CN102902931B - The close system of files-designated and files-designated decryption method - Google Patents
The close system of files-designated and files-designated decryption method Download PDFInfo
- Publication number
- CN102902931B CN102902931B CN201110320966.XA CN201110320966A CN102902931B CN 102902931 B CN102902931 B CN 102902931B CN 201110320966 A CN201110320966 A CN 201110320966A CN 102902931 B CN102902931 B CN 102902931B
- Authority
- CN
- China
- Prior art keywords
- file
- mark
- user
- close
- instruction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000005540 biological transmission Effects 0.000 claims abstract description 18
- 238000010008 shearing Methods 0.000 claims description 33
- 230000000875 corresponding Effects 0.000 claims description 18
- 238000000034 method Methods 0.000 abstract description 8
- 238000010586 diagram Methods 0.000 description 6
- 238000001914 filtration Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000009792 diffusion process Methods 0.000 description 2
- 230000003362 replicative Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
Abstract
A kind of close system of files-designated and files-designated decryption method, the close system of files-designated is equipped on operating system platform, including DBM, marks close module and relating module;DBM creates database file store files under each drive of hard disc of computer and is marked close time, by the filename of mark ciphertext part, by the file full path footpath of mark ciphertext part and file level of confidentiality;Relating module associates monitoring user's operation to file with operating system, according to user, the operation of file is generated command adapted thereto and transmits to marking close module;Mark close module and receive instruction, the file stored the database file under the drive relevant to user operation according to instruction is marked close time, is operated by the filename of mark ciphertext part, the file full path footpath and file level of confidentiality of being marked ciphertext part, file is carried out level of confidentiality demarcation, realize the binding of mark confidential information and e-file simultaneously, make e-file not lose at transmission, reproduction process acceptance of the bid confidential information, improve the safety to file and controllability.
Description
Technical field
The present invention relates to network communication security fields, particularly relate to a kind of close system of files-designated and files-designated decryption method.
Background technology
Along with the universalness of network, network communication has incorporated the every aspect of contemporary society's productive life, communication information
Safe and secret problem is the most gradually paid attention to by people.Sender also makes transmission successful while being transmitted by real-time performance file
File is departing from the control of sender, and sender is difficult to limit the use sending file with propagation, so that sending
Person faces the file sent and is abused or the danger of malicious dissemination.
For solving the problems referred to above, prior art CN101826964A discloses a kind of outgoing document safety supporting collaborative work
Management system.This safety management system is Generated Certificate by concentration and authority, user carries out on-line authentication and to day
Will, the query monitor of file status, it is achieved the moment tracing control to outgoing document, prevent diffusion of information.
Prior art provides monitoring and inquiry just for file outgoing, but cannot ensure other behaviour that file is carried out by user
When making, files-designated confidential information is not lost.
In addition the prior art carries out the management of single rank to client, i.e. message in-coming person, carries out file equally single
Rank manages.All of client is given identical level of confidentiality authority, All Files is simply divided into can transmit with can not
Transmission.This type of management obviously cannot realize multi-level Encryption management and control, it is impossible to realizes portions of client for part literary composition
Part gives part authority.
Summary of the invention
Do not lose with digital signature at transmission, reproduction process acceptance of the bid confidential information to realize e-file, improve file
Safety and controllability, the present invention proposes a kind of close system of files-designated and files-designated decryption method, can realize e-file
Security information is demarcated, and completes the binding marking confidential information with e-file simultaneously, makes e-file close in transmission, reproduction process acceptance of the bid
Information is not lost with digital signature, improves the safety to concerning security matters e-file and controllability.
The present invention provides a kind of close system of files-designated, and the close system of this document mark is equipped on operating system platform, including
DBM, mark close module and relating module;This DBM creates data under each drive of hard disc of computer
Library file, it is complete that this database file store files is marked close time, file by the filename of mark ciphertext part, by mark ciphertext part
Path and file level of confidentiality;This relating module associates with this operating system, monitors user's operation to file, according to user to literary composition
The operation of part generates command adapted thereto and transmits this instruction to the close module of this mark;The close module of this mark receives the transmission of this relating module
Instruction, when the file stored the database file that operate under relevant drive to this user according to this instruction is marked close
Between, by the filename of mark ciphertext part, carried out corresponding operating by the mark file full path footpath of ciphertext part and file level of confidentiality.
Alternative file level of confidentiality that the close system of files-designated the most of the present invention provides a user with is not higher than user's level of confidentiality, makes
Join compared with file level of confidentiality level of confidentiality with user own, it is to avoid user bypass the immediate leadership mark close.
The present invention also provides for a kind of files-designated decryption method, and the method includes: create under each drive of hard disc of computer
Database file store files by mark close time, by the filename of mark ciphertext part, by mark ciphertext part file full path footpath and
File level of confidentiality;Monitoring user's operation to file, generates corresponding instruction according to user to the operation of file;Right according to this instruction
The file of the database file storage under the drive relevant to this user operation is marked close time, file by mark ciphertext part
Name, the file full path footpath and file level of confidentiality of being marked ciphertext part operate.
The beneficial effects of the present invention is, the close system of this document mark is by carrying out level of confidentiality demarcation to file, it is achieved to electronics
The control that file security information is demarcated, completes the binding marking confidential information with e-file, makes e-file in transmission, reproduction process
Acceptance of the bid confidential information is not lost with digital signature, improves the safety to file and controllability.File the most in certain embodiments
Mark close system more can make the own level of confidentiality of file level of confidentiality and user compared with join, it is to avoid user bypass the immediate leadership mark close.
Accompanying drawing explanation
Fig. 1 is the block diagram of files-designated of the present invention close system one embodiment;
Fig. 2 is the block diagram of the relating module of the close system of files-designated of the present invention;
Fig. 3 is the block diagram marking close module of the close system of files-designated of the present invention;
Fig. 4 is the close user interface of files-designated of the close system of files-designated of the present invention;
Fig. 5 is the block diagram of files-designated of the present invention another embodiment of close system;
Fig. 6 is according to the flow chart of files-designated decryption method disclosed in one embodiment of the invention;
Fig. 7 is the flow chart of files-designated decryption method of the present invention.
Detailed description of the invention
The present invention proposes a kind of close system of files-designated, can realize the control demarcating e-file security information, complete mark
Confidential information and the binding of e-file, make e-file not lose with digital signature at transmission, reproduction process acceptance of the bid confidential information, carry
The high safety to file and controllability.
Fig. 1 is the block diagram of an embodiment of the close system of files-designated of the present invention.In an embodiment, as it is shown in figure 1, files-designated
Close system 1 is equipped on operating system platform, including DBM 11, marks close module 12 and relating module 13.Data
Library module 11 creates database file under each drive of hard disc of computer and is marked the mark confidential information of close file for storage.
Even if moveable magnetic disc Offhost, security information is still saved on this moveable magnetic disc.
Relating module 13 is associated with operating system, monitors user's operation to file, according to user's operation to file
Generate command adapted thereto.As in figure 2 it is shown, this relating module 13 includes data obtaining module 131 and directive generation module 132.Letter
Breath acquisition module 131 calls API and monitors user's operation to file, obtains the filename of file operated by user, file road
Footpath, user are to the action type of file operation and operating time.Directive generation module 132 obtains according to this data obtaining module 131
The action type taken generates corresponding instruction.The action type of file is included by user in some embodiments of the invention: mark close
File, duplication file, shearing file, deletion file.But the present invention does not limit and above-mentioned listed action type.This instruction is raw
Become module 132, according to user, the close operation of mark, duplication operation, shearing manipulation and the deletion action of file are generated mark close finger accordingly
Make, duplicate instructions, shearing instruction, delete instruction.Relating module 13 by the filename of the file operated by user, file path,
The instruction of file operation time and generation is transmitted to marking close module 12 by user,.
Mark close module 12 to be connected with DBM 11, relating module 13, receive the user institute of relating module 13 transmission
Operating time to file of the filename of file, file path, instruction and user of operation, according to this instruction to operation phase
The mark confidential information of the database file storage under the drive closed carries out corresponding operating.
Its acceptance of the bid confidential information includes marking close people, to mark close time, file by the filename of mark ciphertext part, by mark ciphertext part complete
Path, by mark ciphertext part level of confidentiality etc..
Mark close module 12 according to the close instruction of this mark to by the data base's write under the drive of mark ciphertext part place or amendment this article
The mark confidential information of part;From the data base being replicated the drive of file place, read and replicate this according to duplicate instructions and be replicated literary composition
The mark confidential information of part, and the data base under the file place drive pasted writes this mark confidential information and the literary composition of stickup of duplication
The path of part;Close according to the mark that this shearing file was read and replicated to shearing instruction from the data base being sheared the drive of file place
Information, and to paste file place drive under data base write this mark confidential information of duplication and the road of the file of stickup
Footpath, deletes the mark confidential information of this shearing file being sheared in the data base under the drive of file place simultaneously;According to deleting instruction
Data base from the drive of deleted file place deletes the mark confidential information of this deleted file.
In some embodiments of the invention, mark close module 12 and include subscriber interface module 121, level of confidentiality filtering module 122, mark
Close execution module 123 and receiver module 124, as it is shown on figure 3, level of confidentiality filtering module 122 receives receiver module 124 transmission
Mark close instruction, filter out the alternative file level of confidentiality higher than user's level of confidentiality according to the level of confidentiality of user, provide to subscriber interface module 121
The not higher than alternative file level of confidentiality of user's level of confidentiality.Select for user.Subscriber interface module 121 is revealed in operation in tag form
In system in file " attribute " hurdle, as shown in Figure 4.The alternative literary composition that subscriber interface module 121 provides according to level of confidentiality filtering module 122
Part level of confidentiality provides a user with selectable file level of confidentiality.User selects a file level of confidentiality to arrange by subscriber interface module 121
This document.Subscriber interface module 121 obtains user and selects the file level of confidentiality of input, and transmission is to the mark marking close module close execution module
123.User determines that the close operation of mark will be acquired in relating module 13.Relating module 13 generates according to this operation and marks close instruction also
The file operation time is sent to marking close module 12 by it with the filename of file operated by user, file path, user.Mark
The receiver module 124 of close module 12 receives the filename of the file operated by user of relating module 13 transmission, file path, use
Family is to file operation time and instruction and transmits to marking close execution module 123, triggers and marks close execution module to by mark ciphertext part
Data base under the drive of place writes mark confidential information.After information has write, mark close execution module 123 to subscriber interface module
121 feedback marks are close to be completed, and subscriber interface module 121 display is marked the user name of close people and marks the close time.User interface mould in Fig. 4
Block uses drop-down menu formula interface, and this user interface can be to choose formula interface or input type interface in other embodiments.At certain
In a little embodiments, mark and close module 12 only includes subscriber interface module 121, level of confidentiality filtering module 122 and marks close execution module
123, mark close execution module 123 and directly receive the information from relating module 13 transmission.In further embodiments, level of confidentiality filters
Module 122 can be integrated in subscriber interface module 121, makes subscriber interface module 121 have the function that level of confidentiality filters.User is to literary composition
The amendment operation that the mark confidential information of part is carried out can be as the close operation of the mark of specific type, to mark close instruction triggers mark close execution module
123 data bases under the mark ciphertext part place drive being modified write amended mark confidential information and delete former mark confidential information.
Fig. 5 is the block diagram of another embodiment of the close system of files-designated of the present invention.This embodiment and embodiment illustrated in fig. 1 base
This is identical, and its difference is, the close system of files-designated also includes user log-in block 14 in the present embodiment.User log-in block 14
It is connected with marking close module 12.User log-in block 14 reads the user name of user's input, obtains user's level of confidentiality, by user name and use
Family level of confidentiality is transmitted to the close module of this mark 12.
In a preferred embodiment of the present invention, the close system of files-designated and other application systems with the use of.Described other are answered
By system can be such as mailing system, Subscriber Management System or other file need to be marked close operation, to mark ciphertext part with literary composition
Part level of confidentiality carries out the system of management and control.The close system of files-designated provides integrated interface, and other application systems can carry out file by interface
Mark the login of close system, thus file is marked management and control, the acquisition files-designated confidential information of close and mark ciphertext part and level of confidentiality, sets
Put the close grade of files-designated and be downloaded by the close file of mark in authority.Other application systems can be passed through
ChooseDownloadDir method carries out file download, and the mark confidential information of the file after download will not be lost.
In a preferred embodiment, DBM 11 create under each drive of hard disc of computer one entitled
The database file of " sensinfo.db ".When carrying out marking close, mark close module 12 security information of selection is write into
In " sensinfo.db " database file.In database file, record is marked close people, is marked close time, filename, file full path footpath etc.
Information.User's login interface close system of log file mark that user is provided by user log-in block 14, after user logins successfully,
User log-in block 14 reads the user name of user's input, obtains that other application systems provide or is obtained by user name retrieval
User's level of confidentiality of this user name.User name and user's level of confidentiality are transmitted to marking close module 12 by user log-in block 14.At certain
In a little embodiments, user is not logged in the close system of files-designated and then can not mark file close or modify file level of confidentiality.?
In one embodiment of the invention, Login method can be used to log on to the close system of files-designated, when exiting, use Logout method to note
Pin.The user being not logged in can obtain mark ciphertext part security information by GetSensInfo method, also by
GetFileLength obtains the size of file.
Relating module 13 calls API and monitors user's operation to file, catch that user's mark of carrying out file is close, replicate,
Shearing, deletion etc. operate.Management module 13 obtains the operating time of the filename of file destination, file path, user simultaneously.
As relating module 13 monitors user, file destination is carried out the close operation of files-designated, then generate mark close instruction transmission extremely
Mark close module 12.Marking after close module 12 receives the close instruction of this mark, it is alternative that level of confidentiality filtering module 122 filters higher than user's level of confidentiality
File level of confidentiality, it is provided that the not higher than alternative file level of confidentiality of user's level of confidentiality to subscriber interface module 121, subscriber interface module 121 with
Label form is revealed in " attribute " hurdle of file in operating system.The alternative file level of confidentiality that subscriber interface module 121 will receive
It is supplied to user with the form of optional file level of confidentiality, selects for user.User selects one of which file level of confidentiality to be this document
Carrying out marking close, subscriber interface module 121 reads file level of confidentiality that user selects and is transmitted to mark close execution module 123, refers to
Make receiver module 124 receive relating module 13 and mark close instruction and the literary composition of file destination according to what the close operation of this mark of user generated
Part name, file path, user are to the file destination operating time, and transmit above-mentioned information to marking close execution module 123.Mark close holding
Row module 123 is according to marking close instruction by the filename of file, file path and the user operated by file level of confidentiality, user to literary composition
Database file under part operating time write file destination drive.After the close operation of mark of file destination completes, mark close execution mould
Block 123 marks close completing to subscriber interface module 121 feedback, and subscriber interface module 121 display is marked the user name of close people and marks close
Time.
The mark confidential information of file destination is modified operation as relating module 13 monitors user, then generate and transmit and repair
Change instruction to marking close module 12.Marking after close module 12 receives this amendment instruction, provide a user with not higher than user's level of confidentiality can
Selection part level of confidentiality selects for user.Read the file level of confidentiality of user's selection and obtain the filename of file destination, file path, use
The operating time at family.And the file operation time is write by file level of confidentiality, the filename of file destination, file path and user
Database file under file destination drive, marks file destination after the amendment of confidential information operated, marks close execution module
123 mark close operation to subscriber interface module 121 feedback completes, and subscriber interface module 121 display is revised the user name of people and repaiies
Change the time.
As relating module 13 monitors user, file destination carries out replicating operation, then generate and transmission copying instruction is to mark
Close module 12, marks after close module 12 receives this duplicate instructions, by marking close execution module 123 from being replicated the drive of file place
Data base in read and replicate this mark confidential information being replicated file, to paste file place drive under data base write
This mark confidential information replicated and the path of the file of stickup.Afterwards, close execution module 123 is marked anti-to subscriber interface module 121
Feedback operation completes, and subscriber interface module 121 shows the close user name marking close people being artificially replicated file of the mark of this stickup file
And the close time of marking of this stickup file is the time pasting this document.
As relating module 13 monitors user, file destination is carried out shearing manipulation, then generate and transmit shearing instruction to mark
Close module 12.Mark close module 12 receive this shearing instruction after, by mark close execution module 123 from being sheared the drive of file place
Data base in read and replicate the mark confidential information of this shearing file, and the data base's write under the file place drive pasted
This mark confidential information replicated and the path of the file of stickup, delete simultaneously and be sheared in the data base under the drive of file place
The mark confidential information of this shearing file.Afterwards, mark close execution module 123 and complete to subscriber interface module 121 feedback operation, Yong Hujie
Face mould block 121 shows the close user name marking close people being artificially sheared file of the mark of this stickup file and the mark of this stickup file
The close time is the time pasting this document.
As relating module 13 monitors user, file destination is carried out deletion action, then generate and transmit deletion instruction, extremely
Mark close module 12.Mark close module 12 receive this shearing instruction after, by mark close execution module 123 from deleted file place drive
Under data base in delete the mark confidential information of this deleted file.Afterwards, close execution module 123 is marked to subscriber interface module 121
Feedback completes.
Monitor user's operation to file by monitoring module 13, generate the instruction corresponding to user operation, by marking close mould
In database file under the block 12 file place drive to being operated, the mark confidential information of storage performs write, reads, revises, answers
Make, paste, the operation such as deletion so that the mark confidential information of this document will not be lost when file is moved into any position.
In preferred embodiment, being used encryption storage by the file that mark is close, Cipher Strength is more than 128.
The present invention also discloses a kind of files-designated decryption method.Fig. 6 show according to file one embodiment of the present invention open
Mark decryption method flow chart.In this embodiment, create under this document mark decryption method is included in each drive of hard disc of computer
Build database file (step S001);Monitoring user's operation to file, will mark confidential information write into Databasce according to user instruction
In file (step S002);Mark secret letter database file under the drive relevant to this user operation stored according to this instruction
Breath carries out operating (step S003).Wherein, as it is shown in fig. 7, the step of confidential information write into Databasce file will be marked according to user instruction
Suddenly farther include to call API and monitor user's operation to file, obtain the filename of file operated by user, file path
And user to the action type (step S021) of file operation and generates corresponding instruction (step according to the action type obtained
Rapid S022).
In certain embodiments, user specifically includes the close operation of the mark to file, replicates operation, shearing the operation of file
Operation and deletion action;Corresponding instruction includes marking close instruction, duplicate instructions, shearing instruction, deleting instruction.According to this
The operation that the mark confidential information that database file under the drive relevant to this user operation is stored by instruction is carried out specifically includes: root
According to the close instruction of this mark to by the data base's write under the drive of mark ciphertext part place or the mark confidential information of amendment this document;According to duplication
This mark confidential information being replicated file is read and replicates in instruction from the data base being replicated the drive of file place, and to stickup
File place drive under data base write this mark confidential information of duplication and the path of the file of stickup;According to shearing instruction
The mark confidential information of this shearing file is read and replicates from the data base being sheared the drive of file place, and to the file institute pasted
Data base under drive writes this mark confidential information of duplication and the path of the file of stickup, deletes simultaneously and is sheared file institute
The mark confidential information of this shearing file in the data base under drive;According to deleting instruction from the drive of deleted file place
Data base deletes the mark confidential information of this deleted file.
In certain embodiments, according to the close instruction of this mark to by the data base's write under the drive of mark ciphertext part place or amendment
This document mark confidential information step farther include: provide a user with alternative file level of confidentiality, it is provided that file level of confidentiality
Not higher than user's level of confidentiality, obtains the file level of confidentiality of user's actual selection, and file level of confidentiality write user selected is by mark ciphertext part
Data base under the drive of place.
In the preferred embodiment, in monitoring user's operation to file, according to user, the operation of file is generated corresponding
Provide a user with login interface before instruction, read the user name of input when user logs in, obtain user's level of confidentiality.
In the preferred embodiment, files-designated decryption method is implemented as:
The database file of one entitled " sensinfo.db " is created under each drive of hard disc of computer.When carry out
When marking close, the security information of selection is write in " sensinfo.db " database file.In database file, record mark is close
People, mark the information such as close time, filename, file full path footpath.
Provide a user with log-in interface, read the user name of input when user logs in, obtain what other application systems provided
Or user's level of confidentiality of this user name obtained is retrieved by user name.In certain embodiments, user is not logged in the close system of files-designated
File then can not be marked close or modify file level of confidentiality by system.In an embodiment of the present invention, Login method can be used
Log on to the close system of files-designated, when exiting, use Logout method to be unregistered.The user being not logged in can pass through GetSensInfo
Method obtains mark ciphertext part security information, obtains the size of file also by GetFileLength.
Call API and monitor user's operation to file, catch that user's mark of carrying out file is close, replicate, shear, deletion etc.
Operation generates corresponding instruction, and obtains the operating time of the filename of file destination, file path, user.
As monitored user, file destination is carried out the close operation of files-designated, then generate and mark close instruction, provide a user with the highest
Optional file level of confidentiality in user's level of confidentiality selects for user, and reads the file level of confidentiality that user selects.And by file level of confidentiality, user
The operated filename of file, file path and user is to the data base under file operation time write file destination drive
File, completes the close operation of the mark to file destination.
The mark confidential information of file destination is modified operation as monitored user, then generate and mark close instruction, carry to user
Optional file level of confidentiality for not higher than user's level of confidentiality selects for user.Read the file level of confidentiality of user's selection and obtain file destination
Filename, file path, the operating time of user.And by file level of confidentiality, the filename of file destination, file path and use
Family, to the database file under file operation time write file destination drive, completes to mark file destination the amendment of confidential information
Operation.
Carry out file destination replicating operation as monitored user, then generate duplicate instructions, from being replicated file place dish
Data base under Fu reads and replicates this mark confidential information being replicated file, the data base under the file place drive pasted
This mark confidential information of write duplication and the path of the file of stickup, complete the operation of the duplication to file destination.
As monitored user, file destination is carried out shearing manipulation, then generate and shear instruction, from being sheared file place dish
Data base under Fu reads and replicates the mark confidential information of this shearing file, and the data base under the file place drive pasted
This mark confidential information of write duplication and the path of the file of stickup, delete simultaneously and be sheared the data base under the drive of file place
In the mark confidential information of this shearing file;Complete the shearing manipulation to file destination.
As monitored user, file destination is carried out deletion action, then generate and delete instruction, from deleted file place dish
Data base under Fu deletes the mark confidential information of this deleted file, completes the shearing manipulation to file destination.
By monitoring user's operation to file, generate the instruction corresponding to user operation, to the file place operated
In database file under drive the mark confidential information of storage performs write, read, revise, replicate, paste, deletion etc. operates, from
And the mark confidential information of this document will not be lost when making file be moved into any position.
With other application systems, such as with the use of mailing system, Subscriber Management System or other file need to be marked
Close operation, mark ciphertext part and file level of confidentiality are carried out the system of management and control.The close system of files-designated provides integrated interface, and other apply system
System can use files-designated decryption method file to be marked close and mark ciphertext part and the management and control of level of confidentiality, obtains and mark close work by interface
Tool information, mark close grade and file download is set.Other application systems can carry out file by ChooseDownloadDir method
Downloading, the files-designated confidential information after download will not be lost.
System close with files-designated with the use of mailing system use tower management, for non-flat structure, can be to transmission
The mail received carries out security classification settings, addressee and sender is carried out security classification settings, configures corresponding approval process, supervises transfer
Daily record, to nonstandard close file content audits and compliance, copies to the data base of storage mark confidential information by the full text of transmission file, to concerning security matters,
Classified papers are taked behavior audits and compliance, record to transmit behavior and are marked the data base of confidential information to storage, for relevant personnel inquiry, thus shut out
The unordered diffusion of file absolutely.Mailing system, by IE control and the close instrument communication of mark, to access security level identification information, is only marked
Close file could be uploaded as adnexa and send;During security documents system start-up the most locked, other processes cannot access, anti-
Only mark confidential information is accessed by other processes and distorts.Mark close instrument can make with authorized third party application by open interface
With, to obtain or to arrange mark confidential information.
The close system of files-designated can provide to other application systems and mark close record of the audit, and the close system of files-designated passes through http protocol
Information is transmitted by the Web address calling other application systems, and reception audit information is carried out record by other application systems.
Those skilled in the art is under conditions of the spirit and scope of the present invention determined without departing from claims, also
Above content can be carried out various amendment.Therefore the scope of the present invention is not limited in above explanation, but by
The scope of claims determines.
Claims (8)
1. the close system of files-designated, is equipped on operating system platform, it is characterised in that include DBM, mark close
Module and relating module;
This DBM creates database file under each drive of hard disc of computer, this database file store files quilt
Mark close time, by the filename of mark ciphertext part, by the file full path footpath of mark ciphertext part and file level of confidentiality;
This relating module associates with this operating system, monitors user's operation to file, generates the operation of file according to user
This instruction is also transmitted to the close module of this mark by command adapted thereto;
The close module of this mark receives the instruction of this relating module transmission, create this DBM according to this instruction and this use
The file of the database file storage under the drive that the operation at family is relevant is marked close time, by the mark filename of ciphertext part, quilt
File full path footpath and the file level of confidentiality of mark ciphertext part carry out corresponding operating;
Wherein, this relating module includes data obtaining module and directive generation module;
This data obtaining module calls API and monitors user's operation to file, obtains the filename of file operated by user, literary composition
Part path, user are to the action type of file operation and operating time;
This directive generation module generates corresponding instruction according to the action type that this data obtaining module obtains;
The operation of file is included by described user: the user close operation of mark, duplication operation, shearing manipulation and deletion behaviour to file
Make;This directive generation module generates the close instruction of mark, duplicate instructions, shearing instruction accordingly, deletes instruction;
The close module of this mark:
According to the close instruction of this mark to by the data base's write under the drive of mark ciphertext part place or the mark confidential information of amendment this document;
From the data base being replicated the drive of file place, read and replicate this mark being replicated file according to duplicate instructions close
Information, and to paste file place drive under data base write this mark confidential information of duplication and the road of the file of stickup
Footpath;
Read and replicate the mark confidential information of this shearing file from the data base being sheared the drive of file place according to shearing instruction,
And the data base under the file place drive pasted writes this mark confidential information of duplication and the path of the file of stickup, simultaneously
Delete the mark confidential information of this shearing file being sheared in the data base under the drive of file place;
According to deleting the mark confidential information deleting this deleted file in instruction data base from the drive of deleted file place.
The close system of files-designated the most according to claim 1, it is characterised in that the close module of this mark according to the close instruction of this mark to quilt
Data base's write or the mark confidential information of amendment this document under mark ciphertext part place drive farther include: the close module of this mark to
Family provides alternative file level of confidentiality, obtains the file level of confidentiality of user's actual selection, file level of confidentiality write user selected
By the data base under the drive of mark ciphertext part place.
The close system of files-designated the most according to claim 2, it is characterised in that what the close module of this mark provided a user with is available for choosing
The file level of confidentiality selected is not higher than user's level of confidentiality.
The close system of files-designated the most according to claim 1, it is characterised in that the close system of this document mark also includes that user logs in
Module, this user log-in block provides a user with log-in interface, reads the user name of user's input, obtains user's level of confidentiality, will use
Name in an account book and user's level of confidentiality are transmitted to the close module of this mark.
5. a files-designated decryption method, it is characterised in that the method includes:
Under each drive of hard disc of computer, create database file store files marked close time, literary composition by mark ciphertext part
Part name, by the mark file full path footpath of ciphertext part and file level of confidentiality;
Monitoring user's operation to file, generates corresponding instruction according to user to the operation of file;
Close time, quilt is marked according to the file that the database file under the drive relevant to this user operation is stored by this instruction
Mark the filename of ciphertext part, operated by file full path footpath and the file level of confidentiality of mark ciphertext part;
Wherein, described monitoring user's operation to file, according to user, file is operated the corresponding step instructed of generation and enter
One step includes: calls API and monitors user's operation to file, obtain the filename of file operated by user, file path with
And the action type that user is to file operation, generate corresponding instruction according to the action type obtained;
Described user includes the close operation of the mark to file, replicates operation, shearing manipulation and deletion action the operation of file;Institute
State corresponding instruction to include marking close instruction, duplicate instructions, shearing instruction, deleting instruction;
The described mark confidential information stored the database file under the drive relevant to this user operation according to this instruction is grasped
The step made farther includes:
According to the close instruction of this mark to by the data base's write under the drive of mark ciphertext part place or the mark confidential information of amendment this document;
From the data base being replicated the drive of file place, read and replicate this mark being replicated file according to duplicate instructions close
Information, the data base under the file place drive pasted writes this mark confidential information of duplication and the path of the file of stickup;
Read and replicate the mark confidential information of this shearing file from the data base being sheared the drive of file place according to shearing instruction,
And the data base under the file place drive pasted writes this mark confidential information of duplication and the path of the file of stickup, simultaneously
Delete the mark confidential information of this shearing file being sheared in the data base under the drive of file place;
According to deleting the mark confidential information deleting this deleted file in instruction data base from the drive of deleted file place.
Files-designated decryption method the most according to claim 5, it is characterised in that described according to the close instruction of this mark to by mark ciphertext
Data base's write or the step of the mark confidential information of amendment this document under the drive of part place farther include: provide a user with and be available for
The file level of confidentiality selected, obtains the file level of confidentiality of user's actual selection, and file level of confidentiality write user selected is by mark ciphertext part
Data base under the drive of place.
Files-designated decryption method the most according to claim 6, it is characterised in that described in provide a user with alternative file
Level of confidentiality is not higher than user's level of confidentiality.
Files-designated decryption method the most according to claim 5, it is characterised in that monitoring user's operation to file, according to
User also includes before file operates the step generating corresponding instruction: provide a user with login interface, reads user and steps on
The user name of input during record, obtains user's level of confidentiality.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201110320966.XA CN102902931B (en) | 2011-07-28 | 2011-10-20 | The close system of files-designated and files-designated decryption method |
Applications Claiming Priority (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2011102144564 | 2011-07-28 | ||
| CN201110214456.4 | 2011-07-28 | ||
| CN201110214456 | 2011-07-28 | ||
| CN201110320966.XA CN102902931B (en) | 2011-07-28 | 2011-10-20 | The close system of files-designated and files-designated decryption method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102902931A CN102902931A (en) | 2013-01-30 |
| CN102902931B true CN102902931B (en) | 2016-12-14 |
Family
ID=
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826964A (en) * | 2010-04-02 | 2010-09-08 | 无锡华御信息技术有限公司 | Outgoing document security management system supporting collaboration |
| CN102006302A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Method for identifying security classification of electronic file |
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101826964A (en) * | 2010-04-02 | 2010-09-08 | 无锡华御信息技术有限公司 | Outgoing document security management system supporting collaboration |
| CN102006302A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Method for identifying security classification of electronic file |
Non-Patent Citations (3)
| Title |
|---|
| 涉密信息系统内电子文件密级标志的需求与应用分析;耿伟;《学术交流》;20110310(第3期);第45-49页 * |
| 电子文件密级标志相关技术浅析;李梅梅;《研究所专栏》;20110510(第5期);第31-34页 * |
| 电子文件密级管理系统的关键技术与设计;王文宇等;《学术研究》;20091010(第10期);第113-117页 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10079789B2 (en) | Shared attachments | |
| US10242225B2 (en) | Systems and methods for facilitating relationship management | |
| CN102193899B (en) | System and method for the data of the multiple environment of management spanning | |
| CN103078881B (en) | Internet resources Download Info share control system and method | |
| AU2012323244B2 (en) | Systems and methods for controlling access to content distributed over a network | |
| CN108111585A (en) | Distributed storage method based on block chain | |
| CN101043519B (en) | Network storage system | |
| US9712510B2 (en) | Systems and methods for securely submitting comments among users via external messaging applications in a cloud-based platform | |
| US20120173633A1 (en) | Email conversation management support | |
| US20150326512A1 (en) | Message transmission system and method for a structure of a plurality of organizations | |
| EP4293529A2 (en) | Apparatuses, methods, and computer program products for data retention in a common group-based communication channel | |
| US20140222478A1 (en) | Method and system for creating and managing schedule on basis of social network | |
| US10645066B2 (en) | Rights controlled communication | |
| CN103108009B (en) | File sharing method based on off-line space and device | |
| CN109005058A (en) | A kind of intelligence system control platform and management-control method | |
| CN107426223A (en) | Cloud file encryption and decryption method, encryption and decryption device and processing system | |
| CN104504079B (en) | A kind of picture and text file data outgoing method based on PDM | |
| CN102780721A (en) | Picture sharing method and picture sharing device for network albums | |
| CN110334068A (en) | A kind of organizing cooperating's implementation method, apparatus and system | |
| KR20100059185A (en) | System and method for transferring encrypted document | |
| CN104657677A (en) | File encryption method based on alternate data streams | |
| CN101005643A (en) | Personal comprehensive network service and information system facing mobile terminal customer | |
| US20150327064A1 (en) | Message transmission system and method for a structure of a plurality of organizations | |
| CN109274809A (en) | Address list creation method, device, terminal and storage medium | |
| CN102902931B (en) | The close system of files-designated and files-designated decryption method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20161214 Termination date: 20191020 |