CN103995990A - Method for preventing electronic documents from divulging secrets - Google Patents
Method for preventing electronic documents from divulging secrets Download PDFInfo
- Publication number
- CN103995990A CN103995990A CN201410201187.1A CN201410201187A CN103995990A CN 103995990 A CN103995990 A CN 103995990A CN 201410201187 A CN201410201187 A CN 201410201187A CN 103995990 A CN103995990 A CN 103995990A
- Authority
- CN
- China
- Prior art keywords
- file
- divulging
- secret
- shear plate
- copy
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention relates to a method for preventing electronic documents from divulging secrets. The method includes the steps of providing an encryption module, encrypting the documents when the newly-generated or modified documents are saved by the encryption module, and decrypting the documents when the encrypted documents are opened; providing a behavior control module, and controlling various document operation behaviors possibly causing secret divulging with the behavior control module. The core technology of the encryption module and the behavior control module is the APIHOOK technology, namely a jump function is executed by intercepting relative API requests to achieve needed accessory functions. By means of the method, multiple security policy supports are provided, control management (screen capturing, copying, pasting, file printing and the like) is carried out on various behaviors possibly causing electronic document secret divulging, a safe electronic document secret-divulging-preventing work environment is created, and the application scope is wide. By means of the method, extra hardware supports are not needed, the performance cost ratio is high, and the method is visual in use, rapid and convenient to operate and wide in application scope.
Description
Technical field
The present invention relates to safety of electronic file management, relate in particular to a kind of anti-method of divulging a secret of e-file, belong to computer information safety technique field.
Background technology
The development of infotech has promoted the raising of people's work efficiency, and people's life, study, work more and more depend on the use of various information tools.The needed various information of people is also more and more preserved and is propagated in the mode of electronic document.Meanwhile, the fragility of infosystem makes these personal sensitive informations face the threat of stolen or illegal use.In order to address the above problem, the series of measures such as fire wall, anti-virus software are put into effect in succession, make computer have powerful phylactic power defensive power for the attack of external network.But being on the rise of internal problem do not alleviated in the solution of external issues.Not only in enterprise, internal leakage problem is serious, and individual privacy is no exception, and such example is of common occurrence in daily life.
The anti-mode of mainly taking of divulging a secret of e-file has two kinds at present.The first is manual encryption, and modal manual encryption is RAR encryption in daily life.The shortcoming of traditional manual encryption is to accomplish transparent encryption and decryption, needs the manual encryption and decryption of user, and troublesome poeration affects user's normal work, has caused great inconvenience to user, and efficiency is lower.The second is encrypted electronic data.All enterprises confidential message subdocuments are unified to encipherment protection or concentrate to be stored on special server, even there will be the little Internet bar of company---the place of fixing inquiry classified papers.As described above, the function singleness of this system, cannot be suitable for various occasions, such as some confidential message subdocument needs to carry out outgoing in the situation that authorizing.
Therefore, how to solve the anti-problem of divulging a secret of e-file, and the method solving is simple, workable, applicability extensively becomes a problem demanding prompt solution.
Summary of the invention
The invention discloses a kind of anti-method of divulging a secret of e-file, solved in simple and adaptable mode and prevented the problem that e-file is divulged a secret.
For achieving the above object, the technical scheme that the present invention takes is: a kind of anti-method of divulging a secret of e-file, the method comprises: encrypting module is provided, described encrypting module is encrypted file in the time preserving newly-generated or file that be modified, in the time opening encrypted file, file is decrypted; Behavior control module is provided, and described behavior control module may cause the file operation behavior that file is divulged a secret to control to various.
Further, encrypting module is realized the method for file encryption and file decryption and is: the api function of HOOK for preserving/opening file; Carry out encrypt/decrypt function, file is encrypted/is deciphered; Continue to carry out the api function for preserving/opening file.
Further, the method that behavior control module is controlled various file operation behaviors is: the api function that HOOK operates file; Carry out redirect function, realize additional function; If can also continue to carry out the previously operation to file after realizing additional function, continue to carry out previous api function.
The file operation behavior of the control of behavior control module further, comprises that screenshotss, FTP upload, copy stickup, file insertion and file printout etc.
Further, the method that behavior control module is controlled file copy stickup behavior is: in the time calling the api function that shear plate is set, the api function that shear plate is set is carried out to HOOK, record the writer's of current shear plate progress information; In the time carrying out the api function of copy shear plate, api function to copy shear plate carries out HOOK, judge whether to allow copy according to the user's of the writer of shear plate and shear plate identity, if do not allow copy, return to shear plate and be empty information to user, if allow copy, the content of shear plate returned to user.
Further, judge whether to allow the method for copy to be: if the writer's of shear plate process is controlled process, the user's of shear plate process is uncontrolled process, does not allow copy, in all the other situations, allow copy.
Further, the behavior control module method that behavior is controlled to file screenshotss is: HOOK carries out the api function of screenshotss to file; Judge and in the window of current demonstration, whether comprise the anti-electronic document window of divulging a secret of needs; If comprised, forbid screenshotss operation, if do not comprised, continue to carry out the api function of screenshotss.
The limitation that the potential safety hazard that may cause in the process that the present invention is directed to e-file generation and use and prior art exist, provides a kind of e-file anti-method of divulging a secret.The inventive method provides multiple security strategy support, to the various anti-working environments of divulging a secret of e-file that may cause behavior that e-file is divulged a secret to carry out control and management (screenshotss, copy stickup, file printout etc.) to have built a safety, applied widely.The inventive method is without additional hardware support, and cost performance is high, use intuitively, and simple operation, widely applicable.
Brief description of the drawings
Fig. 1 is API HOOK technology schematic diagram.
Fig. 2 is encryption and decryption process schematic diagram.
Fig. 3 is for preventing from copying schematic diagram.
Embodiment
The operation of all window applications all needs calling system api function to carry out.But existing api interface can not meet the requirement of all operations, the added value of some function can be carried out redirect function after the request of relevant API and realizes by tackling.The technology of this interception API is API HOOK technology.The encrypting module of this method and behavior control module are mainly to have used API HOOK technology.
The encrypting module of this method be mainly for file open and api function that preservation process uses carries out HOOK.In the time that file is preserved, first carry out the encryption function of encrypting module, to realize the additional function that file is encrypted, then carry out the api function that is used for preserving file, so just can ensure that the file of generation is encrypted; In the time of File Open, first carry out the decryption function of encrypting module, then carry out the api function that is used for opening file, so just can ensure that the file of encrypting can be opened.
Under windows system, software generally all can call windows API createfile function in the time generating new e-file, generally can call windows API movefile, the functions such as copyfile after amendment e-file while clicking preservation.In the time opening e-file, generally can call windows API openfile, the functions such as readfile.
The encrypting module of this method, needs the windows API such as HOOK createfile, movefile, copyfile, openfile, readfile.
Under windows system, when process is carried out replicate run, can arrange shear plate, the content copying is put into shear plate; When process is carried out paste operation, can obtain shear plate content.This just exists the content of crypto process by copying stickup, the possibility of divulging a secret.
The inventive method is monitored shear plate in real time, in the time calling the api function that shear plate is set, the api function that shear plate is set is carried out to HOOK, records the writer's of current shear plate progress information; In the time carrying out the api function of copy shear plate, api function to copy shear plate carries out HOOK, judge whether to allow copy according to the user's of the writer of shear plate and shear plate identity, if do not allow copy, return to shear plate and be empty information to user, if allow copy, the content of shear plate returned to user.
The strategy of the copy to shear plate is as follows: if the writer's of shear plate process is crypto process, the user's of shear plate process is non-crypto process, the copy that does not just allow this, the content of returning to shear plate is empty information, stops to copy the mode of stickup and divulges a secret.Other situations are all to allow copy.
The API that shear plate is set is SetClipboardData function, the API of copy shear plate is GetClipboardData function, realize above-mentioned functions, need these two API of HOOK, before process is carried out SetClipboardData, record the writer's of shear plate progress information, then carry out SetClipboardData operation; Carry out before GetClipboardData in process, judge whether to allow this copy according to the copy strategy of shear plate, permission, carries out GetClipboardData operation, otherwise the content of returning to shear plate is empty information.
Screenshotss can be also a kind of methods of divulging a secret, and copying screen can be saving in the mode of picture after the content screenshotss of the anti-e-file of divulging a secret of needs.Windows itself just carries screenshotss instrument, a lot of screenshotss software, or even chat tool all can be with the function of screenshotss.The inventive method can be monitored the operation of various screenshotss, in the time of user's screenshotss, can judge in the window of current demonstration whether comprise the anti-electronic document window of divulging a secret of needs, if comprised, forbids screenshotss, if do not comprised, allows the normal screenshotss of user.
File printout also can become one of means that e-file divulges a secret, especially unnoticed virtual printing, but the inventive method has been considered this problem, the in the situation that of non-print, HOOK has lived in the API of printing function, redirect function executes the API that no longer continues to call printing function after additional function, and that has so just stopped the electronic paper printer to become drawing to bring out to divulge a secret is possible.
Same reason, the mode of divulging a secret that method of the present invention is inserted file has also been carried out security control, forbid the content of controlled e-file to be inserted in uncontrolled e-file, stopped the content of anti-e-file of divulging a secret to put in the e-file of not encrypting.
It is similar with the implementation method of encryption and anti-copy that screenshotss control, file printout control and file insert the implementation method of controlling, and just wants the API of HOOK different, so no longer describe in detail.
Above by describing respectively the enforcement scene case of each process, describe the present invention in detail, those skilled in the art will be understood that not departing from the scope of essence of the present invention, can make an amendment and be out of shape, such as peeling off of part of module use and by system embedment in other application systems.
Claims (7)
1. the anti-method of divulging a secret of e-file, is characterized in that: encrypting module is provided, and described encrypting module is encrypted file in the time preserving newly-generated or file that be modified, in the time opening encrypted file, file is decrypted; Behavior control module is provided, and described behavior control module may cause the file operation behavior that file is divulged a secret to control to various.
2. the anti-method of divulging a secret of e-file according to claim 1, is characterized in that: the method that encrypting module is realized file encryption and file decryption is: the api function of HOOK for preserving/opening file; Carry out encrypt/decrypt function, file is encrypted/is deciphered; Continue to carry out the api function for preserving/opening file.
3. the anti-method of divulging a secret of e-file according to claim 1, is characterized in that: the method that behavior control module is controlled various file operation behaviors is: the api function that HOOK operates file; Carry out redirect function, realize additional function; If can also continue to carry out the previously operation to file after realizing additional function, continue to carry out previous api function.
4. the anti-method of divulging a secret of e-file according to claim 3, is characterized in that: the file operation behavior of behavior control mould control comprises that screenshotss, FTP upload, copy stickup, file inserts and file printout.
5. the anti-method of divulging a secret of e-file according to claim 4, it is characterized in that: the method that behavior control module is controlled file copy stickup behavior is: in the time calling the api function that shear plate is set, the api function that shear plate is set is carried out to HOOK, record the writer's of current shear plate progress information; In the time carrying out the api function of copy shear plate, api function to copy shear plate carries out HOOK, judge whether to allow copy according to the user's of the writer of shear plate and shear plate identity, if do not allow copy, return to shear plate and be empty information to user, if allow copy, the content of shear plate returned to user.
6. the anti-method of divulging a secret of e-file according to claim 5, it is characterized in that: judge whether to allow the method for copy to be: if the writer's of shear plate process is controlled process, the user's of shear plate process is uncontrolled process, do not allow copy, in all the other situations, allow copy.
7. the anti-method of divulging a secret of e-file according to claim 4, is characterized in that: the method that behavior control module is controlled the behavior of file screenshotss is: HOOK carries out the api function of screenshotss to file; Judge and in the window of current demonstration, whether comprise the anti-electronic document window of divulging a secret of needs; If comprised, forbid screenshotss operation, if do not comprised, continue to carry out the api function of screenshotss.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410201187.1A CN103995990A (en) | 2014-05-14 | 2014-05-14 | Method for preventing electronic documents from divulging secrets |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410201187.1A CN103995990A (en) | 2014-05-14 | 2014-05-14 | Method for preventing electronic documents from divulging secrets |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103995990A true CN103995990A (en) | 2014-08-20 |
Family
ID=51310153
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410201187.1A Pending CN103995990A (en) | 2014-05-14 | 2014-05-14 | Method for preventing electronic documents from divulging secrets |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103995990A (en) |
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105160263A (en) * | 2015-09-18 | 2015-12-16 | 四川效率源信息安全技术股份有限公司 | Method for preventing outgoing document from being copied |
| CN105224893A (en) * | 2015-09-18 | 2016-01-06 | 四川效率源信息安全技术股份有限公司 | A kind of outgoing document that prevents is by the method printed |
| CN105224862A (en) * | 2015-09-25 | 2016-01-06 | 北京北信源软件股份有限公司 | A kind of hold-up interception method of office shear plate and device |
| CN105303074A (en) * | 2015-10-15 | 2016-02-03 | 江苏敏捷科技股份有限公司 | Method for protecting security of Web application |
| CN105956464A (en) * | 2016-04-25 | 2016-09-21 | 北京珊瑚灵御科技有限公司 | Android platform-based clipboard control system and method |
| CN106201468A (en) * | 2016-06-28 | 2016-12-07 | 北京金山安全软件有限公司 | Screen capture processing method and device and electronic equipment |
| CN106612376A (en) * | 2016-12-27 | 2017-05-03 | 努比亚技术有限公司 | Mobile terminal and file processing method thereof |
| CN107480538A (en) * | 2017-06-30 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | File encrypting method, device, computer-readable recording medium and equipment |
| CN108121914A (en) * | 2018-01-17 | 2018-06-05 | 四川神琥科技有限公司 | A kind of document, which is divulged a secret, protects tracing system |
| CN109409098A (en) * | 2017-10-24 | 2019-03-01 | 浙江华途信息安全技术股份有限公司 | The method and apparatus for preventing shear plate leaking data |
| CN111259431A (en) * | 2020-02-18 | 2020-06-09 | 上海迅软信息科技有限公司 | Computer software data encryption system and encryption method thereof |
| CN112463402A (en) * | 2020-11-03 | 2021-03-09 | 浙江华途信息安全技术股份有限公司 | Clipboard control method and system based on macOS operating system |
| CN113342449A (en) * | 2021-06-29 | 2021-09-03 | 北京天空卫士网络安全技术有限公司 | Data protection method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101729550A (en) * | 2009-11-09 | 2010-06-09 | 西北大学 | Digital content safeguard system based on transparent encryption and decryption method thereof |
| CN102004878A (en) * | 2010-11-22 | 2011-04-06 | 北京北信源软件股份有限公司 | Anti-screenshot technology-based file data protection method |
| CN102254124A (en) * | 2011-07-21 | 2011-11-23 | 周亮 | Information security protecting system and method of mobile terminal |
| US20120154868A1 (en) * | 2007-08-09 | 2012-06-21 | Canon Kabushiki Kaisha | Document management system, document management method, and storage medium |
| CN102651036A (en) * | 2012-04-14 | 2012-08-29 | 沈阳通用软件有限公司 | Universal and reliable file coping operation identifying method |
| CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
-
2014
- 2014-05-14 CN CN201410201187.1A patent/CN103995990A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20120154868A1 (en) * | 2007-08-09 | 2012-06-21 | Canon Kabushiki Kaisha | Document management system, document management method, and storage medium |
| CN101729550A (en) * | 2009-11-09 | 2010-06-09 | 西北大学 | Digital content safeguard system based on transparent encryption and decryption method thereof |
| CN102004878A (en) * | 2010-11-22 | 2011-04-06 | 北京北信源软件股份有限公司 | Anti-screenshot technology-based file data protection method |
| CN102254124A (en) * | 2011-07-21 | 2011-11-23 | 周亮 | Information security protecting system and method of mobile terminal |
| CN102651036A (en) * | 2012-04-14 | 2012-08-29 | 沈阳通用软件有限公司 | Universal and reliable file coping operation identifying method |
| CN103605930A (en) * | 2013-11-27 | 2014-02-26 | 湖北民族学院 | Double file anti-divulging method and system based on HOOK and filtering driving |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105224893A (en) * | 2015-09-18 | 2016-01-06 | 四川效率源信息安全技术股份有限公司 | A kind of outgoing document that prevents is by the method printed |
| CN105160263A (en) * | 2015-09-18 | 2015-12-16 | 四川效率源信息安全技术股份有限公司 | Method for preventing outgoing document from being copied |
| CN105224862B (en) * | 2015-09-25 | 2018-03-27 | 北京北信源软件股份有限公司 | A kind of hold-up interception method and device of office shear plates |
| CN105224862A (en) * | 2015-09-25 | 2016-01-06 | 北京北信源软件股份有限公司 | A kind of hold-up interception method of office shear plate and device |
| CN105303074A (en) * | 2015-10-15 | 2016-02-03 | 江苏敏捷科技股份有限公司 | Method for protecting security of Web application |
| CN105956464A (en) * | 2016-04-25 | 2016-09-21 | 北京珊瑚灵御科技有限公司 | Android platform-based clipboard control system and method |
| CN106201468A (en) * | 2016-06-28 | 2016-12-07 | 北京金山安全软件有限公司 | Screen capture processing method and device and electronic equipment |
| CN106201468B (en) * | 2016-06-28 | 2019-07-23 | 珠海豹趣科技有限公司 | A kind of processing method of screenshotss, device and electronic equipment |
| CN106612376A (en) * | 2016-12-27 | 2017-05-03 | 努比亚技术有限公司 | Mobile terminal and file processing method thereof |
| CN107480538A (en) * | 2017-06-30 | 2017-12-15 | 武汉斗鱼网络科技有限公司 | File encrypting method, device, computer-readable recording medium and equipment |
| CN109409098A (en) * | 2017-10-24 | 2019-03-01 | 浙江华途信息安全技术股份有限公司 | The method and apparatus for preventing shear plate leaking data |
| CN108121914A (en) * | 2018-01-17 | 2018-06-05 | 四川神琥科技有限公司 | A kind of document, which is divulged a secret, protects tracing system |
| CN108121914B (en) * | 2018-01-17 | 2021-04-13 | 四川神琥科技有限公司 | Document divulgence protection tracking system |
| CN111259431A (en) * | 2020-02-18 | 2020-06-09 | 上海迅软信息科技有限公司 | Computer software data encryption system and encryption method thereof |
| CN112463402A (en) * | 2020-11-03 | 2021-03-09 | 浙江华途信息安全技术股份有限公司 | Clipboard control method and system based on macOS operating system |
| CN113342449A (en) * | 2021-06-29 | 2021-09-03 | 北京天空卫士网络安全技术有限公司 | Data protection method and device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103995990A (en) | Method for preventing electronic documents from divulging secrets | |
| US8141159B2 (en) | Method and system for protecting confidential information | |
| CN102254117B (en) | Virtualized technology-based data anti-disclosure system | |
| CA2553648C (en) | Adaptive transparent encryption | |
| US20140189356A1 (en) | Method of restricting corporate digital information within corporate boundary | |
| US9202076B1 (en) | Systems and methods for sharing data stored on secure third-party storage platforms | |
| CN103268456B (en) | Method and device for file safety control | |
| US7577838B1 (en) | Hybrid systems for securing digital assets | |
| TWI493950B (en) | Conditional electric document right management system and method | |
| CN104077244A (en) | Process isolation and encryption mechanism based security disc model and generation method thereof | |
| US11295029B1 (en) | Computer file security using extended metadata | |
| US10164980B1 (en) | Method and apparatus for sharing data from a secured environment | |
| CN105303074A (en) | Method for protecting security of Web application | |
| CN104618096A (en) | Method and device for protecting secret key authorized data, and TPM (trusted platform module) secrete key management center | |
| CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
| CN104636675A (en) | System and method for providing safety protection for database | |
| US20090150680A1 (en) | Data Security in Mobile Devices | |
| CN104376270A (en) | File protection method and system | |
| Marsalek et al. | Unleashing the full potential of blockchain technology for security-sensitive business applications | |
| TWI381285B (en) | Rights management system for electronic files | |
| CN113056737A (en) | Secure call engagement system and method | |
| CN109344632A (en) | A kind of OPENSTACK volumes of encryption method based on hardware encryption card | |
| Min et al. | Practices of agile manufacturing enterprise data security and software protection | |
| KR20090024371A (en) | A.i drm agent | |
| JP6242019B2 (en) | File management system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140820 |