CN103823902A - Safe search method for electronic file - Google Patents
Safe search method for electronic file Download PDFInfo
- Publication number
- CN103823902A CN103823902A CN201410099615.4A CN201410099615A CN103823902A CN 103823902 A CN103823902 A CN 103823902A CN 201410099615 A CN201410099615 A CN 201410099615A CN 103823902 A CN103823902 A CN 103823902A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- search
- index
- electronic file
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Library & Information Science (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a safe search method for an electronic file. According to the method, when updating operation of the electronic file is executed, real-time indexing is performed on the electronic file, a result is updated to an index file, then after the content of the index file is changed, an indexer gives a notice to a searcher to perform reorientation on the index file, and then before a user searches for the file, an electronic file access control list of a current user and an electronic file access control list of a user group where the user is located are respectively searched for through a system and serve as a filter for a safe search result of the user. According to the method, an advanced search entry can be further provided for the user, and the user can perform self-defined search conditions according to metadata of the electronic file. It can be guaranteed that safe search is performed on the electronic file, based on a loose coupling conception, the safe search is designed, and in other words, related access control data of the electronic file ACLs can not be stored in the index file, so that it is avoided that every time the ACLs are modified, the index file corresponding to the electronic file is frequently updated, and then resource consumption of the system is greatly reduced.
Description
Technical field
The present invention relates to safety of electronic file management, relate in particular to a kind of method of safety of electronic file retrieval, belong to computer information safety technique field.
Background technology
Electronic document management system (also referred to as ERMS) provides good solution for the management that the magnanimity e-file in current enterprise or government department carries out Life cycle, concrete life-cycle processes comprises that the catching, file of e-file (registration in other words), retrieval utilize and identify and dispose, and wherein identifies that disposal process can carry out and destroy, renew or be handed over to Digital Archives overdue e-file of retention period.In the filing management process of e-file, be one of Core Feature of ERMS to the retrieval of magnanimity e-file.
Current, in enterprise's electronic document management system, after e-file is filed, the retrieval of e-file is mainly adopted to following several method: first, adopt the index technology of database, but in the face of the destructuring e-file of magnanimity, this retrieval mode obviously can not search corresponding searching structure fast and accurately; The second, adopt the high performance full-text search kit Lucene realizing based on Java language to carry out document retrieval, this mode can be carried out full-text search to non-structured e-file, but the security of e-file access cannot be protected.
Therefore, how to solve safety of electronic file search problem, can guarantee again the real-time of e-file retrieval simultaneously, become a problem demanding prompt solution.
Summary of the invention
The invention discloses a kind of method of safety of electronic file retrieval, solved the problem of safety of electronic file retrieval in guaranteeing e-file retrieval real-time.
For achieving the above object, the technical scheme that the present invention takes is: a kind of method of safety of electronic file retrieval, comprises the following steps:
The first step: real time indexing: carry out e-file and upgrade while operation in the time of electronic records filing or after filing, indexing component carries out real time indexing and result is updated to index file e-file;
Second step: real-time search: after index file content changes, index notice searcher redirects index file;
The 3rd step: the e-file Access Control List (ACL) of configure user and user's group in system, before user search file, system is searched respectively the e-file Access Control List (ACL) of active user and place user group thereof, obtain the set of all e-files that contain " browsing content " authority in user and place user's group thereof, as the filtrator of user security result for retrieval; If user does not have login system, enter search interface, input search condition, the result of retrieval is empty; The user of login system, after input search condition, system is used the e-file in searcher search retrieving files according to search condition, uses filtrator filter search results.
The method of described safety of electronic file retrieval also can comprise: provide advanced search entrance to user, user can, according to the metadata self-defined inquiry condition of e-file, search out the e-file in extent of competence according to self-defining querying condition.
The inventive method is for different user, according to corresponding e-file access rights, based on Lucene full-text search kit, associated metadata to e-file and content are carried out quick-searching, and then find the electronic file list in extent of competence, can carry out the operation in extent of competence to the e-file finding out simultaneously, specifically comprise: download, identify disposal, preview metadata.The present invention has run through the whole life cycle of the management of electronic documents, filing when registration of e-file by index the file real time indexing to registration; In the time that electronic records filing is safeguarded, by index to index file real-time update; After the holding time of e-file in file management system expires, if this file is carried out and destroyed, index is deleted the index entry that this file is corresponding simultaneously.When each process is carried out, index can notify searcher to index file again snapshot, to guarantee the real-time of search, has also reduced to a certain extent the resource consumption of system simultaneously.What is more important, the theory of the realization of safe retrieval based on loose coupling designs, be that e-file ACL access control related data can not store in index file, while so just having avoided each modification ACL authority, upgrade frequently the index file that e-file is corresponding, greatly reduced the resource consumption of system.
Accompanying drawing explanation
Fig. 1 is the functional schematic of real time indexing of the present invention.
Fig. 2 is the functional schematic of real-time search of the present invention.
Fig. 3 is the functional schematic of safe retrieval of the present invention.
Embodiment
Below in conjunction with the drawings and specific embodiments, the present invention is described in further detail.
Fig. 1 is the functional schematic of real time indexing of the present invention.In electronic document management system, the index of e-file is occurred in to three phases altogether: the destruction of electronic records filing, e-file Classification Management and e-file.In electronic document management system, when filing clerk files registration to associated electrical file, first indexing component parses metadata and the entity content that file is relevant, and then text is carried out to participle, after participle process is finished, add result to index file.In like manner, if e-file is filed, if now this file is carried out the modification of metadata, indexing component can carry out the parsing of e-file metadata and entity content again to the document, after participle, result is updated to index file again.If the deposit time limit of e-file in electronic document management system arrives, filing clerk carries out and destroys action this e-file, and now index can be deleted all index entries that this e-file is corresponding.
Now, take the filing of e-file as example, the process of real time indexing is described.Management of electronic documents person logins electronic document management system, selects e-file to be filed, and guarantees legitimacy and the integrality of file metadata etc., carries out filing log-on operation.E-file is stored in after medium, and index starts the metadata of e-file to carry out index.The metadata of wanting the e-file of index is configurable, if be not configured, gives tacit consent to the metadata all to e-file and entity content is carried out index.When index entry corresponding to e-file is added to after index file, index can notify searcher to index file again snapshot, thereby guarantees the real-time of retrieval.
After electronic records filing success, user can input the just successful document associated metadata of filing or entity related content in the retrieval module of e-file, if user has the preview authority of archive file, can search the successful e-file of firm filing.By this operation, real-time that can verification search.
Fig. 2 is the functional schematic of real-time search of the present invention.This process has adopted " observer " Design Mode to realize real-time search.In file management system, while only having the operation of the electronic records filing of execution, the modification of e-file metadata and e-file to destroy operation, index can operate (specifically can comprise interpolation, renewal, delete) by execution index file update, after index file content changes, index can notify searcher to redirect index file, and searcher carries out snapshot again to index file.Based on up-to-date snapshot, user just can search up-to-date Query Result according to querying condition.Otherwise in the time that index file does not change, index can not carry out snapshot again to index file, has greatly reduced the resource consumption of system.
For the clear expression real-time search of energy, now with a certain business background, this technical process is described.Suppose that a certain employee of company has editing authority to a certain e-file, document audit keeper only has preview authority to this file.Document audit keeper is input inquiry vocabulary in the retrieval module of electronic document management system, retrieves this e-file, if find this e-file metadata fill in wrong, just inform that this employee modifies in time.Employee remodifies this e-file, and index can synchronously upgrade index entry corresponding to this e-file, and document audit keeper is using retrieval module to verify other e-file simultaneously, and retrieving is not subject to the impact of Index process.Finally, employee informs that document audit keeper file revised, and document audit keeper retrieves this e-file at once, finds that the metadata of e-file is successfully modified.The actual deviation of whole real-time search generally can not exceed 5 seconds.The process flow diagram of concrete real-time search please refer to accompanying drawing 2.
Fig. 3 is the functional schematic of safe retrieval of the present invention.The theory of the realization of safe retrieval based on loose coupling designs, the access control list (ACL) information that is e-file can not store in index file, while so just having avoided each modification ACL authority, upgrade frequently the index file that e-file is corresponding, greatly reduced the resource consumption of system.
Concerning electronic document management system, adopt ACL model to have following advantage: ACL control of authority data to be deposited as metadata, mated with the multiple step format memory model of e-file, accurate description e-file information more comprehensively; Under ACL Access Control List (ACL), Single Electron file permission is obtained faster than relevant database; While coordinating in electronic document management system the functions such as user's group to use, the easy authority of adjusting dynamically, in bulk different personnel.
In electronic document management system, in order to improve the allocative efficiency of ACL, conventionally ACL is combined with the classification schemes of e-file, adopt grading authorized mode to distribute.
ACL access control model comprises two key elements: the operation (authority) that visitor and visitor can carry out.Wherein, visitor represents to access the object of e-file.In electronic document management system, can be user, can be also user's group (one group has user's set of some identical characteristics).Certain user is the union that in all acl lists of this e-file, this user has operating right to the operating right of e-file.The content of operation that visitor can carry out this e-file has been described in executable operation.In electronic document management system, the control of authority of e-file is comprised to online and off-line, wherein, online authority comprises: authorize, safeguard classification, safeguard files, create file, revised file, preview metadata, preview content, printing.Whether off-line authority comprises: download, be that ciphertext downloads, downloads that document could edit (is expressly time when what download, default user contains this authority, need to arrange this authority if ciphertext is downloaded), can open file that (default user is unlimited to be opened number of times after downloading, if ciphertext is downloaded, the number of times of opening can be set), download after the file term of validity (when e-file is to give tacit consent to not restricted duration while expressly downloading.If ciphertext is downloaded the term of validity that e-file can be set).E-file open number of times and the term of validity can only be selected one, when selecting while opening number of times, can to set and effectively open number of times; In the time of the select File term of validity, can be set the e-file term of validity date of expiry.
Wherein the authority relevant to search comprises: the operating right of " browsing content ", " browsing metadata ", " download " etc.In the time of retrieve electronic file, first search all e-files with " browsing content " authority that user's group at active user and place thereof comprises, put into filtrator.Use the e-file in searcher search retrieving files according to search condition again, use filtrator filter search results.Finally Search Results is represented with tabular form.In the time of recording in navigate search results, system can judge that user's group at user and place thereof is to the ACL access rights of this e-file, and judges whether to show e-file metadata according to authority result, whether gives the authority that user downloads.
The e-file ACL Access Control List (ACL) of configure user and user's group in system.Wherein the authority relevant to search comprises: " browsing content ", " browsing metadata " and " download " etc.Before user search file, system is searched respectively the e-file ACL Access Control List (ACL) of active user and place user group thereof, obtains the set of all e-files that contain " browsing content " authority in user and place user's group thereof.As the filtrator of user security result for retrieval.
If user does not have login system, enter search interface, input search condition, the result of retrieval is empty.The user of login system, after input search condition, system is used the e-file in searcher search retrieving files according to search condition, uses filtrator filter search results.In tabulating result, represent the synopsis relevant to keyword.
The result of retrieval can change along with the change of the ACL Access Control List (ACL) of user and place user group thereof, if user A in the time of retrieval, has the authority of " browsing content " to file B, and search condition is relevant to file B, and file B there will be in result for retrieval.In the time that it carries out retrieving next time, after the ACL Access Control List (ACL) that itself or its place user organize is changed, user A does not have the authority of " browsing content " to file B, no matter whether search condition is relevant to file B, file B will can not be presented in the results list.
When preview result for retrieval, system can judge the access rights of user to file that will preview again.The authority of only having user to contain " browsing content " in the time of preview file, system just can represent the particular content of file, in like manner, and the authority of only having user to contain " preview metadata " to file, user just can see the concrete metadata information of file.
When before browser document B result for retrieval, the user at user or its place organizes ACL Access Control List (ACL) and has been changed, and makes user there is no the authority of " browsing content " or " browsing metadata " etc. to file B, and corresponding variation occurs in the participant that represents of preview interface.
System is also in the time that user carries out associative operation to the download of file in Search Results, according to the ACL Access Control List (ACL) real-time judge of user and place user thereof group.
When user will search some e-file, and some the metadata attributes value to this e-file has had definite understanding or understanding to a certain degree, use merely key word to retrieve and tend to return much and search the unmatched electronic document record of resource.Now, self-defined search provides more convenient access entry for user.The data type that self-defined search is corresponding according to e-file, automatically loading all metadata that this e-file is corresponding selects for user, user can combine these metadata arbitrarily, form final search condition, then just can search the electronic document record in the extent of competence of mating with search condition.Concrete operations are as follows: first select e-file type, then according to the type of selecting, e-file metadata corresponding the type is loaded in the drop-down list on foreground, and now user can select metadata in drop-down list to carry out the independent assortment of search condition; Finally, carry out search according to the querying condition after combination, just can retrieve matching inquiry condition and e-file information list intra vires.
Above by describing respectively the enforcement scene case of each process, describe the present invention in detail, those skilled in the art will be understood that not departing from the scope of essence of the present invention, can make an amendment and be out of shape, such as peeling off of part of module use and by system embedment in other application systems.
Claims (2)
1. a method for safety of electronic file retrieval, is characterized in that comprising the following steps:
(1) real time indexing: carry out e-file and upgrade while operation in the time of electronic records filing or after filing, indexing component carries out real time indexing and result is updated to index file e-file;
(2) real-time search: after index file content changes, index notice searcher redirects index file;
(3) the e-file Access Control List (ACL) of configure user and user's group in system, before user search file, system is searched respectively the e-file Access Control List (ACL) of active user and place user group thereof, obtain the set of all e-files that contain " browsing content " authority in user and place user's group thereof, as the filtrator of user security result for retrieval; If user does not have login system, enter search interface, input search condition, the result of retrieval is empty; The user of login system, after input search condition, system is used the e-file in searcher search retrieving files according to search condition, uses filtrator filter search results.
2. a method for safety of electronic file retrieval, characterized by further comprising: provide advanced search entrance to user, user, according to the metadata self-defined inquiry condition of e-file, searches out the e-file in extent of competence according to self-defining querying condition.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410099615.4A CN103823902A (en) | 2014-03-18 | 2014-03-18 | Safe search method for electronic file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410099615.4A CN103823902A (en) | 2014-03-18 | 2014-03-18 | Safe search method for electronic file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103823902A true CN103823902A (en) | 2014-05-28 |
Family
ID=50758966
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410099615.4A Pending CN103823902A (en) | 2014-03-18 | 2014-03-18 | Safe search method for electronic file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103823902A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104537058A (en) * | 2014-12-27 | 2015-04-22 | 宁波江东远通计算机有限公司 | Document querying and uploading method and device |
| CN105279174A (en) * | 2014-07-01 | 2016-01-27 | 北京倍得力商务服务有限公司 | File state information acquisition method and apparatus |
| CN106294556A (en) * | 2016-07-26 | 2017-01-04 | 江苏神州信源系统工程有限公司 | A kind of method using Apache Drill to concentrate search large database concept |
| CN106528794A (en) * | 2016-11-10 | 2017-03-22 | 国网安徽省电力公司 | Electronic document filing method based on archive management system |
| CN108604244A (en) * | 2016-02-01 | 2018-09-28 | 瓦欧尼斯系统有限公司 | According to the method for access permission screening search results |
| CN115982096A (en) * | 2022-12-09 | 2023-04-18 | 北京水脉科技有限公司 | Real-time database snapshot storage method and system based on hotspot file |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008970A (en) * | 2006-01-24 | 2007-08-01 | 鸿富锦精密工业(深圳)有限公司 | Authority management and control method and system thereof |
| CN101408876A (en) * | 2007-10-09 | 2009-04-15 | 中兴通讯股份有限公司 | Method and system for searching full text of electric document |
| US20100106709A1 (en) * | 2008-10-29 | 2010-04-29 | Hitachi Software Engineering Co., Ltd. | File search system and file search server device |
| CN102262633A (en) * | 2010-05-27 | 2011-11-30 | 武汉力龙数码信息科技有限公司 | Structural data safe retrieving method oriented to full text retrieval |
| CN102819592A (en) * | 2012-08-08 | 2012-12-12 | 河海大学 | Lucene-based desktop searching system and method |
| CN102968501A (en) * | 2012-12-07 | 2013-03-13 | 福建亿榕信息技术有限公司 | Universal full-text search method |
-
2014
- 2014-03-18 CN CN201410099615.4A patent/CN103823902A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101008970A (en) * | 2006-01-24 | 2007-08-01 | 鸿富锦精密工业(深圳)有限公司 | Authority management and control method and system thereof |
| CN101408876A (en) * | 2007-10-09 | 2009-04-15 | 中兴通讯股份有限公司 | Method and system for searching full text of electric document |
| US20100106709A1 (en) * | 2008-10-29 | 2010-04-29 | Hitachi Software Engineering Co., Ltd. | File search system and file search server device |
| CN102262633A (en) * | 2010-05-27 | 2011-11-30 | 武汉力龙数码信息科技有限公司 | Structural data safe retrieving method oriented to full text retrieval |
| CN102819592A (en) * | 2012-08-08 | 2012-12-12 | 河海大学 | Lucene-based desktop searching system and method |
| CN102968501A (en) * | 2012-12-07 | 2013-03-13 | 福建亿榕信息技术有限公司 | Universal full-text search method |
Non-Patent Citations (1)
| Title |
|---|
| 宋赛: "密文全文检索系统的安全索引结构研究", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105279174A (en) * | 2014-07-01 | 2016-01-27 | 北京倍得力商务服务有限公司 | File state information acquisition method and apparatus |
| CN105279174B (en) * | 2014-07-01 | 2019-02-19 | 北京倍得力商务服务有限公司 | A kind of method and apparatus obtaining file status information |
| CN104537058A (en) * | 2014-12-27 | 2015-04-22 | 宁波江东远通计算机有限公司 | Document querying and uploading method and device |
| CN108604244A (en) * | 2016-02-01 | 2018-09-28 | 瓦欧尼斯系统有限公司 | According to the method for access permission screening search results |
| CN106294556A (en) * | 2016-07-26 | 2017-01-04 | 江苏神州信源系统工程有限公司 | A kind of method using Apache Drill to concentrate search large database concept |
| CN106528794A (en) * | 2016-11-10 | 2017-03-22 | 国网安徽省电力公司 | Electronic document filing method based on archive management system |
| CN106528794B (en) * | 2016-11-10 | 2020-06-26 | 国网安徽省电力有限公司 | Electronic file filing method based on archive management system |
| CN115982096A (en) * | 2022-12-09 | 2023-04-18 | 北京水脉科技有限公司 | Real-time database snapshot storage method and system based on hotspot file |
| CN115982096B (en) * | 2022-12-09 | 2023-09-08 | 北京水脉科技有限公司 | Real-time database snapshot storage method and system based on hot spot file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103823902A (en) | Safe search method for electronic file | |
| US10158483B1 (en) | Systems and methods for efficiently and securely storing data in a distributed data storage system | |
| US7627726B2 (en) | Systems and methods for managing content having a retention period on a content addressable storage system | |
| US9135261B2 (en) | Systems and methods for facilitating data discovery | |
| US9298417B1 (en) | Systems and methods for facilitating management of data | |
| US8140786B2 (en) | Systems and methods for creating copies of data, such as archive copies | |
| US7856436B2 (en) | Dynamic holds of record dispositions during record management | |
| CN109299183A (en) | A kind of data processing method, device, terminal device and storage medium | |
| US8799677B2 (en) | Encrypted search database device, encrypted search data adding/deleting method and adding/deleting program | |
| CN102959558A (en) | System and method for document policy enforcement | |
| US20140358868A1 (en) | Life cycle management of metadata | |
| US8584216B1 (en) | Systems and methods for efficiently deploying updates within a cryptographic-key management system | |
| US20070168350A1 (en) | Management of non-traditional content repositories | |
| US9189480B2 (en) | Smart content feeds for document collaboration | |
| US11468022B2 (en) | Integrated disposition for file retention management | |
| EP2454689A1 (en) | Retrieval of digital assets | |
| US11068536B2 (en) | Method and apparatus for managing a document index | |
| CN102262633B (en) | Structural data safe retrieving method oriented to full text retrieval | |
| US11748495B2 (en) | Systems and methods for data usage monitoring in multi-tenancy enabled HADOOP clusters | |
| Chao et al. | A best deadlock control for S3PMR to reach all states | |
| Seymour | The modern records management program: an overview of electronic records management standards | |
| KR102232003B1 (en) | Method for object management using trace identifier, apparatus for the same, computer program for the same, and recording medium storing computer program thereof | |
| CN111045994A (en) | KV database-based file classification retrieval method and system | |
| CN105740997A (en) | Method and device for controlling task flow, and database management system | |
| US8615491B2 (en) | Archiving tool for managing electronic data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20140528 |
|
| WD01 | Invention patent application deemed withdrawn after publication |