CN104318172A - File nonproliferation technology based on local area network personalized features - Google Patents
File nonproliferation technology based on local area network personalized features Download PDFInfo
- Publication number
- CN104318172A CN104318172A CN201410561093.5A CN201410561093A CN104318172A CN 104318172 A CN104318172 A CN 104318172A CN 201410561093 A CN201410561093 A CN 201410561093A CN 104318172 A CN104318172 A CN 104318172A
- Authority
- CN
- China
- Prior art keywords
- file
- network
- local area
- mac address
- area network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Medical Informatics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file nonproliferation technology based on local area network personalized features. The method includes before unfolding a file, allowing a local machine to transmit a local area network feature data request to a server, and decoding the file through the acquired feature data and comparing the network consistences; detecting the network neighbor environment when the file is stored, guaranteeing the server in the approved network environment, coding the file through the network feature values, comparing the trust and distrust with the preset trust and distrust, and implementing necessary protective measures when the trust and distrust cannot meet the standard. Thus, the file is effectively prevented from being copied and transmitted to unauthorized places illegally.
Description
Technical field
The invention belongs to computer information safety technique field, particularly relate to a kind of document security non-proliferation method.
Background technology
Along with the fast development of computer technology, infotech is maked rapid progress, and information-based had development at full speed in all trades and professions.For enterprises and institutions, electronic document has become the lifeblood of company.At this stage, enterprises and institutions generally comprise these technology following for the safeguard procedures of these electronic documents: 1) adopt redundancy technique, based on the backup of memory of file server or specialty, are collected by file; 2) adopt local cipher technology, in-company file is encrypted in this locality, prevents unwarranted propagation; 3) adopt control of authority technology, prevent having a mind to or being not intended to the operation to file of unauthorized user, cause the destruction of file.These three kinds of typical technology above; can protected file to a certain extent, stop illicit distributions, but network manager, the personnel itself of backup or rights management that are responsible for are but outside strick precaution; file is just completely out of control once open simultaneously, can be copied arbitrarily and transmit.
Summary of the invention
A method for document security non-proliferation, wherein, described method is, is encrypted needing the document protected in LAN (Local Area Network), and registration entries on the server.Network characterization decryption technology can be used when File Open and network characterization encryption technology can be used when file is preserved, thus ensureing the safety of file when opening and use.
Described network characterization decryption technology be open file before, local machine sends the request of LAN (Local Area Network) characteristic and by the characteristic obtained to file decryption and comparing cell consistance to server.
Particularly, described network characterization comprises gateway address, start address, netmask, the gateway MAC address of LAN (Local Area Network), will gather network neighbor's MAC Address group in addition.Wherein network neighbor's MAC Address group is for verifying network environment consistance.
Described network characterization encryption technology is used for checking place People Near Me environment when file is preserved, and guarantees, in the network environment of server license, then to utilize networking character value to file encryption.
Particularly, described network characterization comprises interior gateway address, start address, the netmask of LAN (Local Area Network), gateway MAC address.When encrypt file, first making network neighbor's MAC Address group be attached to tail of file, then use gateway address, start address, netmask, the encryption key that gateway MAC address combines is encrypted file.
Further, system can customize network environment comparing result confidence level or untrusted degree, and by the result received and preset credible acceptance or non-ly can acceptance can to contrast, different safeguard procedures are taked according to comparing result, described system comparison process is suitable for pattern and is divided into two kinds, be respectively credible acceptance and unacceptable degree, adopt wherein a kind of pattern.
Particularly, the standard of described credible acceptance is that the MAC Address group of network neighbor's MAC Address group and the tail of file received contrasts confidence level target and acquires a certain degree and namely think credible, gives user corresponding authority; Namely unacceptable value is thought, by prompting or automatically forbid that user uses or operate associated documents or program outside confidence level.
Particularly, the standard of described unacceptable degree is that the MAC Address group of network neighbor's MAC Address group and the tail of file received contrasts and reliability index can not acquire a certain degree and just think insincere, now by prompting or automatically forbid that user uses or operate associated documents or program, and namely think for acceptable value outside untrusted region, give user-dependent authority.
The invention provides a kind of method of document non-proliferation, carry out network characterization decryption technology when document is opened, prevent unwarranted reading and browsing; The network characterization encryption technology that this method comprises simultaneously can be compared the network neighbor's MAC Address group from server request when document storing with the MAC Address group of the tail of file prestored; and by contrasting with preset confidence level or untrusted degree; once necessary safeguard procedures will be taked to it lower than standard; thus effectively protect the safety of the core document of enterprises, effectively stop the illegal copies of file and be transferred to undelegated place.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet that opens file in document security non-proliferation method provided by the invention;
Fig. 2 preserves document flow schematic diagram in document security non-proliferation method provided by the invention.
Embodiment
Describe the present invention in detail below in conjunction with accompanying drawing, it illustrates principle of the present invention as the part of this instructions by embodiment.
As shown in Figure 1, 2, a kind of document security non-proliferation method, wherein, described method is, can use network characterization decryption technology and use network characterization encryption technology when file is preserved, thus ensure the safety of file when opening and use when File Open.
The present invention comprises following two parts:
The workflow of described method is as follows:
One, when File Open, basic flow process is as follows: open file; Send request to server; Reception server return data; Network parameter declassified document; Network neighbor's MAC Address group contrasts; Contrast preset condition to open, report to the police or close file; Start fence operation; Normal use file.
Two, when file is preserved, basic flow process is as follows: send request to server; Reception server return data; Network neighbor's MAC Address group contrasts; Contrast preset condition; Network parameter encrypt file, warning or do not allow preserve file; Normal preservation operation; Start and send out dispersion operation.
The invention provides a kind of document security non-proliferation method, carry out the request of network characterization parameter when document is opened, declassified document and compare degree of confidence by network neighbor's MAC Address group; The document non-proliferation technology that this method comprises simultaneously can when document storing by the request of network characterization parameter value and the contrast of network neighbor's MAC Address group; and by contrasting with preset confidence level or untrusted degree; standard compliant use network parameter is carried out normal encrypting storing to document; once necessary safeguard procedures will be taked to it lower than standard; thus effectively protect the core document of enterprises, prevent illegal diffusion.
Above disclosedly be only the preferred embodiments of the present invention, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the present patent application the scope of the claims is done, still belong to the scope that the present invention is contained.
Claims (8)
1. a method for document security non-proliferation, described method is, is encrypted needing the document protected in LAN (Local Area Network), and registration entries on the server.
2. can use network characterization decryption technology when File Open and network characterization encryption technology can be used when file is preserved, thus ensureing the safety of file when opening and use.
3. network characterization decryption technology described in be open file before, local machine sends the request of LAN (Local Area Network) characteristic and by the characteristic obtained to file decryption and comparing cell consistance to server.
4. particularly, described network characterization comprises gateway address, start address, netmask, the gateway MAC address of LAN (Local Area Network), will gather network neighbor's MAC Address group in addition.
5. wherein network neighbor's MAC Address group for verifying network environment consistance.
6. network characterization encryption technology described in is used for checking place People Near Me environment when file is preserved, and guarantees, in the network environment of server license, then to utilize networking character value to file encryption.
7., when encrypt file, first making network neighbor's MAC Address group be attached to tail of file, then use gateway address, start address, netmask, the encryption key that gateway MAC address combines is encrypted file.
8. further, system can customize network environment comparing result confidence level or untrusted degree, and by the result received and preset credible acceptance or non-ly can acceptance can to contrast, different safeguard procedures are taked according to comparing result, described system comparison process is suitable for pattern and is divided into two kinds, be respectively credible acceptance and unacceptable degree, adopt wherein a kind of pattern.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410561093.5A CN104318172A (en) | 2014-10-21 | 2014-10-21 | File nonproliferation technology based on local area network personalized features |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410561093.5A CN104318172A (en) | 2014-10-21 | 2014-10-21 | File nonproliferation technology based on local area network personalized features |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104318172A true CN104318172A (en) | 2015-01-28 |
Family
ID=52373403
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410561093.5A Pending CN104318172A (en) | 2014-10-21 | 2014-10-21 | File nonproliferation technology based on local area network personalized features |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104318172A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104318173A (en) * | 2014-10-27 | 2015-01-28 | 合肥星服信息科技有限责任公司 | File non-proliferation technique based on local area network cross-validation |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101364984A (en) * | 2008-08-13 | 2009-02-11 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
US20130326614A1 (en) * | 2012-06-01 | 2013-12-05 | Research In Motion Limited | System and method for controlling access to secure resources |
CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
CN103679050A (en) * | 2013-12-31 | 2014-03-26 | 中国电子科技集团公司第三研究所 | Security management method for enterprise-level electronic documents |
-
2014
- 2014-10-21 CN CN201410561093.5A patent/CN104318172A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101364984A (en) * | 2008-08-13 | 2009-02-11 | 西安鼎蓝通信技术有限公司 | Method for guarantee safety of electronic file |
CN102624699A (en) * | 2012-01-19 | 2012-08-01 | 歌尔声学股份有限公司 | Method and system for protecting data |
US20130326614A1 (en) * | 2012-06-01 | 2013-12-05 | Research In Motion Limited | System and method for controlling access to secure resources |
CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
CN103679050A (en) * | 2013-12-31 | 2014-03-26 | 中国电子科技集团公司第三研究所 | Security management method for enterprise-level electronic documents |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104318173A (en) * | 2014-10-27 | 2015-01-28 | 合肥星服信息科技有限责任公司 | File non-proliferation technique based on local area network cross-validation |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101079882B (en) | Posture-based data protection | |
CN110049021A (en) | Data of information system safety protecting method and system | |
US20160301671A1 (en) | System-on-chip data security appliance and methods of operating the same | |
CN102508792B (en) | Method for realizing secure access of data in hard disk | |
CN111277539B (en) | Server Lesox virus protection system and method | |
CN107784207B (en) | Display method, device and equipment of financial APP interface and storage medium | |
CN105740725A (en) | File protection method and system | |
CN106302328A (en) | Sensitive user data processing system and method | |
CN103619014B (en) | The method and system for preventing application data from revealing | |
CA2842741C (en) | Password audit system | |
CN102799539A (en) | Safe USB flash disk and data active protection method thereof | |
CN106169035A (en) | A kind of high-security mobile storage system and method | |
CN107563221A (en) | A kind of certification decoding security management system for encrypting database | |
CN111046405B (en) | Data processing method, device, equipment and storage medium | |
CN106982204A (en) | Credible and secure platform | |
CN103902922B (en) | A kind of method and system for preventing file from stealing | |
CN104376270A (en) | File protection method and system | |
KR20150073567A (en) | The Method for Transmitting and Receiving the Secure Message Using the Terminal Including Secure Storage | |
CN104318172A (en) | File nonproliferation technology based on local area network personalized features | |
US9122504B2 (en) | Apparatus and method for encryption in virtualized environment using auxiliary medium | |
Sharma et al. | Smartphone security and forensic analysis | |
Wang et al. | MobileGuardian: A security policy enforcement framework for mobile devices | |
US9043943B1 (en) | Self-destructing content | |
CN103546472B (en) | A kind of method and apparatus of the false proof protection of operation system | |
Egerton et al. | Applying zero trust security principles to defence mechanisms against data exfiltration attacks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150128 |
|
WD01 | Invention patent application deemed withdrawn after publication |