CN103839011B - The guard method of confidential document and device - Google Patents

The guard method of confidential document and device Download PDF

Info

Publication number
CN103839011B
CN103839011B CN201410087713.6A CN201410087713A CN103839011B CN 103839011 B CN103839011 B CN 103839011B CN 201410087713 A CN201410087713 A CN 201410087713A CN 103839011 B CN103839011 B CN 103839011B
Authority
CN
China
Prior art keywords
confidential document
access
time
duration
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410087713.6A
Other languages
Chinese (zh)
Other versions
CN103839011A (en
Inventor
李志达
许元进
刘纯平
许林锋
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Rongan Technology Co.,Ltd.
Original Assignee
FUJIAN ETIM INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by FUJIAN ETIM INFORMATION TECHNOLOGY Co Ltd filed Critical FUJIAN ETIM INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410087713.6A priority Critical patent/CN103839011B/en
Publication of CN103839011A publication Critical patent/CN103839011A/en
Application granted granted Critical
Publication of CN103839011B publication Critical patent/CN103839011B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2125Just-in-time application of countermeasures, e.g., on-the-fly decryption, just-in-time obfuscation or de-obfuscation

Abstract

The invention discloses a kind of guard method of confidential document and device, in the above-mentioned methods, confidential document is obtained, wherein, confidential document is file to be used outside default security monitoring region;Security setting property parameters set is received, wherein, security setting sets of attribute parameters to share and license timeliness in the content of confidential document is encrypted outside default security monitoring region protection and control confidential document;Security monitoring is carried out to confidential document using the set of security setting property parameters.According to the technical scheme that provides of the present invention, effectively confidential document off-network can be carried and be controlled using the life cycle of the use duration carried out within the scope of authority, use time scope and access times, and without additionally increase hardware cost, easy to use.

Description

The guard method of confidential document and device
Technical field
The present invention relates to the communications field, guard method and device in particular to a kind of confidential document.
Background technology
At present, most of confidential document control systems are literary for the concerning security matters for taking away unit safe system environments in correlation technique The management and control of part relies primarily on transparent encryption and decryption is protected.Transparent encryption technology is to maintain secrecy to need in recent years for enterprise document Seek a kind of file ciphering technology arisen at the historic moment.It is so-called transparent, refer to it is unknown for user.When user is opening Or during editor's specified file, the file of unencryption will be encrypted automatically for system, and the file encrypted is decrypted automatically. File is ciphertext on hard disk, is in plain text in internal memory.Once use environment is left, because application program can not be solved automatically Close service and can not open, so as to get up to protect the effect of file content.Transparent encryption is to the automatic encryption of important documents, it is ensured that When and where no matter document be at encrypted state, to protect document security to greatest extent.
But, the defect of the technical scheme employed in correlation technique is:It fails to departing from unit safe system After the confidential document of environment is encrypted, the usage cycles for encrypting file are control effectively or simply made with reference to it Clock on terminal device is simply controlled, and can not but be realized and be departed from the clock on terminal device to control confidential document Period validity.
The content of the invention
The invention provides a kind of guard method of confidential document and device, at least to solve in correlation technique for departing from The problem of privacy protection of the confidential document of unit safe system environments is poor.
According to an aspect of the invention, there is provided a kind of guard method of confidential document.
The guard method of confidential document according to embodiments of the present invention includes:Confidential document is obtained, wherein, confidential document is The file to be used outside default security monitoring region;Security setting property parameters set is received, wherein, security setting category Property parameter sets be used to outside default security monitoring region the content of confidential document is encrypted protection and control concerning security matters File licenses timeliness;Security monitoring is carried out to confidential document using the set of security setting property parameters.
Preferably, before confidential document is obtained, also include:Current storage region is initialized, and to storage Region is divided, wherein, the first area after division is used in the case where the user for initiating to access is not by authentication, The non-confidential document of the first area memory storage is only shown in user;Second area after division is used to pass through identity in user In the case of certification, the confidential document of the second area memory storage is only shown in user;The 3rd region after division is used to deposit Journal file and configuration file are stored up, journal file is for licensing the every behaviour recorded in timeliness to confidential document execution Make, configuration file is used to store security setting property parameters set;The 4th region after division is used to simulate compact disk only Read memory(CDROM)Driver and the application package being stored with to confidential document progress security monitoring.
Preferably, carrying out security monitoring to confidential document using the set of security setting property parameters includes:From security setting Reading licenses duration and uses duration in property parameters set;According to pre- in access process every time to confidential document If the currently used time is added to and uses duration by the cycle, to being updated using duration;Every time to confidential document At the end of access, by being compared using duration with licensing duration for last update;If last update Be more than or equal to using duration and license duration, then prompt the user with current accessed and reached and license duration, And after the confirmation of user input is received, close confidential document and refuse the access again of user.
Preferably, carrying out security monitoring to confidential document using the set of security setting property parameters includes:From security setting Read in property parameters set and license number of times and access times;It will make in access process every time to confidential document With number of times incrementally once, access times are updated;Every time to the access of confidential document at the end of, by after renewal Access times are compared with licensing number of times;If the access times after updating, which have reached, licenses number of times, Prompt the user with current accessed and reached and license number of times, and after the confirmation of user input is received, closing is related to Ciphertext part and the access again for refusing user.
Preferably, carrying out security monitoring to confidential document using the set of security setting property parameters includes:From security setting Reading licenses time range, last use time and uses duration in property parameters set;Every time to concerning security matters text When starting to access of part, it is determined that the time shown by the internal clocking that last use time is configured earlier than itself, and according to default Last use time is updated to the time shown by internal clocking by the cycle;Every time to the access of confidential document at the end of, will The last use time of last update is compared with licensing time range;If the last of last update makes With the time beyond licensing time range, then prompt the user with current accessed and reached and license time range, and After the confirmation for receiving user input, close confidential document and refuse the access again of user.
There is provided a kind of protection device of confidential document according to another aspect of the present invention.
The protection device of confidential document according to embodiments of the present invention includes:Acquisition module, for obtaining confidential document, its In, confidential document is file to be used outside default security monitoring region;Receiver module, for receiving security setting category Property parameter sets, wherein, security setting sets of attribute parameters share in outside default security monitoring region to confidential document Protection is encrypted for content and control confidential document licenses timeliness;Processing module, for using security setting attribute ginseng Manifold is closed carries out security monitoring to confidential document.
Preferably, said apparatus also includes:Division module, for being initialized to current storage region, and to depositing Storage area domain is divided, wherein, the first area after division is used to not pass through the situation of authentication in the user for initiating to access Under, the non-confidential document of the first area memory storage is only shown in user;Second area after division is used to pass through in user In the case of authentication, the confidential document of the second area memory storage is only shown in user;Use in the 3rd region after division In storage journal file and configuration file, journal file is for licensing the items recorded in timeliness to confidential document execution Operation, configuration file is used to store security setting property parameters set;The 4th region after division is used to simulate CDROM drive And the application package to confidential document progress security monitoring that is stored with.
Preferably, processing module includes:First reading unit, is authorized for being read from security setting property parameters set Duration is used using duration and;First updating block, in access process every time to confidential document according to default week The currently used time is added to and uses duration by the phase, to being updated using duration;First comparing unit, for each To at the end of the access of confidential document, by being compared using duration with licensing duration for last update;First Processing unit, if licensing duration for being more than or equal to using duration for last update, is prompted the user with Current accessed, which has reached, licenses duration, and after the confirmation of user input is received, close confidential document and Refuse the access again of user.
Preferably, processing module includes:Second reading unit, is authorized for being read from security setting property parameters set Access times and access times;Second updating block, it is secondary for that will be used in access process every time to confidential document Number is incremented by once, and access times are updated;Second comparing unit, for terminating in the access every time to confidential document When, the access times after renewal are compared with licensing number of times;Second processing unit, if after for updating Access times, which have reached, licenses number of times, then prompts the user with current accessed and reached and license number of times, and connecing After the confirmation for receiving user input, close confidential document and refuse the access again of user.
Preferably, processing module includes:3rd reading unit, is authorized for being read from security setting property parameters set Use time scope, last use time and use duration;3rd updating block, for opening every time confidential document When beginning to access, it is determined that the time shown by the internal clocking that last use time is configured earlier than itself, and will according to predetermined period Last use time is updated to the time shown by internal clocking;3rd comparing unit, in visit every time to confidential document At the end of asking, the last use time of last update is compared with licensing time range;3rd processing unit, If the last use time for last update has prompted the user with current accessed beyond time range is licensed Time range is licensed through reaching, and after the confirmation of user input is received, closes confidential document and refusal is used The access again at family.
By the embodiment of the present invention, using obtaining confidential document, the confidential document be default security monitoring region it Outer file to be used;Security setting property parameters set is received, the security setting sets of attribute parameters is shared in default peace The content of confidential document is encrypted outside full monitor area protection and control confidential document licenses timeliness;Using peace The full parameter sets that set a property carry out security monitoring to confidential document, i.e., confidential document is being taken away to the security context that currently controls Afterwards, encipherment protection can not only be provided for confidential document, but also safe handling timeliness that can be effectively to confidential document adds To control, the privacy for thus solving the confidential document in correlation technique for departing from unit safe system environments protects poor The problem of, and then effectively confidential document off-network can be carried using the use duration, use time carried out within the scope of authority Scope and the control of the life cycle of access times, and without additionally increase hardware cost, easy to use.
Brief description of the drawings
Accompanying drawing described herein is used for providing a further understanding of the present invention, constitutes the part of the application, this hair Bright schematic description and description is used to explain the present invention, does not constitute inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the guard method of confidential document according to embodiments of the present invention;
Fig. 2 is the schematic diagram that the storage region according to the preferred embodiment of the invention to USB device is initialized;
Fig. 3 is the structured flowchart of the protection device of confidential document according to embodiments of the present invention;
Fig. 4 is the structured flowchart of the protection device of confidential document according to the preferred embodiment of the invention.
Embodiment
Describe the present invention in detail below with reference to accompanying drawing and in conjunction with the embodiments.It should be noted that not conflicting In the case of, the feature in embodiment and embodiment in the application can be mutually combined.
Fig. 1 is the flow chart of the guard method of confidential document according to embodiments of the present invention.As shown in figure 1, this method can With including following process step:
Step S102:Confidential document is obtained, wherein, confidential document is to be used outside default security monitoring region File;
Step S104:Security setting property parameters set is received, wherein, security setting sets of attribute parameters is shared in default Security monitoring region outside the content of confidential document is encrypted protection and control confidential document license timeliness;
Step S106:Security monitoring is carried out to confidential document using the set of security setting property parameters.
It is poor for departing from the privacy protection of confidential document of unit safe system environments in correlation technique.Using such as Method shown in Fig. 1, after confidential document to be taken away to the security context currently controlled, can not only provide encryption for confidential document Protect, but also safe handling timeliness that can be effectively to confidential document is controlled by, it is right in correlation technique thus to solve The problem of the privacy protection of the confidential document of disengaging unit safe system environments is poor, and then can be effectively to concerning security matters text Part off-network carries the life cycle control using the use duration carried out within the scope of authority, use time scope and access times System, and without additionally increase hardware cost, easy to use.
Preferably, in step S102, obtain before confidential document, following operation can also be included:
Step S1:Current storage region is initialized, and storage region is divided, wherein, after division First area is used to, in the case where the user for initiating to access is not by authentication, only be shown in the first area to user The non-confidential document of storage;Second area after division is used in the case where user is by authentication, is only shown to user In the confidential document of the second area memory storage;The 3rd region after division is used to store journal file and configuration file, daily record File is for licensing the operations recorded in timeliness to confidential document execution, and configuration file is used to store security setting Property parameters set;The 4th region after division is used to simulate compact disk read-only storage(CDROM)Driver is simultaneously stored There is the application package that security monitoring is carried out to confidential document.
In a preferred embodiment, the guard method of above-mentioned confidential document can apply to portable set, for example:General string Row bus(USB)Equipment.Fig. 2 is showing of being initialized of the storage region according to the preferred embodiment of the invention to USB device It is intended to.As shown in Fig. 2 the storage region of USB device can be initialized as into following four subregion:
(1)Open zone:In the case of not by authentication, encryption memory block is not shown(Encryption memory block is added To shield), and common U disk area is only shown as on the terminal device;
(2)Encrypt memory block:This region is used to deposit the confidential document after encryption, only recognizes by identity After card, encryption memory block could be shown, and original common U disk area will no longer be shown;
(3)Private area:The region is only capable of the application programming interfaces by USB KEY(API)The read-write operation of data is performed, It is used to deposit journal file and configuration file;And configuration file itself can also be deposited after being encrypted, wherein, match somebody with somebody At least one of can be included but is not limited to by putting the property parameters carried in file:License duration, using duration, from Net file generated time, last access time, mandate time range(For example:1 day 00 January in 2014:00:In January, 00 to 2014 7 days 23:59:59), license number of times, access times;
(4)Control tool storage area:The region can simulate the read-only storage of a compact disk on the terminal device Device(CDROM)Driver, and it is provided with proprietary control software instrument(Hereinafter referred to as:Control instrument).
Above-mentioned control instrument can provide encryption memory block file access interface, login authentication, it is transparent plus(Solution)Close, visit Ask control(For example:The process of file is opened, whether allows outwards duplication, whether allows to external pasting, whether allows to print, is It is no to allow to perform the functions such as read/write operation, anti-screenshotss, the duplication of anti-internal memory)And USB key API is called to the text of private area Part is written and read operation.
Preferably, in step s 106, carrying out security monitoring to confidential document using the set of security setting property parameters can To comprise the following steps:
Step S2:Reading licenses duration and uses duration from security setting property parameters set;
Step S3:The currently used time is added to according to predetermined period in access process every time to confidential document Using duration, to being updated using duration;
Step S4:Every time to the access of confidential document at the end of, by last update using duration with authorize It is compared using duration;
Step S5:If duration is licensed in being more than or equal to using duration for last update, carried to user Show that current accessed has reached and license duration, and after the confirmation of user input is received, close confidential document with And the access again of refusal user.
In a preferred embodiment, for using duration limitation, when just signing in in control instrument, control instrument will Obtained in the automatic configuration file stored from private area and license duration, use duration, last access time(It is not Time shown by the clock of terminal device), the information such as access times.Control instrument can be every 3 seconds or every 5 seconds etc. Duration set in advance will use duration to be added in the property parameters value of " having used duration " in system.And exiting control work , it is necessary to which the property parameters value of " using duration " and the property parameters value of " licensing duration " are compared during tool;When " Use duration " when being more than or equal to " licensing duration ", it can both be removed in data storage area internal memory according to the attribute authorized The file put can also be retained in the file deposited in data storage area, and prompt the user with and reached that maximum uses duration.Such as Fruit user, which clicks on, to be confirmed, it will is closed opened file and is logged off.When user logs on, then user can be reminded to be somebody's turn to do USB device is beyond the time range licensed.
Preferably, in step s 106, carrying out security monitoring to confidential document using the set of security setting property parameters can With including following operation:
Step S6:Read from security setting property parameters set and license number of times and access times;
Step S7:In access process every time to confidential document by access times incrementally once, to access times It is updated;
Step S8:Every time to the access of confidential document at the end of, by the access times after renewal and license time Number is compared;
Step S9:If the access times after updating, which have reached, licenses number of times, current visit is prompted the user with Ask and reached and license number of times, and after the confirmation of user input is received, close confidential document and refusal is used The access again at family.
In a preferred embodiment, for access times limitation, when user has just been signed in in control instrument, work is controlled Number of times the two property parameters licensed number of times and used will be obtained from the configuration file of private area automatically by having.Control Tool needle can all perform one-accumulate operation to each sign-on access, and accumulation result can pass through USB key by control instrument Api interface is written in configuration file, and according to this sub-authorization tyre whether clearsanattribute decides whether to clear data The file of memory block, can also provide the prompt message for having reached maximum access times in addition.Confirm if user clicks on, it will close Close opened file and log off.When user logs on, then user's USB device can be reminded to already exceed and licensed Number of times.
Preferably, in step s 106, carrying out security monitoring to confidential document using the set of security setting property parameters can To comprise the following steps:
Step S10:From security setting property parameters set read license time range, last use time and Duration is used;
Step S11:Every time to confidential document when starting to access, it is determined that last use time is earlier than in itself configuration Time shown by portion's clock, and last use time is updated to the time shown by internal clocking according to predetermined period;
Step S12:Every time to the access of confidential document at the end of, by the last use time of last update with awarding Power use time scope is compared;
Step S13:If the last use time of last update is carried beyond time range is licensed to user Show that current accessed has reached and license time range, and after the confirmation of user input is received, close concerning security matters text Part and the access again for refusing user.
In a preferred embodiment, for the limitation of use time scope, when user has just been signed in in control instrument, control Instrument processed will be obtained from the configuration file of private area automatically to be licensed time range, the time finally used and has used These three property parameters of duration.Meanwhile, control instrument can also obtain the time shown by the clock on terminal device.When logging in Judge time shown by the clock of terminal device whether before " the last use time " in configuration file;If it is, will USB device is locked, and USB device after locking will be if it is desired to reusing will be unlocked in concerning security matters management system. The function is primarily to prevent that malice from extending the usage cycles of USB device;If it is not, then can be by the clock institute on terminal device In the property parameters value of the time write-in " last use time " of display, and at interval of preset duration(For example:5 seconds)Update one It is secondary.Then judge whether the time that current system is used is in the time range of mandate again;If it is, and meeting other File then can be normally accessed in the case of part;Otherwise, by according to this sub-authorization tyre whether clearsanattribute decide whether need The confidential document cleared data in memory block, and provide the prompt message for reaching useful life.Confirm if user clicks on, will Opened file can be closed and logged off.When user logs on, then user's USB device can be reminded to already exceed and used Time range.
As a preferred embodiment of the present invention, confidential document is taken away into security control region and in security control area It is overseas that following process step can be included to confidential document progress operations:
The first step, obtained in concerning security matters management system the need for user submits specific confidential document is subjected to off-network tyre Request, the application authority of reception user input, password, off-network are used after duration, use time scope, access times and failure Whether the information such as memory block is emptied.
Second step, auditor can examine according to the information received in concerning security matters management system to user's request, if Examination & approval pass through, then can enter next link;Otherwise, whole flow process terminates.
3rd step, by generate personnel by USB device insert terminal device when, examination & approval are passed through by concerning security matters management system Off-network file write-in USB device encryption memory block, and will examine pass through authorization privilege, password, using duration, use time Scope, allow the number of times that uses and the configuration file in the information such as memory block write-in private area whether is removed after failure.
4th step, during off-network file tyre use, can by USB device insert unsecured network environment under end End equipment.Now, control program meeting automatic running installs the safeguard protection kernel of driving stage, and virtual in " my computer " Control tool software is provided with one CDROM area, the region, and ejects authentication dialogue frame, user input password is waited Log in.If logged in effective time range, you can a listed files inventory occur, just may be used after specific file is double-clicked Check corresponding file.The opening process of file, outwards replicate, to external pasting, screenshotss, internal memory replicate etc. operation be required to by The monitoring of control instrument.If logged in outside effective time range, then the tyre USB device will be unable to continue to read Take file.
USB device can be inserted into original secure system environment and be reclaimed after the completion of 5th step, use, concerning security matters pipe The file for not making to remove, daily record can be reclaimed and be reset configuration information by reason system.
Fig. 3 is the structured flowchart of the protection device of confidential document according to embodiments of the present invention.The guarantor of above-mentioned confidential document Protection unit can apply to portable set, for example:USB device.As shown in figure 3, the protection device of the confidential document can be wrapped Include:Acquisition module 10, for obtaining confidential document, wherein, confidential document is to be used outside default security monitoring region File;Receiver module 20, for receiving security setting property parameters set, wherein, security setting sets of attribute parameters share in Content to confidential document outside default security monitoring region is encrypted protection and controls licensing for confidential document Timeliness;Processing module 30, for carrying out security monitoring to confidential document using the set of security setting property parameters.
Using device as shown in Figure 3, the concerning security matters text for departing from unit safe system environments in correlation technique is solved The problem of privacy protection of part is poor, and then effectively the carrying use of confidential document off-network can be carried out within the scope of authority Controlled using the life cycle of duration, use time scope and access times, and without additionally increasing hardware cost, using It is convenient.
Preferably, as shown in figure 4, said apparatus can also include:Division module 40, for entering to current storage region Row initialization, and storage region is divided, wherein, the first area after division is used to not pass through in the user for initiating to access In the case of authentication, the non-confidential document of the first area memory storage is only shown in user;Second area after division In the case of in user by authentication, the confidential document of the second area memory storage is only shown in user;Divide The 3rd region afterwards is used to store journal file and configuration file, and journal file is used to record to concerning security matters licensing in timeliness The operations that file is performed, configuration file is used to store security setting property parameters set;The 4th region after division is used for Simulation CDROM drive and the application package being stored with to confidential document progress security monitoring.
Preferably, as shown in figure 4, processing module 30 can include:First reading unit 300, for belonging to from security setting Property parameter sets in read license duration and use duration;First updating block 302, for every time to confidential document Access process according to predetermined period by the currently used time be added to use duration, to being updated using duration; First comparing unit 304, for every time to the access of confidential document at the end of, by last update using duration with Duration is licensed to be compared;First processing units 306, if being more than or waiting using duration for last update In licensing duration, then prompt the user with current accessed and reached and license duration, and receiving user input After confirmation, close confidential document and refuse the access again of user.
Preferably, as shown in figure 4, processing module 30 can include:Second reading unit 308, for belonging to from security setting Property parameter sets in read license number of times and access times;Second updating block 310, for every time to confidential document Access process in by access times incrementally once, access times are updated;Second comparing unit 312, for At the end of each access to confidential document, the access times after renewal are compared with licensing number of times;At second Unit 314 is managed, if the access times after for updating, which have reached, is licensed number of times, current accessed is prompted the user with Reach and licensed number of times, and after the confirmation of user input is received, closed confidential document and refusal user Access again.
Preferably, as shown in figure 4, processing module 30 can include:3rd reading unit 316, for belonging to from security setting Property parameter sets in read license time range, last use time and use duration;3rd updating block 318, For every time to confidential document when starting to access, it is determined that shown by the internal clocking that last use time is configured earlier than itself Time, and last use time is updated to the time shown by internal clocking according to predetermined period;3rd comparing unit 320, for every time to the access of confidential document at the end of, by the last use time of last update and when licensing Between scope be compared;3rd processing unit 322, is licensed if the last use time for last update exceeds Time range, then prompt the user with current accessed and reached and license time range, and receiving user input really Recognize after information, close confidential document and refuse the access again of user.
As can be seen from the above description, following technique effect is above embodiments enabled(It should be noted that these Effect is the effect that some preferred embodiments can reach):The technical scheme that the embodiment of the present invention is provided is by concerning security matters system In the file of the type such as data, image effectively the use duration of file can be added when taking away the security context currently controlled To control.Allow carrying off-network(Leave internal security network environment)Confidential document be only capable of in the time range of mandate carry out The operations such as reading, modification and displaying, and do not influenceed by the clock change on terminal device, so as to effectively to concerning security matters File off-network carries the life cycle control using the use duration carried out within the scope of authority, use time scope and access times System;Meanwhile, above-mentioned USB device itself does not simultaneously need integrated electricity memory device and clock chip, and production cost is low, user Just.
Obviously, those skilled in the art should be understood that above-mentioned each module of the invention or each step can be with general Computing device realize that they can be concentrated on single computing device, or be distributed in multiple computing devices and constituted Network on, alternatively, the program code that they can be can perform with computing device be realized, it is thus possible to they are stored Performed in the storage device by computing device, and in some cases, can be shown to be performed different from order herein The step of going out or describe, they are either fabricated to each integrated circuit modules respectively or by multiple modules in them or Step is fabricated to single integrated circuit module to realize.So, the present invention is not restricted to any specific hardware and software combination.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (8)

1. a kind of guard method of confidential document, it is characterised in that including:
Confidential document is obtained, wherein, the confidential document is file to be used outside default security monitoring region;
Security setting property parameters set is received, wherein, the security setting sets of attribute parameters is shared in the default peace Protection is encrypted to the content of the confidential document outside full monitor area and when licensing of the confidential document is controlled Effect;
Security monitoring is carried out to the confidential document using the security setting property parameters set, wherein, the confidential document Guard method be applied to portable set,
Wherein, configuration file is used to store the property parameters bag carried in security setting property parameters set, the configuration file Include at least one of:License duration, use duration, off-network file generated time, last access time, mandate time Scope, license number of times and access times;
Carrying out security monitoring to the confidential document using the security setting property parameters set includes:
When reading is licensed time range, last use time and used from the security setting property parameters set It is long;
Every time to the confidential document start access when, when determining the last use time earlier than the inside that itself is configured Time shown by clock, and according to predetermined period by the last use time be updated to shown by the internal clocking when Between;
Every time to the access of the confidential document at the end of, by the last use time of last update with it is described mandate make It is compared with time range;
If the last use time of the last update licenses time range beyond described, prompt the user with and work as Preceding access licenses time range described in having reached, and after the confirmation of the user input is received, closes institute State the access again of confidential document and the refusal user.
2. according to the method described in claim 1, it is characterised in that before the confidential document is obtained, also include:
Current storage region is initialized, and the storage region is divided, wherein, the first area after division In the case of in the user for initiating to access not by authentication, only the first area memory storage is shown in the user Non- confidential document;Second area after division is used in the case where the user is by authentication, only to the user It is shown in the confidential document of the second area memory storage;The 3rd region after division is used to store journal file and configuration text Part, the journal file is used in the operations for licensing and recording and being performed to the confidential document in timeliness, described Configuration file is used to store the security setting property parameters set;The 4th region after division is used to simulate compact disk only Read memory CDROM drive and be stored with to carry out the confidential document application package of security monitoring.
3. method according to claim 1 or 2, it is characterised in that using the security setting property parameters set to institute Stating confidential document progress security monitoring includes:
Reading licenses duration and uses duration from the security setting property parameters set;
The currently used time is added to described made according to predetermined period in every time to the access process of the confidential document With duration, it is updated using duration to described;
Every time to the access of the confidential document at the end of, by being licensed using duration with described for last update Duration is compared;
If the last update using duration be more than or equal to it is described license duration, prompt the user with and work as Preceding access licenses duration described in having reached, and after the confirmation of the user input is received, is related to described in closing Ciphertext part and the access again of the refusal user.
4. method according to claim 1 or 2, it is characterised in that using the security setting property parameters set to institute Stating confidential document progress security monitoring includes:
Read from the security setting property parameters set and license number of times and access times;
In every time to the access process of the confidential document will described in access times incrementally once, to the access times It is updated;
Every time to the access of the confidential document at the end of, the access times after renewal are entered with the number of times of licensing Row compares;
If the access times after the renewal license number of times described in having reached, current accessed has been prompted the user with Through reach it is described license number of times, and after the confirmation of the user input is received, close the confidential document with And the access again of the refusal user.
5. a kind of protection device of confidential document, it is characterised in that including:
Acquisition module, for obtaining confidential document, wherein, the confidential document is to wait to make outside default security monitoring region File;
Receiver module, for receiving security setting property parameters set, wherein, the security setting sets of attribute parameters share in Protection is encrypted to the content of the confidential document outside the default security monitoring region and the confidential document is controlled License timeliness;
Processing module, for carrying out security monitoring to the confidential document using the security setting property parameters set, wherein, The protection device of the confidential document is applied to portable set,
Wherein, configuration file is used to store the property parameters bag carried in security setting property parameters set, the configuration file Include at least one of:License duration, use duration, off-network file generated time, last access time, mandate time Scope, license number of times and access times;
The processing module includes:
3rd reading unit, licenses time range, finally makes for being read from the security setting property parameters set Duration is used with the time and;
3rd updating block, for every time to the confidential document when starting to access, determining that the last use time is early The time shown by internal clocking in itself configuration, and the last use time is updated in described according to predetermined period Time shown by portion's clock;
3rd comparing unit, for every time to the access of the confidential document at the end of, last by last update makes It is compared with the time with the time range of licensing;
3rd processing unit, if the last use time for the last update licenses time model beyond described Enclose, then prompt the user with current accessed reached it is described license time range, and receiving the user input After confirmation, the access again of the confidential document and the refusal user are closed.
6. device according to claim 5, it is characterised in that described device also includes:
Division module, for being initialized to current storage region, and is divided to the storage region, wherein, draw First area after point is used to, in the case where the user for initiating to access is not by authentication, only be shown in this to the user The non-confidential document of first area memory storage;Second area after division is used for the situation for passing through authentication in the user Under, the confidential document of the second area memory storage is only shown in the user;The 3rd region after division is used to store Journal file and configuration file, the journal file are used to record in timeliness to confidential document execution in described license Operations, the configuration file be used for store the security setting property parameters set;The 4th region after division is used for Simulation compact disk read-only storage CDROM drive and the application journey being stored with to confidential document progress security monitoring Sequence bag.
7. the device according to claim 5 or 6, it is characterised in that the processing module includes:
First reading unit, when licensing duration for being read from the security setting property parameters set and used It is long;
First updating block, for will be currently used according to predetermined period in every time to the access process of the confidential document when Between be added to it is described use duration, be updated using duration to described;
First comparing unit, for every time to the access of the confidential document at the end of, by having used for last update Duration is compared with the duration of licensing;
First processing units, if for the last update when being more than or equal to described license using duration It is long, then prompt the user with current accessed reached it is described license duration, and in the confirmation for receiving the user input After information, the access again of the confidential document and the refusal user are closed.
8. the device according to claim 5 or 6, it is characterised in that the processing module includes:
Second reading unit, number of times is licensed and using secondary for being read from the security setting property parameters set Number;
Second updating block, for access times to be incremented by one by described in every time to the access process of the confidential document It is secondary, the access times are updated;
Second comparing unit, for every time to the access of the confidential document at the end of, by the access times after renewal with The number of times of licensing is compared;
Second processing unit, if for the access times after the renewal reached it is described license number of times, to User's prompting current accessed licenses number of times described in having reached, and after the confirmation of the user input is received, Close the access again of the confidential document and the refusal user.
CN201410087713.6A 2014-03-11 2014-03-11 The guard method of confidential document and device Active CN103839011B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410087713.6A CN103839011B (en) 2014-03-11 2014-03-11 The guard method of confidential document and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410087713.6A CN103839011B (en) 2014-03-11 2014-03-11 The guard method of confidential document and device

Publications (2)

Publication Number Publication Date
CN103839011A CN103839011A (en) 2014-06-04
CN103839011B true CN103839011B (en) 2017-07-14

Family

ID=50802495

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410087713.6A Active CN103839011B (en) 2014-03-11 2014-03-11 The guard method of confidential document and device

Country Status (1)

Country Link
CN (1) CN103839011B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104283867A (en) * 2014-09-11 2015-01-14 江苏集群软创信息科技有限公司 Method for safe access to distributed databases
CN105844173A (en) * 2016-03-23 2016-08-10 福建正孚软件有限公司 Memory-level file encryption and decryption method and device
CN107122678A (en) * 2017-04-28 2017-09-01 上海与德科技有限公司 Protect the method and device of product parameters
CN107526961B (en) * 2017-08-28 2021-03-16 郑州云海信息技术有限公司 Method and device for changing network parameters and user passwords of server
CN108121798A (en) * 2017-12-20 2018-06-05 杭州云屏科技有限公司 A kind of file monitor method, apparatus, equipment and storage medium
CN108400966B (en) * 2018-01-04 2020-08-07 中国地质大学(武汉) File access method and equipment based on aging control and storage equipment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710633A (en) * 2012-05-29 2012-10-03 大连佳姆信息安全软件技术有限公司 Cloud security management system of security electronic documents and method
CN102708335A (en) * 2012-05-05 2012-10-03 南京赛孚科技有限公司 Confidential file protection method
CN103617399A (en) * 2013-11-06 2014-03-05 北京深思数盾科技有限公司 Data file protecting method and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5818936A (en) * 1996-03-15 1998-10-06 Novell, Inc. System and method for automically authenticating a user in a distributed network system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102708335A (en) * 2012-05-05 2012-10-03 南京赛孚科技有限公司 Confidential file protection method
CN102710633A (en) * 2012-05-29 2012-10-03 大连佳姆信息安全软件技术有限公司 Cloud security management system of security electronic documents and method
CN103617399A (en) * 2013-11-06 2014-03-05 北京深思数盾科技有限公司 Data file protecting method and device

Also Published As

Publication number Publication date
CN103839011A (en) 2014-06-04

Similar Documents

Publication Publication Date Title
CN103839011B (en) The guard method of confidential document and device
EP2731040B1 (en) Computer system for storing and retrieval of encrypted data items, client computer, computer program product and computer-implemented method
DE60002893T2 (en) COMPUTER PLATFORMS AND THEIR OPERATING METHOD
CN101819612B (en) Versatile content control with partitioning
CN101490689B (en) Content control system and method using certificate chains
CN101908106B (en) Memory system with versatile content control
US8261320B1 (en) Systems and methods for securely managing access to data
CN102624699B (en) Method and system for protecting data
CN102508791B (en) Method and device for encrypting hard disk partition
US9521132B2 (en) Secure data storage
CN106104563A (en) The technology of network security is provided by the account just opened on time
US9900157B2 (en) Object signing within a cloud-based architecture
CN106537407A (en) Root of trust
CN104333545B (en) The method that cloud storage file data is encrypted
US10897359B2 (en) Controlled storage device access
CN100447772C (en) Programmable logic controller peripheral device
CN104156672B (en) data encryption protection method and system based on LINUX
US9215070B2 (en) Method for the cryptographic protection of an application
CN106304040A (en) The management method of Mobile solution, device
CN101739361A (en) Access control method, access control device and terminal device
CN107092838A (en) A kind of safety access control method of hard disk and a kind of hard disk
CN109344598A (en) The binding of equipment room and authority control method, device, equipment and storage medium
CN104104650B (en) data file access method and terminal device
CN104866736B (en) The system for numeral copyright management and method of a kind of non-proliferation
CN104573493B (en) A kind of method for protecting software and system

Legal Events

Date Code Title Description
PB01 Publication
C06 Publication
SE01 Entry into force of request for substantive examination
C10 Entry into substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right

Effective date of registration: 20210310

Address after: Room 205, building 22, 785 Hutai Road, Jing'an District, Shanghai

Patentee after: Shanghai Rongan Technology Co.,Ltd.

Address before: 4f, area B, Fujian Overseas Students Pioneer Park, 108 Jiangbin East Avenue, Mawei District, Fuzhou City, Fujian Province, 350015

Patentee before: FUJIAN ETIM INFORMATION & TECHNOLOGY Co.,Ltd.

TR01 Transfer of patent right