CN102930225A - Electronic document access control method based on confidential identifier - Google Patents
Electronic document access control method based on confidential identifier Download PDFInfo
- Publication number
- CN102930225A CN102930225A CN2012104116065A CN201210411606A CN102930225A CN 102930225 A CN102930225 A CN 102930225A CN 2012104116065 A CN2012104116065 A CN 2012104116065A CN 201210411606 A CN201210411606 A CN 201210411606A CN 102930225 A CN102930225 A CN 102930225A
- Authority
- CN
- China
- Prior art keywords
- file
- level
- confidentiality
- user
- document
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses an electronic document access control method based on a confidential identifier, and the method comprises the following steps of establishing a confidential identifier and creating a document; controlling file access of a user, controlling confidential approval and controlling the confidential alteration; and carrying out the confidential identification on a security level of an electronic document when the electronic document is created by the user, wherein the confidential identifier is created by virtue of a document identifier (ID) number and is exclusive so as to guarantee the confidential identifier to be inseparable with an information main body, however, the security level of the document can still altered still at the moment. When the user launches a confidential approval flow, after the flow is approved, the security level of the document cannot be alternated, if a confidential alteration flow is not launched for the document subjected to the confidential approval, the confidentiality of the document cannot be changed, and thus, the confidential identifier can be protected against random tampering.
Description
Technical field
The present invention relates to a kind of electronic document access control technology based on security level identification, particularly to the access control of office Doctype security level identification.
Background technology
Along with the high speed development of infotech and the continuous propelling of informatization, increasing file all transmits with the form of electronic document and preserves, electronic document has become the important carrier of enterprise key data, the necessary core data assets of enterprise development have been become, in case the secret leaking event occurs, will badly influence the existence of enterprise development or even enterprise.Just at present, the security of e-file still is faced with following many security risks:
1) present stage most of enterprise e-file still be in the distributed storage stage, distributed store is in each terminal, and all is the form storage with expressly basically.Pay close attention to the enterprise of Information Security for some; also taked the part measure to strengthen safe and secret management to e-file; for example implement the terminal security securing software and forbid some hardware device or interfaces commonly used; the physical interface of closed computation machine prevents that the unrest of individual USB flash disk from inserting and abuses etc.; these measures can be played protection and the control action to the terminal e-file to a certain extent; but as long as the network interface card of terminal can work; by the direct-connected e-file that just can get access to very easily terminal of netting twine, cause the leakage of enterprise key data.
2) for the security level identification technological means imperfection of e-file, e-file should carry out the file grade classification according to its significance level, and should strictly control the scope of knowing of important e-file as the carrier of carrying enterprise key data.For commercial company, there is the e-file of two kinds of grades to I haven't seen you for ages: core secret of the trade, general secret of the trade, this two kinds of grades definite according to the significance level of e-file for commercial company.For national public institution, state administration mechanism, there are four kinds at least in definition for the file grade: top secret, secret, secret, open, complete in the state's laws clause for defining of these grades, and, the fixed close of electronic document for concerning security matters must be according to the fixed close requirement of country, strictly fulfil surely close person liable's system, yet, although present stage is useful on the technological means of electronic document security level identification, but only arrange based on the file extent attribute, the file level of confidentiality can arbitrarily be changed, security level identification after can't accomplishing to identify and document body are inseparable can not arbitrarily be distorted, cause the enterprise key data resource, the illegal diffusion of country's sensitive information badly influences Business survival and national security.
Therefore, realize that security level identification truly is imperative, realize that the electronic document access control based on security level identification is the important measures of guaranteeing that data asset information is safe and secret.
Summary of the invention
The object of the invention is to provide a kind of security level identification technology for electronic document, solve and lack at present effective technological gap to the electronic document security level identification, guarantee security level identification and document body is inseparable can not arbitrarily distort, the Lawful access of strict control electronic document guarantees that the access of electronic document is not illegally spread.
The present invention adopts following technological means to realize:
A kind of electronic document access control method based on security level identification comprises: set up security level identification, create file; The control of user's access file, level of confidentiality authorization control, level of confidentiality change control;
Security level identification refers to shielded e-file is divided the also sign of given respective level level of confidentiality of safe class; The file type that will control is added special file header, and security level identification is stored in the file header, by filter Driver on FSD, the control application process is carried out verification to file header information first before opening file, verification by after can operate file; Comprise: the file ID of file unique identification information; The version number of current file version information; Verify the current whether mandate proof test value of legal mandate; The author information of current file; The security information of current file; Guarantee that security level identification and main information are inseparable, the level of confidentiality proof test value that can not distort; The establishment of file, the document time of modification time; Server is carried out computing to the encryption key of file, the keycheck value of storage check information; In order to the ISSECRT:1bit zone bit of indicating file content whether to encrypt; Whether the file level of confidentiality has been carried out self-defining ISMARK:1bit zone bit in order to indicating user; In order to indicate the file security level identification whether to allow the ISFIX:1bit zone bit of revising; Whether initiated the ISAPLY:1bit zone bit of level of confidentiality authorization in order to indicating user; Whether passed through the ISPSAP:1bit zone bit of examining in order to the file level of confidentiality that indicating user is submitted to; Whether initiated the ISCHAG:1bit zone bit of level of confidentiality change in order to indicating user; In order to indicate file whether to be in the ISOPEN:1bit zone bit of open mode;
Creating file user access file comprises: user A creates a process, in order to initiate the operation of new files; The client of user A captures the operation of user's new files; Client is the file header sign of a correspondence of document creation; This operation of client is transparent to user A; Client is appended to the head of file automatically with the file header that creates, and its text with file is bound; After finishing the Document Editing preservation, the file that client will have been bound file header is kept at subscriber's local; Client is sent to server with the file header information of this document; The file header information that server sends client is stored in the server background database;
The control of user's access file comprises: after the client of user B captured the opening operation of user B to this document, automatic and server connected; Whether client is searched this document and can be accessed by user B from the server background database: if can, then the file header information that this document is corresponding is downloaded to client; If can not, client can't be obtained the file header information of this document; After client gets access to file header information, then according to the main contents of file header information, comprise: the information such as security information, mandate proof test value, ISSECRT, ISMARK, ISFIX, ISAPLY, ISPSAP, ISCHAG, ISPSCHA, can whether personnel's level of confidentiality of judging user B be corresponding with the level of confidentiality of this document, conduct interviews to this document; If personnel's level of confidentiality of user B is not less than this document level of confidentiality, then user B can be to this document operation that conducts interviews; If personnel's level of confidentiality of user B is less than this document level of confidentiality, then user B can not be to the file operation that conducts interviews;
Level of confidentiality authorization control, comprise: user selection ciphertext part undetermined, submit to the level of confidentiality authorization to apply for that to server, system authorizes flow process according to level of confidentiality, application is committed to the approver place, if examine by, the system made client is connected with the communication of service end, and with security level identification information writing in files head, the information of file identification is changed into " having finished the level of confidentiality authorization ", when the document is edited preservation again, can't the level of confidentiality of this document be changed, only show the level of confidentiality attribute of current file;
Level of confidentiality change control is only for the file of finishing the level of confidentiality authorization; Comprise: by user selection level of confidentiality change file, and fill in level of confidentiality modification application information to server, system is according to the level of confidentiality changing process, if examine by, the system made client is connected with the communication of service end, and security information writing in files head that will be after changing, when intensive file after change successfully is edited preservation again, can't the level of confidentiality of this document be changed, only show the level of confidentiality attribute of current file.
Aforesaid ISSECRT=1 represents that file content is ciphertext, and ISSECRT=0 represents that file content is expressly.
Aforesaid ISMARK=1 represents to have carried out self-defined, and that ISMARK=0 represents not carry out is self-defined, the file level of confidentiality is defaulted as inside.
Aforesaid ISFIX=1 represents that security level identification allows to revise, and ISFIX=0 represents that security level identification does not allow to revise.
Aforesaid ISAPLY=1 represents that the user has applied for the level of confidentiality authorization, and ISAPLY=0 represents that the user does not apply for the level of confidentiality authorization.
Aforesaid ISPSAP=1 represents the file level of confidentiality by audit, and ISPSAP=0 represents that the file level of confidentiality is not by audit.
Aforesaid ISCHAG=1 represents that the user has applied for the level of confidentiality change, and ISCHAG=0 represents that the user does not apply for the level of confidentiality change.
The level of confidentiality that represents aforesaid ISPSCHA=1 changes audit to be passed through, and ISPSCHA=0 represents that new file level of confidentiality is by audit.
Aforesaid ISOPEN=1 represents that file is in open mode, and ISOPEN=0 represents that file is in closed condition.
The present invention compared with prior art has following obvious advantage and beneficial effect:
Utilization is in technical scheme of the present invention, when the user creates a e-file, can carry out security level identification to the safe class of this document, security level identification is by file ID number establishment, and unique, guaranteed the inseparable of security level identification and information agent, but the file security grade of this moment can be changed still.When the user initiates level of confidentiality authorization flow process, after workflow examination and approval passed through, the file security grade of this moment then can't be changed, if the file after the level of confidentiality authorization is not initiated the level of confidentiality changing process, then can't make amendment to the level of confidentiality of this document, guarantee can not arbitrarily distorting of security level identification.
Description of drawings
Fig. 1 creates document flowchart for the user;
Fig. 2 is user's access file process flow diagram;
Fig. 3 is level of confidentiality authorization schematic flow sheet;
Fig. 4 is level of confidentiality changing process synoptic diagram.
Embodiment
Below in conjunction with Figure of description specific embodiments of the invention are illustrated.
Formulate security level identification; Security level identification refers to shielded e-file is carried out the safe class definition according to corresponding level of confidentiality authorization flow process, and the level of confidentiality of e-file is in case determine, namely can guarantee the security level identification that it is corresponding and the e-file information agent is inseparable can not arbitrarily distort.If need to change the security level identification of e-file, then need to carry out the change of safe class according to corresponding level of confidentiality changing process, change successfully after, security level identification still can not arbitrarily be distorted with the e-file information agent is inseparable.
The safe class of file, personnel's safe class all can define according to actual demand, at this, the safe class of file are defined as: secret, secret, inner, open, core merchant is close, general Shang Mi etc.; Personnel's safe class is defined as: core person, important persons, general personnel.Different security level identification authority and access control right that the personnel of different safety class have the file of different safety class, concrete access control policy is as follows:
Core person: all safe classes that can defined file (secret, secret, inner, open, core merchant is close, generally discuss close), and can access all safe classes file (secret, secret, inner, open, core merchant is close, generally discuss close);
Important persons: can definitional part file security grade (secret, secret, inner, open, core merchant is close, generally discuss close), and file that can the access portion safe class (secret, secret, inner, open, core merchant is close, generally discuss close);
General personnel: only can define the respective files safe class (secret, inner, open, core merchant is close, generally discuss close), and only can access indivedual safe classes file (secret, inner, open, core merchant is close, generally discuss close);
Based on the electronic document access control of security level identification, comprise that four parts such as security level identification, level of confidentiality authorization, level of confidentiality change, access control right form.
The file type that will control is added special file header, and security level identification is stored in the file header, recycling filter Driver on FSD technology, the control application process is carried out verification to file header information first before opening file, verification by after can operate file.
File header defines as shown in Table 1:
Table one
● file ID: 10 bytes, file unique identification information.
● version number: 1 byte, current file version information.
● authorize proof test value: 128 bytes, license information is verified current whether legal mandate.
● author information: 10 bytes, the author information of current file, ID users.
● security information: 1 byte, the security information of current file.
● the level of confidentiality proof test value: 512 bytes, guarantee that security level identification and main information are inseparable, can not distort.
● document time: 1 byte, the information such as the establishment of file, modification time.
● keycheck value: 128 bytes, server is carried out the MD5 computing, the check information of storage to the encryption key of file.
● ISSECRT:1bit, whether zone bit is encrypted in order to indicate file content; ISSECRT=1 represents that file content is ciphertext, and ISSECRT=0 represents that file content is expressly.
● ISMARK:1bit, whether zone bit has carried out self-defined to the file level of confidentiality in order to indicating user; ISMARK=1 represents to have carried out self-defined, and that ISMARK=0 represents not carry out is self-defined, the file level of confidentiality is defaulted as inside.
● ISFIX:1bit, whether zone bit allows to revise in order to indicate the file security level identification; ISFIX=1 represents that security level identification allows to revise, and ISFIX=0 represents that security level identification does not allow to revise.
● ISAPLY:1bit, whether zone bit has initiated level of confidentiality authorization flow process in order to indicating user, and ISAPLY=1 represents that the user has applied for the level of confidentiality authorization, and ISAPLY=0 represents that the user does not apply for the level of confidentiality authorization.
● ISPSAP:1bit, whether zone bit has passed through audit in order to the file level of confidentiality that indicating user is submitted to, and ISPSAP=1 represents the file level of confidentiality by audit, and ISPSAP=0 represents that the file level of confidentiality is not by audit.
● ISCHAG:1bit, whether zone bit has initiated the level of confidentiality changing process in order to indicating user; ISCHAG=1 represents that the user has applied for the level of confidentiality change, and ISCHAG=0 represents that the user does not apply for the level of confidentiality change.
● ISPSCHA:1bit, whether zone bit is in order to indicate the level of confidentiality modification application by audit; The level of confidentiality that represents ISPSCHA=1 changes audit to be passed through, and ISPSCHA=0 represents that new file level of confidentiality is by audit.
● ISOPEN:1bit, whether zone bit is in open mode in order to indicate file, and ISOPEN=1 represents that file is in open mode, and ISOPEN=0 represents that file is in closed condition.
● other: can expand according to other demands self-defined.
See also shown in Figure 1ly, be to create the flow process of file.
1, user A creates a process, in order to initiate the operation of new files;
2, the client of user A captures the operation of the new files of user A;
3, client is the file header sign of a correspondence of document creation, the content that this document leader is known comprises the file ID number, version number, mandate, mandate proof test value, author information, security information, document time, keycheck value, other fields of file etc., and this operation of client is transparent to user A;
4, client is appended to the head of file automatically with the file header that creates, and its text with file is bound;
5, user A perception is less than all operations of client in the whole process, and after finishing the Document Editing preservation, the file that client will have been bound file header is kept at user A this locality;
6, client is sent to server with the file header information of this document;
7, server file header information that client is sent is stored in the server background database.
See also shown in Figure 2ly, be user's access file process flow diagram.
1, after the client of user B captured the opening operation of user B to this document, automatic and server connected.
2, whether client is searched this document and can be accessed by user B from the server background database: if can, then the file header information that this document is corresponding is downloaded to client; If can not, client can't be obtained the file header information of this document.
3, after client gets access to file header information, then according to the main contents of file header information, comprise: the information such as security information, mandate proof test value, ISSECRT, ISMARK, ISFIX, ISAPLY, ISPSAP, ISCHAG, ISPSCHA, can whether personnel's level of confidentiality of judging user B be corresponding with the level of confidentiality of this document, conduct interviews to this document.
If personnel's level of confidentiality of 4 user B is not less than this document level of confidentiality, then user B can be to this document operation that conducts interviews; If personnel's level of confidentiality of user B is less than this document level of confidentiality, then user B can not be to the file operation that conducts interviews.
5, the client of user B utilizes HOOK technology supervisory user B no outside extent of competence to the operation of this document under the further control of authorization message, and assurance user B is legal to file operation.
See also shown in Figure 3ly, be level of confidentiality authorization schematic flow sheet.
User selection ciphertext part undetermined, submit to the level of confidentiality authorization to apply for to server, system authorizes flow process according to level of confidentiality, and application is committed to approver place, if examine by, the system made client is connected with the communication of service end, and, the information of file identification is changed into " having finished the level of confidentiality authorization " with security level identification information writing in files head, when the document when editor preserves again, can't the level of confidentiality of this document be changed, only show the level of confidentiality attribute of current file.
See also shown in Figure 4ly, be level of confidentiality changing process synoptic diagram.
The level of confidentiality change is only for the file of finishing the level of confidentiality authorization.By user selection level of confidentiality change file, and fill in level of confidentiality modification application information to server, system is according to the level of confidentiality changing process, if examine by, the system made client is connected with the communication of service end, and security information writing in files head that will be after changing, when intensive file after change successfully is edited preservation again, can't the level of confidentiality of this document be changed, only show the level of confidentiality attribute of current file.
After e-file, personnel being carried out the level of confidentiality definition, again in conjunction with level of confidentiality authorization, level of confidentiality change, can realize the electronic document access control based on security level identification, strict control core e-file know scope, can effectively guarantee the safe and secret of enterprise key data resource.
Claims (9)
1. the electronic document access control method based on security level identification is characterized in that may further comprise the steps: set up security level identification, create file; The control of user's access file, level of confidentiality authorization control, level of confidentiality change control;
Described security level identification is for dividing the sign of safe class and given respective level level of confidentiality to shielded e-file; The file type that will control is added special file header, and security level identification is stored in the file header, by filter Driver on FSD, the control application process is carried out verification to file header information first before opening file, verification by after can operate file; Comprise: the file ID of file unique identification information; The version number of current file version information; Verify the current whether mandate proof test value of legal mandate; The author information of current file; The security information of current file; Guarantee that security level identification and main information are inseparable, the level of confidentiality proof test value that can not distort; The establishment of file, the document time of modification time; Server is carried out computing to the encryption key of file, the keycheck value of storage check information; The ISSECRT:1bit zone bit whether the indication file content has been encrypted; Whether indicating user has carried out self-defining ISMARK:1bit zone bit to the file level of confidentiality; Indicate the file security level identification whether to allow the ISFIX:1bit zone bit of revising; Whether indicating user has initiated the ISAPLY:1bit zone bit of level of confidentiality authorization; Whether the file level of confidentiality that indicating user is submitted to has passed through the ISPSAP:1bit zone bit of audit; Whether indicating user has initiated the ISCHAG:1bit zone bit of level of confidentiality change; Whether the indication file is in the ISOPEN:1bit zone bit of open mode;
Described establishment file user access file comprises: user A creates a process, in order to initiate the operation of new files; The client of user A captures the operation of user's new files; Client is the file header sign of a correspondence of document creation; This operation of client is transparent to user A; Client is appended to the head of file automatically with the file header that creates, and its text with file is bound; After finishing the Document Editing preservation, the file that client will have been bound file header is kept at subscriber's local; Client is sent to server with the file header information of this document; The file header information that server sends client is stored in the server background database;
Described user's access file control comprises: after the client of user B captured the opening operation of user B to this document, automatic and server connected; Whether client is searched this document and can be accessed by user B from the server background database: if can, then the file header information that this document is corresponding is downloaded to client; If can not, client can't be obtained the file header information of this document; After client gets access to file header information, then according to the main contents of file header information, comprise: the information such as security information, mandate proof test value, ISSECRT, ISMARK, ISFIX, ISAPLY, ISPSAP, ISCHAG, ISPSCHA, can whether personnel's level of confidentiality of judging user B be corresponding with the level of confidentiality of this document, conduct interviews to this document; If personnel's level of confidentiality of user B is not less than this document level of confidentiality, then user B can be to this document operation that conducts interviews; If personnel's level of confidentiality of user B is less than this document level of confidentiality, then user B can not be to the file operation that conducts interviews;
Described level of confidentiality authorization control, comprise: user selection ciphertext part undetermined, submit to the level of confidentiality authorization to apply for that to server, system authorizes flow process according to level of confidentiality, application is committed to the approver place, if examine by, the system made client is connected with the communication of service end, and with security level identification information writing in files head, the information of file identification is changed into " having finished the level of confidentiality authorization ", when the document is edited preservation again, can't the level of confidentiality of this document be changed, only show the level of confidentiality attribute of current file;
Described level of confidentiality change control is only for the file of finishing the level of confidentiality authorization; Comprise: by user selection level of confidentiality change file, and fill in level of confidentiality modification application information to server, system is according to the level of confidentiality changing process, if examine by, the system made client is connected with the communication of service end, and security information writing in files head that will be after changing, when intensive file after change successfully is edited preservation again, can't the level of confidentiality of this document be changed, only show the level of confidentiality attribute of current file.
2. the electronic document access control method based on security level identification according to claim 1, it is characterized in that: described ISSECRT=1 represents that file content is ciphertext, ISSECRT=0 represents that file content is expressly.
3. the electronic document access control method based on security level identification according to claim 1, it is characterized in that: described ISMARK=1 represents to have carried out self-defined, and that ISMARK=0 represents not carry out is self-defined, the file level of confidentiality is defaulted as inside.
4. the electronic document access control method based on security level identification according to claim 1 is characterized in that: described ISFIX=1 represents that security level identification allows to revise, and ISFIX=0 represents that security level identification does not allow to revise.
5. the electronic document access control method based on security level identification according to claim 1 is characterized in that: described ISAPLY=1 represents that the user has applied for the level of confidentiality authorization, and ISAPLY=0 represents that the user does not apply for the level of confidentiality authorization.
6. the electronic document access control method based on security level identification according to claim 1 is characterized in that: described ISPSAP=1 represents the file level of confidentiality by audit, and ISPSAP=0 represents that the file level of confidentiality is by audit.
7. the electronic document access control method based on security level identification according to claim 1 is characterized in that: described ISCHAG=1 represents that the user has applied for the level of confidentiality change, and ISCHAG=0 represents that the user does not apply for the level of confidentiality change.
8. the electronic document access control method based on security level identification according to claim 1 is characterized in that: described ISPSCHA=1 represents that level of confidentiality change audit passes through, and ISPSCHA=0 represents that new file level of confidentiality is by audit.
9. the electronic document access control method based on security level identification according to claim 1, it is characterized in that: described ISOPEN=1 represents that file is in open mode, and ISOPEN=0 represents that file is in closed condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104116065A CN102930225A (en) | 2012-10-25 | 2012-10-25 | Electronic document access control method based on confidential identifier |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2012104116065A CN102930225A (en) | 2012-10-25 | 2012-10-25 | Electronic document access control method based on confidential identifier |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN102930225A true CN102930225A (en) | 2013-02-13 |
Family
ID=47645022
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2012104116065A Pending CN102930225A (en) | 2012-10-25 | 2012-10-25 | Electronic document access control method based on confidential identifier |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102930225A (en) |
Cited By (30)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103455599A (en) * | 2013-09-03 | 2013-12-18 | 北京网秦天下科技有限公司 | Method, equipment and system for data synchronism |
| CN104199900A (en) * | 2014-08-26 | 2014-12-10 | 中国航天科工集团第二研究院七〇六所 | Audit and analysis method based on file trajectory tracking trees |
| CN104426975A (en) * | 2013-09-03 | 2015-03-18 | 北京网秦天下科技有限公司 | Method, equipment and system for data synchronization |
| CN104657676A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File mandatory access control method and system thereof based on minifilter drive |
| CN104866768A (en) * | 2015-05-15 | 2015-08-26 | 深圳怡化电脑股份有限公司 | Startup control method and device for ATM (Automatic Teller Machine) operating system |
| CN105447397A (en) * | 2016-01-07 | 2016-03-30 | 成都卫士通信息产业股份有限公司 | File security level identification method based on kernel module |
| CN105827574A (en) * | 2015-01-07 | 2016-08-03 | 中国移动通信集团设计院有限公司 | File access system, file access method and file access device |
| CN105930742A (en) * | 2016-04-18 | 2016-09-07 | Ubiix有限公司 | Enterprise archive monitoring, transmitting and retransmitting method and device and applied communication equipment |
| WO2016202207A1 (en) * | 2015-06-15 | 2016-12-22 | 阿里巴巴集团控股有限公司 | Method and device for obtaining electronic document |
| CN106790159A (en) * | 2016-12-29 | 2017-05-31 | 成都三零盛安信息系统有限公司 | Level of confidentiality method of calibration and device |
| CN106790160A (en) * | 2016-12-29 | 2017-05-31 | 成都三零盛安信息系统有限公司 | Security level identification and method of calibration and device |
| WO2017143879A1 (en) * | 2016-02-23 | 2017-08-31 | 中兴通讯股份有限公司 | File permission management method and device |
| CN107133528A (en) * | 2017-05-02 | 2017-09-05 | 山东浪潮通软信息科技有限公司 | The level of confidentiality protection implementation method and device of a kind of database purchase |
| CN107180195A (en) * | 2017-05-18 | 2017-09-19 | 北京计算机技术及应用研究所 | Electronic document Life cycle safety protecting method based on safety label |
| CN108369579A (en) * | 2016-01-20 | 2018-08-03 | 微软技术许可有限责任公司 | Painting classifying content is painted on documentation section |
| CN108664797A (en) * | 2017-03-30 | 2018-10-16 | 北京北信源软件股份有限公司 | It is a kind of for pdf documents into rower it is close and verification method and device |
| CN109388952A (en) * | 2017-08-09 | 2019-02-26 | 普天信息技术有限公司 | A kind of method and apparatus of confidential document and security level identification binding |
| CN110059488A (en) * | 2018-01-19 | 2019-07-26 | 普天信息技术有限公司 | Security level identification management method and device |
| CN110166451A (en) * | 2019-05-20 | 2019-08-23 | 北京计算机技术及应用研究所 | A kind of lightweight electronic document transmitting control system and method |
| CN110414246A (en) * | 2019-06-19 | 2019-11-05 | 平安科技(深圳)有限公司 | Shared file method for managing security, device, terminal and storage medium |
| CN110516451A (en) * | 2019-07-24 | 2019-11-29 | 杭州电子科技大学 | The change of ciphertext part level of confidentiality, decryption alert notification method are determined in derivation based on block chain |
| CN110610103A (en) * | 2019-09-24 | 2019-12-24 | 成都卫士通信息安全技术有限公司 | Method and device for verifying confidential document |
| CN111324901A (en) * | 2020-02-19 | 2020-06-23 | 陈灿阳 | Method for creating and decrypting enterprise security encrypted file |
| CN111340459A (en) * | 2020-03-25 | 2020-06-26 | 江苏安泰信息科技发展有限公司 | Evaluation report management system and operation method for safety production and occupational health |
| CN111382451A (en) * | 2019-12-28 | 2020-07-07 | 成都卫士通信息产业股份有限公司 | Security level identification method and device, electronic equipment and storage medium |
| CN111756680A (en) * | 2019-03-29 | 2020-10-09 | 华为技术有限公司 | Data authentication method and device |
| CN112150113A (en) * | 2020-09-28 | 2020-12-29 | 建信金融科技有限责任公司 | Method, device and system for borrowing file data and method for borrowing data |
| CN112329057A (en) * | 2020-11-03 | 2021-02-05 | 平安信托有限责任公司 | Document management method, device, equipment and computer readable storage medium |
| CN112380554A (en) * | 2020-11-26 | 2021-02-19 | 北京京航计算通讯研究所 | Electronic document encryption calibration system and method based on operating system |
| CN112632525A (en) * | 2020-12-30 | 2021-04-09 | 南京中孚信息技术有限公司 | Method and device for limiting user to access electronic document |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030110131A1 (en) * | 2001-12-12 | 2003-06-12 | Secretseal Inc. | Method and architecture for providing pervasive security to digital assets |
| CN102006302A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Method for identifying security classification of electronic file |
-
2012
- 2012-10-25 CN CN2012104116065A patent/CN102930225A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030110131A1 (en) * | 2001-12-12 | 2003-06-12 | Secretseal Inc. | Method and architecture for providing pervasive security to digital assets |
| CN102006302A (en) * | 2010-12-03 | 2011-04-06 | 中国软件与技术服务股份有限公司 | Method for identifying security classification of electronic file |
Non-Patent Citations (2)
| Title |
|---|
| 曾鹏: "内核级文件密级标识关键技术研究", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 * |
| 边力等: "基于多维标识的文件分级保护模型", 《计算机工程》 * |
Cited By (39)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104426975A (en) * | 2013-09-03 | 2015-03-18 | 北京网秦天下科技有限公司 | Method, equipment and system for data synchronization |
| CN103455599A (en) * | 2013-09-03 | 2013-12-18 | 北京网秦天下科技有限公司 | Method, equipment and system for data synchronism |
| CN104199900A (en) * | 2014-08-26 | 2014-12-10 | 中国航天科工集团第二研究院七〇六所 | Audit and analysis method based on file trajectory tracking trees |
| CN104199900B (en) * | 2014-08-26 | 2017-09-26 | 中国航天科工集团第二研究院七〇六所 | Audit analysis method based on file trajectory track tree |
| CN105827574B (en) * | 2015-01-07 | 2019-07-05 | 中国移动通信集团设计院有限公司 | A kind of file access system, method and device |
| CN105827574A (en) * | 2015-01-07 | 2016-08-03 | 中国移动通信集团设计院有限公司 | File access system, file access method and file access device |
| CN104657676A (en) * | 2015-03-05 | 2015-05-27 | 北京安普诺信息技术有限公司 | File mandatory access control method and system thereof based on minifilter drive |
| CN104657676B (en) * | 2015-03-05 | 2017-11-07 | 北京安普诺信息技术有限公司 | A kind of file forced access control method driven based on microfiltration and its system |
| CN104866768A (en) * | 2015-05-15 | 2015-08-26 | 深圳怡化电脑股份有限公司 | Startup control method and device for ATM (Automatic Teller Machine) operating system |
| US11002180B2 (en) | 2015-06-15 | 2021-05-11 | Alibaba Group Holding Limited | Method and apparatus for securing communications using multiple encryption keys |
| WO2016202207A1 (en) * | 2015-06-15 | 2016-12-22 | 阿里巴巴集团控股有限公司 | Method and device for obtaining electronic document |
| CN106326763A (en) * | 2015-06-15 | 2017-01-11 | 阿里巴巴集团控股有限公司 | Method and device for obtaining electronic file |
| CN105447397A (en) * | 2016-01-07 | 2016-03-30 | 成都卫士通信息产业股份有限公司 | File security level identification method based on kernel module |
| CN108369579B (en) * | 2016-01-20 | 2022-12-20 | 微软技术许可有限责任公司 | Painting content classifications onto document parts |
| CN108369579A (en) * | 2016-01-20 | 2018-08-03 | 微软技术许可有限责任公司 | Painting classifying content is painted on documentation section |
| WO2017143879A1 (en) * | 2016-02-23 | 2017-08-31 | 中兴通讯股份有限公司 | File permission management method and device |
| CN105930742A (en) * | 2016-04-18 | 2016-09-07 | Ubiix有限公司 | Enterprise archive monitoring, transmitting and retransmitting method and device and applied communication equipment |
| CN106790160A (en) * | 2016-12-29 | 2017-05-31 | 成都三零盛安信息系统有限公司 | Security level identification and method of calibration and device |
| CN106790159A (en) * | 2016-12-29 | 2017-05-31 | 成都三零盛安信息系统有限公司 | Level of confidentiality method of calibration and device |
| CN106790160B (en) * | 2016-12-29 | 2019-09-17 | 成都三零盛安信息系统有限公司 | Security level identification and method of calibration and device |
| CN108664797A (en) * | 2017-03-30 | 2018-10-16 | 北京北信源软件股份有限公司 | It is a kind of for pdf documents into rower it is close and verification method and device |
| CN107133528A (en) * | 2017-05-02 | 2017-09-05 | 山东浪潮通软信息科技有限公司 | The level of confidentiality protection implementation method and device of a kind of database purchase |
| CN107180195A (en) * | 2017-05-18 | 2017-09-19 | 北京计算机技术及应用研究所 | Electronic document Life cycle safety protecting method based on safety label |
| CN109388952A (en) * | 2017-08-09 | 2019-02-26 | 普天信息技术有限公司 | A kind of method and apparatus of confidential document and security level identification binding |
| CN110059488A (en) * | 2018-01-19 | 2019-07-26 | 普天信息技术有限公司 | Security level identification management method and device |
| CN111756680A (en) * | 2019-03-29 | 2020-10-09 | 华为技术有限公司 | Data authentication method and device |
| CN110166451A (en) * | 2019-05-20 | 2019-08-23 | 北京计算机技术及应用研究所 | A kind of lightweight electronic document transmitting control system and method |
| CN110166451B (en) * | 2019-05-20 | 2021-11-16 | 北京计算机技术及应用研究所 | Lightweight electronic document transfer control system and method |
| CN110414246A (en) * | 2019-06-19 | 2019-11-05 | 平安科技(深圳)有限公司 | Shared file method for managing security, device, terminal and storage medium |
| CN110516451B (en) * | 2019-07-24 | 2021-03-02 | 杭州电子科技大学 | Block chain-based derived ciphertext piece secret level change and decryption reminding notification method |
| CN110516451A (en) * | 2019-07-24 | 2019-11-29 | 杭州电子科技大学 | The change of ciphertext part level of confidentiality, decryption alert notification method are determined in derivation based on block chain |
| CN110610103A (en) * | 2019-09-24 | 2019-12-24 | 成都卫士通信息安全技术有限公司 | Method and device for verifying confidential document |
| CN111382451A (en) * | 2019-12-28 | 2020-07-07 | 成都卫士通信息产业股份有限公司 | Security level identification method and device, electronic equipment and storage medium |
| CN111324901A (en) * | 2020-02-19 | 2020-06-23 | 陈灿阳 | Method for creating and decrypting enterprise security encrypted file |
| CN111340459A (en) * | 2020-03-25 | 2020-06-26 | 江苏安泰信息科技发展有限公司 | Evaluation report management system and operation method for safety production and occupational health |
| CN112150113A (en) * | 2020-09-28 | 2020-12-29 | 建信金融科技有限责任公司 | Method, device and system for borrowing file data and method for borrowing data |
| CN112329057A (en) * | 2020-11-03 | 2021-02-05 | 平安信托有限责任公司 | Document management method, device, equipment and computer readable storage medium |
| CN112380554A (en) * | 2020-11-26 | 2021-02-19 | 北京京航计算通讯研究所 | Electronic document encryption calibration system and method based on operating system |
| CN112632525A (en) * | 2020-12-30 | 2021-04-09 | 南京中孚信息技术有限公司 | Method and device for limiting user to access electronic document |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102930225A (en) | Electronic document access control method based on confidential identifier | |
| JP4443224B2 (en) | Data management system and method | |
| US8869299B2 (en) | Method and system for generating trusted security labels for electronic documents | |
| US20200082111A1 (en) | Security Application for Data Security Formatting, Tagging and Control | |
| CN107180195A (en) | Electronic document Life cycle safety protecting method based on safety label | |
| CN1848144A (en) | Electronic bill management system and electronic bill management device thereof | |
| CN110855428A (en) | Movie copyright protection method based on block chain | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| CN113468576B (en) | Role-based data security access method and device | |
| CN110166451A (en) | A kind of lightweight electronic document transmitting control system and method | |
| CN103824031A (en) | Method and system for guaranteeing security of electronic documents by using electronic document security labels | |
| CN112487458B (en) | Implementation method and system using government affair open sensitive data | |
| CN108664797A (en) | It is a kind of for pdf documents into rower it is close and verification method and device | |
| CN113505398A (en) | Method, system, electronic device and storage medium for safely sharing industrial big data | |
| CN107689957A (en) | A kind of digital certificate management method, electronic equipment, storage medium | |
| CN108632369A (en) | A kind of safe display management method of ship electronic drawing | |
| US11336628B2 (en) | Methods and systems for securing organizational assets in a shared computing environment | |
| CN111046405B (en) | Data processing method, device, equipment and storage medium | |
| CN117332391A (en) | Power distribution network data asset security access method and system considering authority hierarchical management and control | |
| CN116090000A (en) | File security management method, system, device, medium and program product | |
| CN114091015A (en) | Data processing method and system based on data security sandbox | |
| KR101349762B1 (en) | Method for protecting and menaging a personal information | |
| CN117592108A (en) | Interface data desensitization processing method and device | |
| CN110472423A (en) | A kind of nuclear power station file permission management method, device and equipment | |
| Lu et al. | DIFCS: a secure cloud data sharing approach based on decentralized information flow control |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130213 |