Content of the invention
For the deficiencies in the prior art, proposed by the present invention is a kind of full life of sensitive data based on finger print information implantation
Cycle management method, can prevent sensitive information from disorderly passing by data file and running off, by sensitive data management platform and plant
The finger print information entering file can grasp the Life cycle state of this sensitive document comprehensively, reaches the controlled effect to sensitive information
Really.
The technical scheme that the present invention realizes is as follows:
A kind of sensitive data full life cycle management method based on finger print information implantation, is setting up sensitive data management clothes
Under business end and terminal monitoring client, the client processing sensitive data file disposes filter Driver on FSD, its method is,
First, the finger print information pre-defining, in file write or modification, filter Driver on FSD solves to this document form
Analysis, and content is scanned comprehensively, once finding sensitive keys word, fingerprint rule is generated according to sensitive data management strategy.
The position of fingerprint implantation is determined according to the concrete form of file and executes implant procedure, then by correlation after finger print information implantation success
Information is sent to background data base, realizes the monitoring of sensitive document Life cycle by sensitive document management platform, and carries out
Display.
Finger print information implantation period be when sensitive data file produces, when sensitive data is operated,
Sensitive data transmission is implanted with when landing or when sensitive data stores.By sensitive data management platform and plant
The finger print information entering file can grasp the Life cycle state of this sensitive document comprehensively.
The further scheme of the present invention can be:Described implantation finger print information hereof should comprise sensitive data portion
Summary, terminal IP and the key element such as MAC, identity information, behavioural information dividing.
The further scheme of the present invention can be:The finger print information of described host-host protocol carries out adding using special purpose system algorithm
Close.
The further scheme of the present invention can be:Described fingerprint implantation position should reach maliciously do not deleted, distorted, pseudo-
Make and other effects, multiple implantation positions can be found and carry out the selection of implantation position using dynamic algorithm.
The further scheme of the present invention can be:The finger print information of described implantation carried out integrity before file use
Verification, when finger print information is destroyed, then file cannot use.
The inventive method can realize following safe effect:
The present invention passes through sensitive keys word and keyword relevance linkage information identification and retrieval, can prevent sensitive information from passing through to count
Disorderly pass according to file and run off, reach the controlled effect to sensitive information;Once sensitive data file is lost, can be believed by fingerprint
Breath management platform is reviewed sensitive data and is lost occurring source, reviews the compliance of sensitive document operation, is used for investigating responsible person concerned
Evidence obtaining;And by the implantation of finger print information, can dynamically grasp the distribution of the whole network sensitive information, reach sensitive letter
Comprehensive supervision of breath;And by the association between finger print information, can fully understand that this sensitive data file produces place, biography
Loser, receiver, user and final storage location, have reached sensitive data file Life cycle security management and control and supervision
Effect.
Specific embodiment
Technological means, creation characteristic, reached purpose and effect for making the present invention realize are easy to understand, with reference to
Specific embodiment, is expanded on further the present invention.
Referring to Fig. 1, the full life cycle management method of the sensitive data file based on finger print information implantation of the present invention, master
It is used for monitoring and manage sensitive data in lifecycle process such as generation, storage, operation, transmission and destructions.It includes work
Make module, this operational module includes filter Driver on FSD, keyword scan engine, finger print information generates, finger print information embeds, refers to
The representing of stricture of vagina information database and Life cycle.Under setting up sensitive data management service end and terminal monitoring client,
Terminal disposition client control software, the strategy that on the one hand execution service end pushes, on the other hand fingerprint is carried out to sensitive document
Implant row information of going forward side by side to report.Dispose database service in service end and set up corresponding database table, dispose Web application service
Device is used for inquiring about and obtains the relevant data message that the monitoring of data Life cycle is shown.Process the client of sensitive data file
Upper deployment filter Driver on FSD, by sensitive data file implant finger print information, the circulation process of tracking and monitoring fingerprint,
The effect of the Life cycle monitoring to sensitive data file and management is reached with this.Its step is as follows:
First, the analyzing step of operation file;In operation file write or modification, filter Driver on FSD is to this operation literary composition
Part form is parsed;In the present embodiment, file system filter driver calls scanning engine, and scanning engine automatically determines tray
Formula is simultaneously parsed, and secondly inquiry sensitive keys word scans demand and content is identified.
Then, the generation step of fingerprint rule;While filter Driver on FSD parses to this operation file form simultaneously
Content being scanned comprehensively, if finding the sensitive keys word pre-defining, being executed related information scanning, according to sensitive number
Generate fingerprint rule according to management strategy, otherwise terminate the implantation of finger print information.
Again, finger print information implantation step;The position of finger print information implantation is determined according to the concrete form of file and executes
Implant procedure;This implant procedure is to call fingerprint to implant the implantation that interface routine completes finger print information, the position tool of fingerprint implantation
Have multiple, implantation position is calculated using dynamic algorithm, maliciously do not deleted, distort and forge and other effects to reach;Wherein, transmit
The finger print information of agreement is encrypted using special purpose system algorithm.The finger print information of implantation had been carried out before operation file use
Whole property verification, when finger print information is destroyed, then operation file cannot use.
In the present embodiment, finger print information includes the summary info of sensitive data file, sensitivity rank, behavioural information, terminal
Assets information(Including IP, MAC, system account), user's assets information(Including address name, person in charge, user unit one belongs to
And department)Deng.Finger print information implantation period be when sensitive data file produces, sensitive data is operated when
Wait, sensitive data transmission is implanted with when landing or when sensitive data stores.
Finally, data base and monitoring sensitive document Life cycle step are uploaded;Then by phase after finger print information implantation success
Pass information is sent to the data base of sensitive data management platform, and realizes the full life of sensitive document by sensitive document management platform
The monitoring in cycle, and shown.This sensitive document management platform is that user passes through upper layer application management program and sensitive data
The data base of management platform interacts, and realizes Life cycle monitoring and the management of sensitive data file.
Above-mentioned finger print information implantation specifically includes following steps:
1)End users operation sensitive data file;
2)File system filter driver calls sensitive keys word scanning engine;
3)Sensitive keys word scanning engine automatically determines file format and is parsed;
4)Inquiry sensitive keys word scanning demand simultaneously is identified to content scanning;
5)As found, having sensitive keys word then scans to the related information of sensitive keys word, otherwise executes the 8th step;
6)Determine sensitive document rank, inquiry finger print information create-rule storehouse generates finger print information, and passes through file filter
Drive the functional interface calling implantation finger print information;
7)Finger print information is uploaded data base;
8)Complete finger print information implantation.
Client control software carrying out practically step is as follows:
1)User's downloading service system data, generation sensitive data, editor's sensitivity data;
2)Client control software probe is to new data file;
3)Client control software loads the identification of sensitive keys word and search engine;
4)Client control software loads keyword strategy and search strategy;
5)Execution keyword recognition and information retrieval;
6)According to retrieval result, automatically obtain terminal identity information and assets information;
7)According to fingerprint create-rule, produce fingerprint;
8)Implant fingerprint in file specified location;
9)The auxiliary information being associated with fingerprint is generated according to finger print information;
10)Asynchronous upload finger print information and auxiliary information are in service client database.
For elaborating said method, now lift typical interactive examples of the present embodiment:User's downloading service system
When data, operation sensitive data, client control software generates finger print information implantation according to content information and user's assets information
To in file, and in the data base of the management end reporting.System manager signs in data safety control platform and clicks on inquiry system
It can be realized that there being which sensitive document in current network, sensitive document flows through in which station terminal system, and which eventually falls in
Station terminal, and the terminal flowing through is with the presence or absence of sensitive document.
The present invention is complete by setting up sensitive data management service end and terminal monitoring client, sensitive data management service end
Become the management and control of the Life cycle of sensitive data, for tactful issue, the issuing of rule, the analysis of finger print information etc., terminal
Monitor client is mainly used in executing the strategy that service end pushes, the operation of monitoring file, installs finger print information, on finger print information
Pass etc., the full Life Cycle of this sensitive document can be grasped by the finger print information of sensitive data management platform and implantation file comprehensively
Phase state, is effectively prevented sensitive information from disorderly being passed by data file and running off, reaches the controlled effect to sensitive information;And
Sensitive data is reviewed by finger print information management platform and loses occurring source, review the compliance of sensitive document operation, be used for investigating
The evidence obtaining of responsible person concerned;And by the implantation of finger print information, can dynamically grasp the distribution of the whole network sensitive information, reach
Arrive comprehensive supervision of sensitive information;And by the association between finger print information, this sensitive data file can be fully understanded
Produce place, pass loser, receiver, user and final storage location, reach sensitive data file Life cycle safety
Management and control and the effect monitoring.
Ultimate principle and principal character and the advantages of the present invention of the present invention have been shown and described above.The technology of the industry
, it should be appreciated that the present invention is not restricted to the described embodiments, the simply explanation described in above-described embodiment and description is originally for personnel
The principle of invention, without departing from the spirit and scope of the present invention, the present invention also has various changes and modifications, these changes
Change and improvement both falls within scope of the claimed invention.Claimed scope by appending claims and its
Equivalent thereof.