CN103839011A - Protecting method and device of confidential files - Google Patents
Protecting method and device of confidential files Download PDFInfo
- Publication number
- CN103839011A CN103839011A CN201410087713.6A CN201410087713A CN103839011A CN 103839011 A CN103839011 A CN 103839011A CN 201410087713 A CN201410087713 A CN 201410087713A CN 103839011 A CN103839011 A CN 103839011A
- Authority
- CN
- China
- Prior art keywords
- confidential document
- user
- access
- duration
- sets
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2125—Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation
Abstract
The invention discloses a protecting method and device of confidential files. The method includes: acquiring a confidential file which is a file to be used outside a preset safety monitoring area; receiving a safety setting attribute parameter set which is used for performing encryption protection on the contents of the confidential file outside the preset safety monitoring area and controlling the authorized use time of the confidential file; using the safety setting attribute parameter set to perform safety monitoring on the confidential file. By the method, the use duration, use time range and life cycle of use times in the authorization range of the off-network carrying use of the confidential file can be controlled, extra hardware cost is avoided, and use convenience is achieved.
Description
Technical field
The present invention relates to the communications field, in particular to a kind of guard method and device of confidential document.
Background technology
At present, in correlation technique, most of confidential document control system mainly rely on transparent encryption and deciphering to protect for the management and control of the confidential document of the unit's of taking away security system environment.Transparent encryption technology is a kind of file ciphering technology of arising at the historic moment for enterprise's file security demand in recent years.So-called transparent, refer to user it is unknown.When user is in the time opening or edit specified file, system will be encrypted unencrypted file automatically, and the file of having encrypted is deciphered automatically.File is ciphertext on hard disk, is expressly in internal memory.Once leave environment for use, because cannot obtaining the service of deciphering automatically, application program cannot open, thus the effect of the protected file content of getting up.Transparent encryption is encrypted automatically to important documents, ensures when and where document is all in encrypted state, to protect to greatest extent document security.
But, the defect of the technical scheme adopting in correlation technique is: it is failed after the confidential document that departs from unit security system environment is encrypted, the life cycle of encrypt file is control effectively or just simply controlled in conjunction with the clock on the terminal device of its use, but cannot realize the clock departing from terminal device to control the time period validity of confidential document.
Summary of the invention
The invention provides a kind of guard method and device of confidential document, protect poor problem at least to solve in correlation technique for the privacy of the confidential document that departs from unit security system environment.
A kind of guard method of confidential document is provided according to an aspect of the present invention.
Comprise according to the guard method of the confidential document of the embodiment of the present invention: obtain confidential document, wherein, confidential document is file to be used outside default security monitoring region; Receive the parameter sets that sets a property safely, wherein, safety sets a property parameter sets for the content of confidential document being encrypted outside the security monitoring region default the timeliness of licensing of protection and control confidential document; Adopt the parameter sets that sets a property safely to carry out security monitoring to confidential document.
Preferably, before obtaining confidential document, also comprise: current storage area is carried out to initialization, and storage area is divided, wherein, the user that first area after division is used for accessing in initiation, not by authentication, is only presented to user the non-confidential document of storing in this first area; Second area after division is for by authentication in the situation that, being only presented to user the confidential document of storing in this second area user; The 3rd region after division is for storing daily record file and configuration file, and journal file is for licensing the operations that in timeliness, record is carried out confidential document, and configuration file is for the storage security parameter sets that sets a property; The 4th region after division is used for simulating compact disk ROM (read-only memory) (CDROM) driver and stores the application package that confidential document is carried out to security monitoring.
Preferably, adopting the parameter sets that sets a property safely to carry out security monitoring to confidential document comprises: from safety sets a property parameter sets, read and license duration and used duration; In at every turn to the access process of confidential document, use duration according to predetermined period by being added to current service time, to using duration to upgrade; In the time the access of confidential document being finished at every turn, by the duration of use of last update with license duration and compare; License duration if the duration of use of last update is more than or equal to, point out current accessed to reach to user and license duration, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
Preferably, adopt the safety parameter sets that sets a property confidential document is carried out to security monitoring to comprise: from safety sets a property parameter sets, to read and license number of times and access times; Access times are increased progressively once in to the access process of confidential document each, access times are upgraded; In the time the access of confidential document being finished at every turn, by the access times after upgrading with license number of times and compare; License number of times if the access times after upgrading have reached, point out current accessed to reach to user and license number of times, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
Preferably, adopting the parameter sets that sets a property safely to carry out security monitoring to confidential document comprises: from safety sets a property parameter sets, read and license time range, last service time and used duration; At every turn to confidential document start to access time, determine the internal clocking shown time of last service time early than self configuration, and will be updated to the shown time of internal clocking last service time according to predetermined period; In the time the access of confidential document being finished at every turn, by the last service time of last update with license time range and compare; If exceed the last service time of last update and license time range, point out current accessed to reach to user and license time range, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
A kind of protective device of confidential document is provided according to a further aspect in the invention.
Comprise according to the protective device of the confidential document of the embodiment of the present invention: acquisition module, for obtaining confidential document, wherein, confidential document is file to be used outside default security monitoring region; Receiver module, for receiving the parameter sets that sets a property safely, wherein, safety sets a property parameter sets for the content of confidential document being encrypted outside the security monitoring region default the timeliness of licensing of protection and control confidential document; Processing module, for adopting the parameter sets that sets a property safely to carry out security monitoring to confidential document.
Preferably, said apparatus also comprises: divide module, for current storage area is carried out to initialization, and storage area is divided, wherein, the user that first area after division is used for accessing in initiation, not by authentication, is only presented to user the non-confidential document of storing in this first area; Second area after division is for by authentication in the situation that, being only presented to user the confidential document of storing in this second area user; The 3rd region after division is for storing daily record file and configuration file, and journal file is for licensing the operations that in timeliness, record is carried out confidential document, and configuration file is for the storage security parameter sets that sets a property; The 4th region after division is for simulating CDROM drive and storing the application package that confidential document is carried out to security monitoring.
Preferably, processing module comprises: the first reading unit, reads and licenses duration and used duration for the parameter sets that sets a property from safety; The first updating block, for the access process of confidential document is used to duration according to predetermined period by being added to current service time at every turn, to using duration to upgrade; The first comparing unit, in the time the access of confidential document being finished at every turn, by the duration of use of last update with license duration and compare; The first processing unit, if be more than or equal to and license duration for the duration of use of last update, point out current accessed to reach to user and license duration, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
Preferably, processing module comprises: the second reading unit, reads and licenses number of times and access times for the parameter sets that sets a property from safety; The second updating block for the access process of confidential document being increased progressively access times once, upgrades access times at every turn; The second comparing unit, in the time the access of confidential document being finished at every turn, by the access times after upgrading with license number of times and compare; The second processing unit, if reached and licensed number of times for the access times after upgrading, point out current accessed to reach to user and license number of times, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
Preferably, processing module comprises: third reading is got unit, reads and licenses time range, last service time and used duration for the parameter sets that sets a property from safety; The 3rd updating block, at every turn to confidential document start to access time, determine the internal clocking shown time of last service time early than self configuration, and will be updated to the shown time of internal clocking last service time according to predetermined period; The 3rd comparing unit, in the time the access of confidential document being finished at every turn, by the last service time of last update with license time range and compare; The 3rd processing unit, if license time range for exceeding the last service time of last update, point out current accessed to reach to user and license time range, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
By the embodiment of the present invention, adopt and obtain confidential document, this confidential document is file to be used outside default security monitoring region, receive the parameter sets that sets a property safely, this parameter sets timeliness of licensing for the content of confidential document being encrypted protection and controlling confidential document outside the security monitoring region default that sets a property safely, adopt the parameter sets that sets a property safely to carry out security monitoring to confidential document, confidential document is being taken away after the security context of current control, not only can provide encipherment protection for confidential document, but also can effectively be controlled the safe handling timeliness of confidential document, solve thus and protected poor problem for the privacy of the confidential document that departs from unit security system environment in correlation technique, and then can effectively portably use the use duration carrying out within the scope of authority from net to confidential document, service time scope and access times life cycle control, and without the extra hardware cost that increases, easy to use.
Brief description of the drawings
Accompanying drawing described herein is used to provide a further understanding of the present invention, forms the application's a part, and schematic description and description of the present invention is used for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is according to the process flow diagram of the guard method of the confidential document of the embodiment of the present invention;
Fig. 2 carries out initialized schematic diagram to the storage area of USB device according to the preferred embodiment of the invention;
Fig. 3 is according to the structured flowchart of the protective device of the confidential document of the embodiment of the present invention;
Fig. 4 is the structured flowchart of the protective device of confidential document according to the preferred embodiment of the invention.
Embodiment
Hereinafter also describe the present invention in detail with reference to accompanying drawing in conjunction with the embodiments.It should be noted that, in the situation that not conflicting, the feature in embodiment and embodiment in the application can combine mutually.
Fig. 1 is according to the process flow diagram of the guard method of the confidential document of the embodiment of the present invention.As shown in Figure 1, the method can comprise following treatment step:
Step S102: obtain confidential document, wherein, confidential document is file to be used outside default security monitoring region;
Step S104: receive the parameter sets that sets a property safely, wherein, safety sets a property parameter sets for the content of confidential document being encrypted outside the security monitoring region default the timeliness of licensing of protection and control confidential document;
Step S106: adopt the parameter sets that sets a property safely to carry out security monitoring to confidential document.
In correlation technique, protect poor for the privacy of the confidential document that departs from unit security system environment.Adopt method as shown in Figure 1, confidential document is being taken away after the security context of current control, not only can provide encipherment protection for confidential document, but also can effectively be controlled the safe handling timeliness of confidential document, solve thus and protected poor problem for the privacy of the confidential document that departs from unit security system environment in correlation technique, and then can effectively portably use the use duration carrying out within the scope of authority from net to confidential document, service time scope and access times life cycle control, and without the extra hardware cost that increases, easy to use.
Preferably, at step S102, before obtaining confidential document, can also comprise following operation:
Step S1: current storage area is carried out to initialization, and storage area is divided, wherein, the user that the first area after division is used for accessing in initiation, not by authentication, is only presented to user the non-confidential document of storing in this first area; Second area after division is for by authentication in the situation that, being only presented to user the confidential document of storing in this second area user; The 3rd region after division is for storing daily record file and configuration file, and journal file is for licensing the operations that in timeliness, record is carried out confidential document, and configuration file is for the storage security parameter sets that sets a property; The 4th region after division is used for simulating compact disk ROM (read-only memory) (CDROM) driver and stores the application package that confidential document is carried out to security monitoring.
In a preferred embodiment, the guard method of above-mentioned confidential document can be applied to portable set, for example: USB (universal serial bus) (USB) equipment.Fig. 2 carries out initialized schematic diagram to the storage area of USB device according to the preferred embodiment of the invention.As shown in Figure 2, the storage area of USB device can be initialized as to following four subregions:
(1) open zone: not by authentication in the situation that, do not show and encrypt memory block (being shielded encrypting memory block), and be only shown as common U disk district on terminal device;
(2) encrypt memory block: this region is for depositing confidential document after encryption, only after by authentication, could show encryption memory block, and original common U disk district will no longer show;
(3) private area: this region only can be by the read-write operation of application programming interfaces (API) executing data of USB KEY, and it is for depositing journal file and configuration file; And configuration file self also can be deposited after being encrypted, wherein, the property parameters carrying in configuration file can include but not limited to following one of at least: license duration, use duration, from online article part rise time, last access time, authorize time range (for example: January 00:00:00 to 2014 year on the 1st January in 2014 23:59:59 on the 7th), license number of times, access times;
(4) control tool storage area: this region can simulate a compact disk ROM (read-only memory) (CDROM) driver on terminal device, and be provided with proprietary control Software tool (hereinafter to be referred as control tool).
Above-mentioned control tool can provide encrypts the file access interface of memory block, login authentication, transparent adding (solutions) are close, access control (for example: the process that opens file, whether allow outwards to copy, whether allow to external pasting, whether allow printing, whether allow to carry out read/write operation, the function such as anti-screenshotss, anti-internal memory copy) and the API that calls USB key the file of private area is carried out to read-write operation.
Preferably, in step S106, adopting the parameter sets that sets a property safely to carry out security monitoring to confidential document can comprise the following steps:
Step S2: read from safety sets a property parameter sets and license duration and used duration;
Step S3: use duration according to predetermined period by being added to current service time at every turn to the access process of confidential document, to using duration to upgrade;
Step S4: in the time the access of confidential document being finished at every turn, by the duration of use of last update with license duration and compare;
Step S5: license duration if the duration of use of last update is more than or equal to, point out current accessed to reach to user and license duration, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
In a preferred embodiment, for using duration restriction, in the time just signing in in control tool, control tool is licensed duration by automatically obtaining from the configuration file of private area storage, is used duration, last access time (it is not the shown time of clock of terminal device), the information such as access times.Control tool can every 3 seconds or in the systems such as 5 seconds predefined duration will use duration to be added in the property parameters value of " having used duration ".And in the time exiting control tool, need the property parameters value of " having used duration " and the property parameters value of " licensing duration " to compare; In the time that " having used duration " is more than or equal to " licensing duration ", both can remove according to the attribute of authorizing the file of depositing in data storage area and also can be retained in the file of depositing in data storage area, and reach the maximum duration that uses to user's prompting.If user clicks confirmation, will close opened file and log off.In the time that user logins again, can this USB device of reminding user exceed the time range of licensing.
Preferably, in step S106, adopt the parameter sets that sets a property safely to carry out security monitoring to confidential document and can comprise following operation:
Step S6: read from safety sets a property parameter sets and license number of times and access times;
Step S7: access times are increased progressively once in to the access process of confidential document each, access times are upgraded;
Step S8: in the time the access of confidential document being finished at every turn, by the access times after upgrading with license number of times and compare;
Step S9: license number of times if the access times after upgrading have reached, point out current accessed to reach to user and license number of times, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
In a preferred embodiment, for access times restriction, in the time that user has just signed in in control tool, control tool will obtain these two property parameters of number of times of licensing number of times and used automatically from the configuration file of private area.Control tool all can be carried out one-accumulate operation for each sign-on access, and accumulation result can be written in configuration file by the api interface of USB key by control tool, and authorize whether clearsanattribute in addition determine whether to need the to clear data file of memory block according to this, also can provide in addition the information that has reached maximum access times.If user clicks confirmation, will close opened file and log off.In the time that user logins again, can this USB device of reminding user exceed the number of times of licensing.
Preferably, in step S106, adopting the parameter sets that sets a property safely to carry out security monitoring to confidential document can comprise the following steps:
Step S10: read from safety sets a property parameter sets and license time range, last service time and used duration;
Step S11: at every turn to confidential document start to access time, determine the internal clocking shown time of last service time early than self configuration, and will be updated to the shown time of internal clocking last service time according to predetermined period;
Step S12: in the time the access of confidential document being finished at every turn, by the last service time of last update with license time range and compare;
Step S13: license time range if exceeded the last service time of last update, point out current accessed to reach to user and license time range, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
In a preferred embodiment, for scope restriction service time, in the time that user has just signed in in control tool, control tool is licensed the time of time range, finally use and has used these three property parameters of duration automatically obtaining from the configuration file of private area.Meanwhile, control tool also can obtain the shown time of clock on terminal device.Judge that in when login the shown time of the clock of terminal device, whether " the last service time " in configuration file was before; If so, will lock USB device, and if USB device after locking is wanted to reuse will carry out release in concerning security matters management system.This function is mainly in order to prevent that malice from extending the life cycle of USB device; If not, the time shown clock on terminal device can be write in the property parameters value of " last service time ", and for example, upgrade once at interval of default duration (: 5 seconds).And then judge whether the time that current system uses is in the time range of mandate; If so, and at the next normally access file of the situation that meets other condition; Otherwise, will authorize whether clearsanattribute in addition to determine whether to need the confidential document clearing data in memory block according to this, and provide the information that reaches term of life.If user clicks confirmation, will close opened file and log off.In the time that user logins again, can this USB device of reminding user exceed scope service time.
As a preferred embodiment of the present invention, confidential document is taken away to security control region and outside security control region, confidential document carried out to operations can comprise following treatment step:
The first step, in concerning security matters management system, obtain specific confidential document need to being carried out from net request in addition that user submits to, receive the application authority, password of user's input, from net use duration, service time scope, access times and lost efficacy after whether empty the information such as memory block.
Second step, auditor can examine user's request according to the information receiving in concerning security matters management system, if examination & approval are passed through, can enter next link; Otherwise whole flow process finishes.
The 3rd step, by generation personnel in the time that USB device is inserted to terminal device, that by concerning security matters management system, examination & approval are passed through writes USB device from online article part and encrypts memory block, and authorization privilege, password that examination & approval are passed through, use duration, service time scope, allow the number of times using and lost efficacy after whether remove the information such as memory block and write the configuration file in private area.
The 4th step, in addition in use procedure, USB device can being inserted to the terminal device under unsecured network environment from online article part.Now, control program automatically operation is installed the safeguard protection kernel of driving stage, and a virtual CDROM district in " my computer ", is provided with control tool software, and ejects authentication dialogue frame in this region, waits for that user inputs password login.If effectively logining in time range, can there is a listed files inventory, just can check corresponding file after double-clicking specific file.The process of opening of file, outwards copy, all need to operations such as external pasting, screenshotss, internal memory copy the monitoring of the instrument that is controlled.If logined exceeding outside effective time range, this tyre USB device cannot continue file reading so.
The 5th step, USB device can be inserted in original security system environment after being used to complete and reclaim, concerning security matters management system can reclaim the file of not doing to remove, daily record and by configuration information zero clearing.
Fig. 3 is according to the structured flowchart of the protective device of the confidential document of the embodiment of the present invention.The protective device of above-mentioned confidential document can be applied to portable set, for example: USB device.As shown in Figure 3, the protective device of this confidential document can comprise: acquisition module 10, and for obtaining confidential document, wherein, confidential document is file to be used outside default security monitoring region; Receiver module 20, for receiving the parameter sets that sets a property safely, wherein, safety sets a property parameter sets for the content of confidential document being encrypted outside the security monitoring region default the timeliness of licensing of protection and control confidential document; Processing module 30, for adopting the parameter sets that sets a property safely to carry out security monitoring to confidential document.
Adopt device as shown in Figure 3; solve and protected poor problem for the privacy of the confidential document that departs from unit security system environment in correlation technique; and then can be effectively confidential document is portably used and carries out the duration of use within the scope of authority, service time scope and the life cycle control of access times from net, and without the extra hardware cost, easy to use that increases.
Preferably, as shown in Figure 4, said apparatus can also comprise: divide module 40, for current storage area is carried out to initialization, and storage area is divided, wherein, the user that the first area after division is used for accessing in initiation, not by authentication, is only presented to user the non-confidential document of storing in this first area; Second area after division is for by authentication in the situation that, being only presented to user the confidential document of storing in this second area user; The 3rd region after division is for storing daily record file and configuration file, and journal file is for licensing the operations that in timeliness, record is carried out confidential document, and configuration file is for the storage security parameter sets that sets a property; The 4th region after division is for simulating CDROM drive and storing the application package that confidential document is carried out to security monitoring.
Preferably, as shown in Figure 4, processing module 30 can comprise: the first reading unit 300, reads and licenses duration and used duration for the parameter sets that sets a property from safety; The first updating block 302, for the access process of confidential document is used to duration according to predetermined period by being added to current service time at every turn, to using duration to upgrade; The first comparing unit 304, in the time the access of confidential document being finished at every turn, by the duration of use of last update with license duration and compare; The first processing unit 306, if be more than or equal to and license duration for the duration of use of last update, point out current accessed to reach to user and license duration, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
Preferably, as shown in Figure 4, processing module 30 can comprise: the second reading unit 308, reads and licenses number of times and access times for the parameter sets that sets a property from safety; The second updating block 310 for the access process of confidential document being increased progressively access times once, upgrades access times at every turn; The second comparing unit 312, in the time the access of confidential document being finished at every turn, by the access times after upgrading with license number of times and compare; The second processing unit 314, if reached and licensed number of times for the access times after upgrading, point out current accessed to reach to user and license number of times, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
Preferably, as shown in Figure 4, processing module 30 can comprise: third reading is got unit 316, reads and licenses time range, last service time and used duration for the parameter sets that sets a property from safety; The 3rd updating block 318, at every turn to confidential document start to access time, determine the internal clocking shown time of last service time early than self configuration, and will be updated to the shown time of internal clocking last service time according to predetermined period; The 3rd comparing unit 320, in the time the access of confidential document being finished at every turn, by the last service time of last update with license time range and compare; The 3rd processing unit 322, if license time range for exceeding the last service time of last update, point out current accessed to reach to user and license time range, and receiving after the confirmation of user's input, close confidential document and refusal user's access again.
From above description, can find out, above-described embodiment has been realized following technique effect (it should be noted that these effects are effects that some preferred embodiment can reach): the technical scheme that the embodiment of the present invention provides can effectively be controlled the use duration of file in the time the file of the type such as data, image in concerning security matters system being taken away to the security context of current control.Allow carry from the confidential document of net (leaving internal security network environment) and only can in the time range of authorizing, read, revise and the operation such as displaying, and not being subject to clock on terminal device to change institute affects, thereby can be effectively confidential document be portably used and carries out the duration of use within the scope of authority, service time scope and the life cycle control of access times from net; Meanwhile, above-mentioned USB device self does not need integrated electric weight memory device and clock chip, and production cost is low, easy to use.
Obviously, those skilled in the art should be understood that, above-mentioned of the present invention each module or each step can realize with general calculation element, they can concentrate on single calculation element, or be distributed on the network that multiple calculation elements form, alternatively, they can be realized with the executable program code of calculation element, thereby, they can be stored in memory storage and be carried out by calculation element, and in some cases, can carry out shown or described step with the order being different from herein, or they are made into respectively to each integrated circuit modules, or the multiple modules in them or step are made into single integrated circuit module to be realized.Like this, the present invention is not restricted to any specific hardware and software combination.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (10)
1. a guard method for confidential document, is characterized in that, comprising:
Obtain confidential document, wherein, described confidential document is file to be used outside default security monitoring region;
Receive the parameter sets that sets a property safely, wherein, described safety sets a property parameter sets for the content of described confidential document being encrypted to the timeliness of licensing of protecting and controlling described confidential document outside described default security monitoring region;
Adopt the described safety parameter sets that sets a property to carry out security monitoring to described confidential document.
2. method according to claim 1, is characterized in that, before obtaining described confidential document, also comprises:
Current storage area is carried out to initialization, and described storage area is divided, wherein, the user that the first area after division is used for accessing in initiation, not by authentication, is only presented to described user the non-confidential document of storing in this first area; Second area after division is for by authentication in the situation that, being only presented to described user the described confidential document of storing in this second area described user; The 3rd region after division is for storing daily record file and configuration file, and described journal file is for licensing described the operations that in timeliness, record is carried out described confidential document, and described configuration file is used for storing the described safety parameter sets that sets a property; The 4th region after division is for simulating compact disk CD-Read Only Memory ROM driver and storing the application package that described confidential document is carried out to security monitoring.
3. method according to claim 1 and 2, is characterized in that, adopts the described safety parameter sets that sets a property described confidential document is carried out to security monitoring to comprise:
From described safety sets a property parameter sets, read and license duration and used duration;
In at every turn to the access process of described confidential document, described in being added to current service time, use duration according to predetermined period, the described duration that used has been upgraded;
In the time the access of described confidential document being finished at every turn, by the duration of use of last update with described in license duration and compare;
If license duration described in the duration of use of described last update is more than or equal to, point out current accessed to license duration described in having reached to user, and receiving after the confirmation of described user's input, close described confidential document and refuse described user's access again.
4. method according to claim 1 and 2, is characterized in that, adopts the described safety parameter sets that sets a property described confidential document is carried out to security monitoring to comprise:
From described safety sets a property parameter sets, read and license number of times and access times;
In at every turn to the access process of described confidential document, described access times are increased progressively once, described access times are upgraded;
In the time the access of described confidential document being finished at every turn, by the access times after upgrading with described in license number of times and compare;
If license number of times described in the access times after described renewal have reached, point out current accessed to license number of times described in having reached to user, and receiving after the confirmation of described user's input, close described confidential document and refuse described user's access again.
5. method according to claim 1 and 2, is characterized in that, adopts the described safety parameter sets that sets a property described confidential document is carried out to security monitoring to comprise:
From described safety sets a property parameter sets, read and license time range, last service time and used duration;
At every turn to described confidential document start to access time, determine the internal clocking shown time of described last service time early than self configuration, and will be updated to the shown time of described internal clocking described last service time according to predetermined period;
In the time the access of described confidential document being finished at every turn, by the last service time of last update with described in license time range and compare;
If license time range described in exceeding the last service time of described last update, point out current accessed to license time range described in having reached to user, and receiving after the confirmation of described user's input, close described confidential document and refuse described user's access again.
6. a protective device for confidential document, is characterized in that, comprising:
Acquisition module, for obtaining confidential document, wherein, described confidential document is file to be used outside default security monitoring region;
Receiver module, be used for receiving the parameter sets that sets a property safely, wherein, described safety sets a property parameter sets for the content of described confidential document being encrypted to the timeliness of licensing of protecting and controlling described confidential document outside described default security monitoring region;
Processing module, for adopting the described safety parameter sets that sets a property to carry out security monitoring to described confidential document.
7. device according to claim 6, is characterized in that, described device also comprises:
Divide module, for current storage area is carried out to initialization, and described storage area is divided, wherein, the user that first area after division is used for accessing in initiation, not by authentication, is only presented to described user the non-confidential document of storing in this first area; Second area after division is for by authentication in the situation that, being only presented to described user the described confidential document of storing in this second area described user; The 3rd region after division is for storing daily record file and configuration file, and described journal file is for licensing described the operations that in timeliness, record is carried out described confidential document, and described configuration file is used for storing the described safety parameter sets that sets a property; The 4th region after division is for simulating compact disk CD-Read Only Memory ROM driver and storing the application package that described confidential document is carried out to security monitoring.
8. according to the device described in claim 6 or 7, it is characterized in that, described processing module comprises:
The first reading unit, reads and licenses duration and used duration for the parameter sets that sets a property from described safety;
The first updating block, for the access process of described confidential document has been used to duration according to predetermined period described in being added to current service time at every turn, upgrades the described duration that used;
The first comparing unit, in the time the access of described confidential document being finished at every turn, by the duration of use of last update with described in license duration and compare;
The first processing unit, if license duration described in being more than or equal to for the duration of use of described last update, point out current accessed to license duration described in having reached to user, and receiving after the confirmation of described user's input, close described confidential document and refuse described user's access again.
9. according to the device described in claim 6 or 7, it is characterized in that, described processing module comprises:
The second reading unit, reads and licenses number of times and access times for the parameter sets that sets a property from described safety;
The second updating block, for the access process of described confidential document is increased progressively described access times once at every turn, upgrades described access times;
The second comparing unit, in the time the access of described confidential document being finished at every turn, by the access times after upgrading with described in license number of times and compare;
The second processing unit, if license number of times described in having reached for the access times after described renewal, point out current accessed to license number of times described in having reached to user, and receiving after the confirmation of described user's input, close described confidential document and refuse described user's access again.
10. according to the device described in claim 6 or 7, it is characterized in that, described processing module comprises:
Third reading is got unit, reads and licenses time range, last service time and used duration for the parameter sets that sets a property from described safety;
The 3rd updating block, for at every turn to described confidential document start to access time, determine the shown time of internal clocking that configure described last service time early than self, and will be updated to the shown time of described internal clocking described last service time according to predetermined period;
The 3rd comparing unit, in the time the access of described confidential document being finished at every turn, by the last service time of last update with described in license time range and compare;
The 3rd processing unit, if license time range described in exceeding the last service time of described last update, point out current accessed to license time range described in having reached to user, and receiving after the confirmation of described user's input, close described confidential document and refuse described user's access again.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410087713.6A CN103839011B (en) | 2014-03-11 | 2014-03-11 | The guard method of confidential document and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410087713.6A CN103839011B (en) | 2014-03-11 | 2014-03-11 | The guard method of confidential document and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103839011A true CN103839011A (en) | 2014-06-04 |
| CN103839011B CN103839011B (en) | 2017-07-14 |
Family
ID=50802495
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410087713.6A Active CN103839011B (en) | 2014-03-11 | 2014-03-11 | The guard method of confidential document and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103839011B (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283867A (en) * | 2014-09-11 | 2015-01-14 | 江苏集群软创信息科技有限公司 | Method for safe access to distributed databases |
| CN105844173A (en) * | 2016-03-23 | 2016-08-10 | 福建正孚软件有限公司 | Memory-level file encryption and decryption method and device |
| CN107122678A (en) * | 2017-04-28 | 2017-09-01 | 上海与德科技有限公司 | Protect the method and device of product parameters |
| CN107526961A (en) * | 2017-08-28 | 2017-12-29 | 郑州云海信息技术有限公司 | A kind of server network parameter and user password variation and device |
| CN108121798A (en) * | 2017-12-20 | 2018-06-05 | 杭州云屏科技有限公司 | A kind of file monitor method, apparatus, equipment and storage medium |
| CN108400966A (en) * | 2018-01-04 | 2018-08-14 | 中国地质大学(武汉) | A kind of file access method, equipment and storage device based on timeliness control |
| CN110135174A (en) * | 2019-04-22 | 2019-08-16 | 佛山职业技术学院 | A kind of file encrypting method, electronic equipment and external equipment |
| CN111782616A (en) * | 2020-07-14 | 2020-10-16 | 武汉空心科技有限公司 | File storage method for work platform sub-package |
| CN114186280A (en) * | 2022-02-14 | 2022-03-15 | 统信软件技术有限公司 | File access method, computing device and readable storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5818936A (en) * | 1996-03-15 | 1998-10-06 | Novell, Inc. | System and method for automically authenticating a user in a distributed network system |
| CN102708335A (en) * | 2012-05-05 | 2012-10-03 | 南京赛孚科技有限公司 | Confidential file protection method |
| CN102710633A (en) * | 2012-05-29 | 2012-10-03 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN103617399A (en) * | 2013-11-06 | 2014-03-05 | 北京深思数盾科技有限公司 | Data file protecting method and device |
-
2014
- 2014-03-11 CN CN201410087713.6A patent/CN103839011B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5818936A (en) * | 1996-03-15 | 1998-10-06 | Novell, Inc. | System and method for automically authenticating a user in a distributed network system |
| CN102708335A (en) * | 2012-05-05 | 2012-10-03 | 南京赛孚科技有限公司 | Confidential file protection method |
| CN102710633A (en) * | 2012-05-29 | 2012-10-03 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN103617399A (en) * | 2013-11-06 | 2014-03-05 | 北京深思数盾科技有限公司 | Data file protecting method and device |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104283867A (en) * | 2014-09-11 | 2015-01-14 | 江苏集群软创信息科技有限公司 | Method for safe access to distributed databases |
| CN105844173A (en) * | 2016-03-23 | 2016-08-10 | 福建正孚软件有限公司 | Memory-level file encryption and decryption method and device |
| CN107122678A (en) * | 2017-04-28 | 2017-09-01 | 上海与德科技有限公司 | Protect the method and device of product parameters |
| CN107526961A (en) * | 2017-08-28 | 2017-12-29 | 郑州云海信息技术有限公司 | A kind of server network parameter and user password variation and device |
| CN107526961B (en) * | 2017-08-28 | 2021-03-16 | 郑州云海信息技术有限公司 | Method and device for changing network parameters and user passwords of server |
| CN108121798A (en) * | 2017-12-20 | 2018-06-05 | 杭州云屏科技有限公司 | A kind of file monitor method, apparatus, equipment and storage medium |
| CN108400966A (en) * | 2018-01-04 | 2018-08-14 | 中国地质大学(武汉) | A kind of file access method, equipment and storage device based on timeliness control |
| CN108400966B (en) * | 2018-01-04 | 2020-08-07 | 中国地质大学(武汉) | File access method and equipment based on aging control and storage equipment |
| CN110135174A (en) * | 2019-04-22 | 2019-08-16 | 佛山职业技术学院 | A kind of file encrypting method, electronic equipment and external equipment |
| CN111782616A (en) * | 2020-07-14 | 2020-10-16 | 武汉空心科技有限公司 | File storage method for work platform sub-package |
| CN114186280A (en) * | 2022-02-14 | 2022-03-15 | 统信软件技术有限公司 | File access method, computing device and readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103839011B (en) | 2017-07-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103839011A (en) | Protecting method and device of confidential files | |
| CN112513857A (en) | Personalized cryptographic security access control in a trusted execution environment | |
| CN101819612B (en) | Versatile content control with partitioning | |
| US9141815B2 (en) | System and method for intelligence based security | |
| DE60002893T2 (en) | COMPUTER PLATFORMS AND THEIR OPERATING METHOD | |
| CN101908106B (en) | Memory system with versatile content control | |
| CA2242596C (en) | System for controlling access and distribution of digital property | |
| CN101120355B (en) | System for creating control structure for versatile content control | |
| EP3074907B1 (en) | Controlled storage device access | |
| CN104794388B (en) | application program access protection method and application program access protection device | |
| CN106575342A (en) | Kernel program including relational data base, and method and device for executing said program | |
| CN105247833B (en) | Self-certified apparatus and method for | |
| US20230088172A1 (en) | System for secure provisioning and enforcement of system-on-chip (soc) features | |
| SG185640A1 (en) | Method and system of secure computing environment having auditable control of data movement | |
| CN104318176A (en) | Terminal and data management method and device thereof | |
| US10754979B2 (en) | Information management terminal device | |
| CN104866736B (en) | The system for numeral copyright management and method of a kind of non-proliferation | |
| JP2008226191A (en) | System, method, and program for authenticating information processing terminal | |
| CN112434270B (en) | Method and system for enhancing data security of computer system | |
| CN102937907B (en) | Utilize SD card to authorize software to install and upgrade the method using | |
| CN107273725B (en) | Data backup method and system for confidential information | |
| WO2015154469A1 (en) | Database operation method and device | |
| CN108345804A (en) | A kind of storage method in trusted computation environment and device | |
| KR101636802B1 (en) | File management method and system for preventing security incident by portable memory | |
| CN204613946U (en) | A kind of safe USBHUB and SD/TF card reader equipment complex |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20210310 Address after: Room 205, building 22, 785 Hutai Road, Jing'an District, Shanghai Patentee after: Shanghai Rongan Technology Co.,Ltd. Address before: 4f, area B, Fujian Overseas Students Pioneer Park, 108 Jiangbin East Avenue, Mawei District, Fuzhou City, Fujian Province, 350015 Patentee before: FUJIAN ETIM INFORMATION & TECHNOLOGY Co.,Ltd. |