber interface module 121 will receive offers the user with the form of optional file level of confidentiality, for user selection.User selection wherein file level of confidentiality to be that this document is marked close, subscriber interface module 121 reads the file level of confidentiality of user selection and it is transferred to the close execution module 123 of mark, command reception module 124 receives filename, file path, user that relating modules 13 mark the close instruction of mark that close operation generates and file destination according to this of user to the file destination running time, and with above-mentioned communication to marking close execution module 123.Mark close execution module 123 and according to filename, file path and the user of the close instruction of the mark file that file level of confidentiality, user is operated the file operation time is write database file under the file destination drive.After the close operation of the mark of file destination is finished, mark close execution module 123 to close the finishing of subscriber interface module 121 feedback marks, subscriber interface module 121 shows the close people's of mark user name and marks the close time.
Monitor the user to the operation of making amendment of the mark confidential information of file destination such as relating module 13, then generate and transmit modify instruction to marking close module 12.After marking close module 12 and receiving this modify instruction, provide the optional file level of confidentiality that is not higher than user's level of confidentiality for user selection to the user.Read the file level of confidentiality of user selection and obtain filename, the file path of file destination, user's running time.And filename, file path and the user of file level of confidentiality, file destination write database file under the file destination drive to the file operation time, after the retouching operation of the mark confidential information of file destination finished, mark close execution module 123 and finish subscriber interface module 121 display update people's user name and modification time to the close operation of subscriber interface module 121 feedback marks.
Monitor the user such as relating module 13 file destination is carried out replicate run, then generate also transmission copying instruction to marking close module 12, after marking close module 12 and receiving this duplicate instructions, by reading and copy the mark confidential information that this is replicated file the mark database of close execution module 123 under being replicated file place drive, the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup.Afterwards, mark close execution module 123 and finish to subscriber interface module 121 feedback operation, subscriber interface module 121 shows that the close people of mark of these stickups files is replicated the close people's of mark the user name of file and the close time of mark of this stickup file is the time of stickup this document.
Monitor the user such as relating module 13 file destination is carried out shearing manipulation, then generate and transmit and shear instruction to marking close module 12.After marking close module 12 and receiving this shearing instruction, by the mark confidential information that reads and copy this shearing file the database of the close execution module 123 of mark under being sheared file place drive, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, deletes simultaneously the mark confidential information of this shearing file in the database that is sheared under the drive of file place.Afterwards, mark close execution module 123 and finish to subscriber interface module 121 feedback operation, subscriber interface module 121 shows that the close people of mark of these stickups files is sheared the close people's of mark the user name of file and the close time of mark of this stickup file is the time of stickup this document.
Monitor the user such as relating module 13 file destination is carried out deletion action, then generate and transmit delete instruction, to marking close module 12.After marking close module 12 and receiving this shearing instruction, by the mark confidential information of this deleted file of deletion the database of the close execution module 123 of mark under the drive of deleted file place.Afterwards, marking close execution module 123 finishes to subscriber interface module 121 feedbacks.
By the operation of monitoring module 13 supervisory user to file, generation is corresponding to the instruction of user's operation, by the mark confidential information of storing in the database file under the drive of mark close module 12 pairs of operated files place carry out write, read, revise, copy, paste, the operation such as deletion, thereby the mark confidential information of this document can not lost when making file be moved into any position.
In preferred embodiment, to be marked close file and adopted the encryption storage, Cipher Strength is more than 128.
The present invention also discloses a kind of files-designated decryption method.Figure 6 shows that the process flow diagram of the disclosed mark decryption method of file one embodiment according to the present invention.In this embodiment, this document mark decryption method is included in creation database file (step S001) under each drive of hard disc of computer; Supervisory user will be marked in the confidential information data writing library file (step S002) according to user instruction the operation of file; Operate (step S003) according to this instruction pair with the mark confidential information that this user operates the database file storage under the relevant drive.Wherein, as shown in Figure 7, the step that to mark confidential information data writing library file according to user instruction further comprises calls the API supervisory user to the operation of file, and the filename, file path and the user that obtain the operated file of user generate corresponding instruction (step S022) to the action type (step S021) of file operation and according to the action type of obtaining.
In certain embodiments, the user specifically comprises the close operation of the mark of file, replicate run, shearing manipulation and deletion action the operation of file; Corresponding instruction comprises the close instruction of mark, duplicate instructions, shearing instruction, delete instruction.Operating the operation that the mark confidential information of the database file storage under the relevant drive carries out according to this instruction pair and this user specifically comprises: mark close instruction to the mark confidential information that is write or revise this document by the database under the drive of mark ciphertext part place according to this; According to reading and copy the mark confidential information that this is replicated file the database of duplicate instructions under being replicated file place drive, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup; According to the mark confidential information of shearing instruction and read and copy from being sheared database under the drive of file place this shearing file, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, deletes simultaneously the mark confidential information of this shearing file in the database that is sheared under the drive of file place; Mark confidential information according to this deleted file of deletion the database of delete instruction under the drive of deleted file place.
In certain embodiments, marking close instruction according to this further comprises to the step that is write or revise the mark confidential information of this document by the database under the drive of mark ciphertext part place: provide alternative file level of confidentiality to the user, the file level of confidentiality that provides is not higher than user's level of confidentiality, obtain the file level of confidentiality of user's actual selection, the file level of confidentiality of user selection is write by the database under the drive of mark ciphertext part place.
In preferred embodiment, in the operation of supervisory user to file, provide login interface to the user before according to the user operation of file being generated corresponding instruction, read the user name of user's input when logining, obtain user's level of confidentiality.
In preferred embodiment, files-designated decryption method specific implementation is:
Under each drive of hard disc of computer, create the database file of " sensinfo.db " by name.When marking when close, the security information of selecting is write in " sensinfo.db " database file.Record is marked close people, is marked the information such as close time, filename, file complete trails in the database file.
Provide log-in interface to the user, read the user name that the user logins time input, obtain user's level of confidentiality of this user name that other application systems provide or that obtain by the user name retrieval.In certain embodiments, the user not the close system of log file mark then can not mark close or the file level of confidentiality is made amendment file.In an embodiment of the present invention, can adopt the Login method to login to the close system of files-designated, use the Logout method to nullify when withdrawing from.The user of login can not obtain mark ciphertext part security information by the GetSensInfo method, also can obtain by GetFileLength the size of file.
Call the API supervisory user to the operation of file, catch the user close to the mark that file carries out, copy, shear, the operation such as deletion generates corresponding instruction, and obtain filename, the file path of file destination, user's running time.
As monitor the user file destination is carried out the close operation of files-designated, then generate the close instruction of mark, provide the optional file level of confidentiality that is not higher than user's level of confidentiality for user selection to the user, and read the file level of confidentiality of user selection.And filename, file path and the user of the file that file level of confidentiality, user is operated write database file under the file destination drive to the file operation time, finishes the close operation of the mark of file destination.
As monitor the user to the operation of making amendment of the mark confidential information of file destination, and then generate the close instruction of mark, provide the optional file level of confidentiality that is not higher than user's level of confidentiality for user selection to the user.Read the file level of confidentiality of user selection and obtain filename, the file path of file destination, user's running time.And filename, file path and the user of file level of confidentiality, file destination write database file under the file destination drive to the file operation time, finish the retouching operation to the mark confidential information of file destination.
As monitor the user file destination is carried out replicate run, then generate duplicate instructions, read and copy the mark confidential information that this is replicated file the database under being replicated file place drive, database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, finishes the replicate run to file destination.
As monitor the user file destination is carried out shearing manipulation, then generate and shear instruction, read and copy the mark confidential information of this shearing file the database under being sheared file place drive, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, deletes simultaneously the mark confidential information of this shearing file in the database that is sheared under the drive of file place; Finish the shearing manipulation to file destination.
As monitor the user file destination is carried out deletion action, then generating delete instruction, the mark confidential information of this deleted file of deletion is finished the shearing manipulation to file destination the database under the drive of deleted file place.
By the operation of supervisory user to file, generation is corresponding to the instruction of user's operation, the mark confidential information stored in the database file under the drive of operated file place carried out write, read, revise, copy, paste, the operation such as deletion, thereby the mark confidential information of this document can not lost when making file be moved into any position.
With other application systems, for example be used in conjunction with the system that mailing system, Subscriber Management System or other need are marked close operation, carried out management and control to marking ciphertext part and file level of confidentiality file.The close system of files-designated provides integrated interface, other application systems can by interface adopt the files-designated decryption method to file mark close and mark ciphertext part and level of confidentiality management and control, obtain the close tool information of mark, the close grade of mark and file download be set.Other application systems can be carried out the file download by the ChooseDownloadDir method, and the files-designated confidential information after the download can not lost.
The mailing system that is used in conjunction with the close system of files-designated adopts tower management, be non-flat structure, can carry out security classification settings to the mail that sends and receives, addressee and sender are carried out security classification settings, configure corresponding approval process, supervision transfer daily record, to nonstandard ciphertext part content audits and compliance, the full text of transfer files is copied to the database of storage mark confidential information, concerning security matters, classified papers are taked the behavior audits and compliance, the database of confidential information is marked in the record behavior of posting a letter to storage, for relevant personnel inquiry, thus the unordered diffusion of stopping file.Mailing system, only has by the close file of mark and could upload and send as annex with access security level identification information by IE control and the close instrument communication of mark; Locked when the level of confidentiality file system starts, other processes can't be accessed, and prevent from marking confidential information and are accessed and distort by other processes.Use but mark close instrument open interface and authorized third party application, to obtain or to arrange the mark confidential information.
The close system of files-designated can provide mark to try the meter record secretly to other application systems, and the close system of files-designated transmits information by the Web address that http protocol calls other application systems, and other application systems will receive audit information and carry out record.
Those skilled in the art can also carry out various modifications to above content under the condition that does not break away from the definite the spirit and scope of the present invention of claims.Therefore scope of the present invention is not limited in above explanation, but determined by the scope of claims.
Claims (14)
1. the close system of files-designated is equipped on the operating system platform, it is characterized in that, comprises database module, the close module of mark and relating module;
This database module is the creation database file under each drive of hard disc of computer, and this database file store files marked the close time, marked the filename of ciphertext part, marked file complete trails and the file level of confidentiality of ciphertext part;
This relating module is related with this operating system, and supervisory user generates command adapted thereto and this command is marked close module to this operation of file according to the user the operation of file;
This marks the instruction that close module receives the transmission of this relating module, is marked the close time, is marked the filename of ciphertext part, the file complete trails of being marked the ciphertext part and file level of confidentiality and carry out corresponding operating according to the file that this instruction is stored the database file under this database module drive that create, relevant with this user's operation.
2. files-designated confidential information according to claim 1 is characterized in that, this relating module comprises acquisition of information module and instruction generation module;
This acquisition of information module is called the API supervisory user to the operation of file, obtains the filename, file path, user of the operated file of user to action type and the running time of file operation;
The action type that this instruction generation module obtains according to this acquisition of information module generates corresponding instruction.
3. files-designated confidential information according to claim 2 is characterized in that, described user comprises the operation of file: the user is to the close operation of the mark of file, replicate run, shearing manipulation and deletion action; This instruction generation module generates the close instruction of mark, duplicate instructions, shearing instruction, delete instruction accordingly.
4. files-designated confidential information according to claim 3 is characterized in that, this marks close module;
Mark close instruction to the mark confidential information that is write or revise this document by the database under the drive of mark ciphertext part place according to this;
According to reading and copy the mark confidential information that this is replicated file the database of duplicate instructions under being replicated file place drive, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup;
According to the mark confidential information of shearing instruction and read and copy from being sheared database under the drive of file place this shearing file, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, deletes simultaneously the mark confidential information of this shearing file in the database that is sheared under the drive of file place;
Mark confidential information according to this deleted file of deletion the database of delete instruction under the drive of deleted file place.
5. the close system of files-designated according to claim 4, it is characterized in that, this is marked close module and marks close instruction according to this and further comprise to the mark confidential information that is write or revise this document by the database under the drive of mark ciphertext part place: this is marked close module and provides alternative file level of confidentiality to the user, obtain the file level of confidentiality of user's actual selection, the file level of confidentiality of user selection is write by the database under the drive of mark ciphertext part place.
6. the close system of files-designated according to claim 5 is characterized in that, this is marked close module and is not higher than user's level of confidentiality to alternative file level of confidentiality that the user provides.
7. the close system of files-designated according to claim 1, it is characterized in that, the close system of this document mark also comprises user log-in block, this user log-in block provides log-in interface to the user, read the user name of user's input, obtain user's level of confidentiality, user name and user's level of confidentiality are transferred to this mark close module.
8. a files-designated decryption method is characterized in that, the method comprises:
Creation database file store files is marked the close time, is marked the filename of ciphertext part, the file complete trails of being marked the ciphertext part and file level of confidentiality under each drive of hard disc of computer;
Supervisory user is to the operation of file, according to the user operation of file generated corresponding instruction;
Marked the close time with the file that this user operates the database file storage under the relevant drive, marked the filename of ciphertext part, the file complete trails of being marked the ciphertext part and file level of confidentiality and operate according to this instruction pair.
9. files-designated decryption method according to claim 8, it is characterized in that, described supervisory user is to the operation of file, according to the user step that the operation of file generates corresponding instruction is further comprised: call the API supervisory user to the operation of file, obtain filename, file path and the user of the operated file of user to the action type of file operation, generate corresponding instruction according to the action type of obtaining.
10. files-designated decryption method according to claim 9 is characterized in that, described user comprises the close operation of the mark of file, replicate run, shearing manipulation and deletion action the operation of file; Corresponding instruction comprises the close instruction of mark, duplicate instructions, shearing instruction, delete instruction.
11. files-designated decryption method according to claim 10 is characterized in that, describedly operates the step that the mark confidential information of the database file storage under the relevant drive operates according to this instruction pair and this user and further comprises:
Mark close instruction to the mark confidential information that is write or revise this document by the database under the drive of mark ciphertext part place according to this;
According to reading and copy the mark confidential information that this is replicated file the database of duplicate instructions under being replicated file place drive, the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup;
According to the mark confidential information of shearing instruction and read and copy from being sheared database under the drive of file place this shearing file, and the database under the file place drive of pasting writes the path of the file of this mark confidential information of copying and stickup, deletes simultaneously the mark confidential information of this shearing file in the database that is sheared under the drive of file place;
Mark confidential information according to this deleted file of deletion the database of delete instruction under the drive of deleted file place.
12. files-designated decryption method according to claim 11, it is characterized in that, describedly mark close instruction according to this and further comprise to the step that is write or revise the mark confidential information of this document by the database under the drive of mark ciphertext part place: provide alternative file level of confidentiality to the user, obtain the file level of confidentiality of user's actual selection, the file level of confidentiality of user selection is write by the database under the drive of mark ciphertext part place.
13. files-designated decryption method according to claim 12 is characterized in that, describedly provides alternative file level of confidentiality not to be higher than user's level of confidentiality to the user.
14. files-designated decryption method according to claim 8, it is characterized in that, in the operation of supervisory user to file, also comprise before the operation of file being generated the step of corresponding instruction according to the user: provide login interface to the user, read the user name of inputting when the user logins, obtain user's level of confidentiality.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110320966.XA CN102902931B (en) | 2011-07-28 | 2011-10-20 | The close system of files-designated and files-designated decryption method |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110214456 | 2011-07-28 | ||
| CN201110214456.4 | 2011-07-28 | ||
| CN2011102144564 | 2011-07-28 | ||
| CN201110320966.XA CN102902931B (en) | 2011-07-28 | 2011-10-20 | The close system of files-designated and files-designated decryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102902931A true CN102902931A (en) | 2013-01-30 |
| CN102902931B CN102902931B (en) | 2016-12-14 |
Family
ID=
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106446611A (en) * | 2016-08-31 | 2017-02-22 | 北京北信源软件股份有限公司 | Security-level information generation and reading methods and apparatuses |
| CN106790174A (en) * | 2016-12-29 | 2017-05-31 | 成都三零盛安信息系统有限公司 | Security level identification method and device |
| CN108763938A (en) * | 2018-04-28 | 2018-11-06 | 安徽四创电子股份有限公司 | A kind of monitoring method of electronic document level of confidentiality modification |
| CN109388952A (en) * | 2017-08-09 | 2019-02-26 | 普天信息技术有限公司 | A kind of method and apparatus of confidential document and security level identification binding |
| CN112989288A (en) * | 2021-04-16 | 2021-06-18 | 成都飞机工业(集团)有限责任公司 | System and method for calibrating security level of electronic documents in batch |
| CN113806797A (en) * | 2021-08-11 | 2021-12-17 | 珠海金山办公软件有限公司 | Document encryption method and device, storage medium and processor |
| CN116052341A (en) * | 2023-02-22 | 2023-05-02 | 宁波天骄智能科技有限公司 | Intelligent file cabinet based on multidimensional data processing |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826964A (en) * | 2010-04-02 | 2010-09-08 | 无锡华御信息技术有限公司 | Outgoing document security management system supporting collaboration |
| CN102006302A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Method for identifying security classification of electronic file |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826964A (en) * | 2010-04-02 | 2010-09-08 | 无锡华御信息技术有限公司 | Outgoing document security management system supporting collaboration |
| CN102006302A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Method for identifying security classification of electronic file |
Non-Patent Citations (3)
| Title |
|---|
| 李梅梅: "电子文件密级标志相关技术浅析", 《研究所专栏》 * |
| 王文宇等: "电子文件密级管理系统的关键技术与设计", 《学术研究》 * |
| 耿伟: "涉密信息系统内电子文件密级标志的需求与应用分析", 《学术交流》 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106446611A (en) * | 2016-08-31 | 2017-02-22 | 北京北信源软件股份有限公司 | Security-level information generation and reading methods and apparatuses |
| CN106790174A (en) * | 2016-12-29 | 2017-05-31 | 成都三零盛安信息系统有限公司 | Security level identification method and device |
| CN106790174B (en) * | 2016-12-29 | 2019-10-22 | 成都三零盛安信息系统有限公司 | Security level identification method and device |
| CN109388952A (en) * | 2017-08-09 | 2019-02-26 | 普天信息技术有限公司 | A kind of method and apparatus of confidential document and security level identification binding |
| CN108763938A (en) * | 2018-04-28 | 2018-11-06 | 安徽四创电子股份有限公司 | A kind of monitoring method of electronic document level of confidentiality modification |
| CN108763938B (en) * | 2018-04-28 | 2020-09-25 | 安徽四创电子股份有限公司 | Method for monitoring security level modification of electronic file |
| CN112989288A (en) * | 2021-04-16 | 2021-06-18 | 成都飞机工业(集团)有限责任公司 | System and method for calibrating security level of electronic documents in batch |
| CN112989288B (en) * | 2021-04-16 | 2021-09-03 | 成都飞机工业(集团)有限责任公司 | System and method for calibrating security level of electronic documents in batch |
| CN113806797A (en) * | 2021-08-11 | 2021-12-17 | 珠海金山办公软件有限公司 | Document encryption method and device, storage medium and processor |
| CN116052341A (en) * | 2023-02-22 | 2023-05-02 | 宁波天骄智能科技有限公司 | Intelligent file cabinet based on multidimensional data processing |
| CN116052341B (en) * | 2023-02-22 | 2023-10-10 | 宁波天骄智能科技有限公司 | Intelligent file cabinet based on multidimensional data processing |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10713379B2 (en) | Distributed storage system for long term data storage | |
| US11531495B2 (en) | Distributed storage system for long term data storage | |
| US9674156B2 (en) | Event-triggered release through third party of pre-encrypted digital data from data owner to data assignee | |
| US10069914B1 (en) | Distributed storage system for long term data storage | |
| US10242225B2 (en) | Systems and methods for facilitating relationship management | |
| CN108111585A (en) | Distributed storage method based on block chain | |
| US9356895B2 (en) | Message transmission system and method for a structure of a plurality of organizations | |
| CA2944218C (en) | Secure workflow and data management facility | |
| CN101547199B (en) | Electronic document safety guarantee system and method | |
| CN109858258A (en) | Government data based on block chain exchanges method and device | |
| CN107078942A (en) | The method and system that the messaging and content controlled by sender is shared | |
| CN102193899A (en) | System for managing data across a plurality of environments and method thereof | |
| CN101729550A (en) | Digital content safeguard system based on transparent encryption and decryption method thereof | |
| KR20160064128A (en) | Distributed data system with document management and access control | |
| CN104580395A (en) | Multi-cloud cooperative storage middleware system based on existing cloud storage platform | |
| CN103108009B (en) | File sharing method based on off-line space and device | |
| CN102780721A (en) | Picture sharing method and picture sharing device for network albums | |
| CN109388952A (en) | A kind of method and apparatus of confidential document and security level identification binding | |
| CN104657677A (en) | File encryption method based on alternate data streams | |
| CN107426223A (en) | Cloud file encryption and decryption method, encryption and decryption device and processing system | |
| CN109451004A (en) | Cloud storage system and method based on cloud bridge | |
| CN102215214A (en) | Selective-transparent-encryption/decryption-based file protection method and system | |
| CN108900510A (en) | Off-line data storage method, device, computer equipment and storage medium | |
| CN105205403B (en) | Method, the system of control local area network file data based on file filter | |
| KR102495450B1 (en) | System for sharing cloud file |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161214 Termination date: 20191020 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |