CN104318172A - File nonproliferation technology based on local area network personalized features - Google Patents

File nonproliferation technology based on local area network personalized features Download PDF

Info

Publication number
CN104318172A
CN104318172A CN201410561093.5A CN201410561093A CN104318172A CN 104318172 A CN104318172 A CN 104318172A CN 201410561093 A CN201410561093 A CN 201410561093A CN 104318172 A CN104318172 A CN 104318172A
Authority
CN
China
Prior art keywords
file
network
local area
mac address
area network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410561093.5A
Other languages
Chinese (zh)
Inventor
胡平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
HEFEI XINGFU INFORMATION TECHNOLOGY Co Ltd
Original Assignee
HEFEI XINGFU INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by HEFEI XINGFU INFORMATION TECHNOLOGY Co Ltd filed Critical HEFEI XINGFU INFORMATION TECHNOLOGY Co Ltd
Priority to CN201410561093.5A priority Critical patent/CN104318172A/en
Publication of CN104318172A publication Critical patent/CN104318172A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6263Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Medical Informatics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file nonproliferation technology based on local area network personalized features. The method includes before unfolding a file, allowing a local machine to transmit a local area network feature data request to a server, and decoding the file through the acquired feature data and comparing the network consistences; detecting the network neighbor environment when the file is stored, guaranteeing the server in the approved network environment, coding the file through the network feature values, comparing the trust and distrust with the preset trust and distrust, and implementing necessary protective measures when the trust and distrust cannot meet the standard. Thus, the file is effectively prevented from being copied and transmitted to unauthorized places illegally.

Description

Based on the file non-proliferation technology of LAN (Local Area Network) individualized feature
Technical field
The invention belongs to computer information safety technique field, particularly relate to a kind of document security non-proliferation method.
Background technology
Along with the fast development of computer technology, infotech is maked rapid progress, and information-based had development at full speed in all trades and professions.For enterprises and institutions, electronic document has become the lifeblood of company.At this stage, enterprises and institutions generally comprise these technology following for the safeguard procedures of these electronic documents: 1) adopt redundancy technique, based on the backup of memory of file server or specialty, are collected by file; 2) adopt local cipher technology, in-company file is encrypted in this locality, prevents unwarranted propagation; 3) adopt control of authority technology, prevent having a mind to or being not intended to the operation to file of unauthorized user, cause the destruction of file.These three kinds of typical technology above; can protected file to a certain extent, stop illicit distributions, but network manager, the personnel itself of backup or rights management that are responsible for are but outside strick precaution; file is just completely out of control once open simultaneously, can be copied arbitrarily and transmit.
Summary of the invention
A method for document security non-proliferation, wherein, described method is, is encrypted needing the document protected in LAN (Local Area Network), and registration entries on the server.Network characterization decryption technology can be used when File Open and network characterization encryption technology can be used when file is preserved, thus ensureing the safety of file when opening and use.
Described network characterization decryption technology be open file before, local machine sends the request of LAN (Local Area Network) characteristic and by the characteristic obtained to file decryption and comparing cell consistance to server.
Particularly, described network characterization comprises gateway address, start address, netmask, the gateway MAC address of LAN (Local Area Network), will gather network neighbor's MAC Address group in addition.Wherein network neighbor's MAC Address group is for verifying network environment consistance.
Described network characterization encryption technology is used for checking place People Near Me environment when file is preserved, and guarantees, in the network environment of server license, then to utilize networking character value to file encryption.
Particularly, described network characterization comprises interior gateway address, start address, the netmask of LAN (Local Area Network), gateway MAC address.When encrypt file, first making network neighbor's MAC Address group be attached to tail of file, then use gateway address, start address, netmask, the encryption key that gateway MAC address combines is encrypted file.
Further, system can customize network environment comparing result confidence level or untrusted degree, and by the result received and preset credible acceptance or non-ly can acceptance can to contrast, different safeguard procedures are taked according to comparing result, described system comparison process is suitable for pattern and is divided into two kinds, be respectively credible acceptance and unacceptable degree, adopt wherein a kind of pattern.
Particularly, the standard of described credible acceptance is that the MAC Address group of network neighbor's MAC Address group and the tail of file received contrasts confidence level target and acquires a certain degree and namely think credible, gives user corresponding authority; Namely unacceptable value is thought, by prompting or automatically forbid that user uses or operate associated documents or program outside confidence level.
Particularly, the standard of described unacceptable degree is that the MAC Address group of network neighbor's MAC Address group and the tail of file received contrasts and reliability index can not acquire a certain degree and just think insincere, now by prompting or automatically forbid that user uses or operate associated documents or program, and namely think for acceptable value outside untrusted region, give user-dependent authority.
The invention provides a kind of method of document non-proliferation, carry out network characterization decryption technology when document is opened, prevent unwarranted reading and browsing; The network characterization encryption technology that this method comprises simultaneously can be compared the network neighbor's MAC Address group from server request when document storing with the MAC Address group of the tail of file prestored; and by contrasting with preset confidence level or untrusted degree; once necessary safeguard procedures will be taked to it lower than standard; thus effectively protect the safety of the core document of enterprises, effectively stop the illegal copies of file and be transferred to undelegated place.
Accompanying drawing explanation
Fig. 1 is the schematic flow sheet that opens file in document security non-proliferation method provided by the invention;
Fig. 2 preserves document flow schematic diagram in document security non-proliferation method provided by the invention.
Embodiment
Describe the present invention in detail below in conjunction with accompanying drawing, it illustrates principle of the present invention as the part of this instructions by embodiment.
As shown in Figure 1, 2, a kind of document security non-proliferation method, wherein, described method is, can use network characterization decryption technology and use network characterization encryption technology when file is preserved, thus ensure the safety of file when opening and use when File Open.
 
The present invention comprises following two parts:
The workflow of described method is as follows:
One, when File Open, basic flow process is as follows: open file; Send request to server; Reception server return data; Network parameter declassified document; Network neighbor's MAC Address group contrasts; Contrast preset condition to open, report to the police or close file; Start fence operation; Normal use file.
Two, when file is preserved, basic flow process is as follows: send request to server; Reception server return data; Network neighbor's MAC Address group contrasts; Contrast preset condition; Network parameter encrypt file, warning or do not allow preserve file; Normal preservation operation; Start and send out dispersion operation.
The invention provides a kind of document security non-proliferation method, carry out the request of network characterization parameter when document is opened, declassified document and compare degree of confidence by network neighbor's MAC Address group; The document non-proliferation technology that this method comprises simultaneously can when document storing by the request of network characterization parameter value and the contrast of network neighbor's MAC Address group; and by contrasting with preset confidence level or untrusted degree; standard compliant use network parameter is carried out normal encrypting storing to document; once necessary safeguard procedures will be taked to it lower than standard; thus effectively protect the core document of enterprises, prevent illegal diffusion.
Above disclosedly be only the preferred embodiments of the present invention, certainly can not limit the interest field of the present invention with this, therefore according to the equivalent variations that the present patent application the scope of the claims is done, still belong to the scope that the present invention is contained.

Claims (8)

1. a method for document security non-proliferation, described method is, is encrypted needing the document protected in LAN (Local Area Network), and registration entries on the server.
2. can use network characterization decryption technology when File Open and network characterization encryption technology can be used when file is preserved, thus ensureing the safety of file when opening and use.
3. network characterization decryption technology described in be open file before, local machine sends the request of LAN (Local Area Network) characteristic and by the characteristic obtained to file decryption and comparing cell consistance to server.
4. particularly, described network characterization comprises gateway address, start address, netmask, the gateway MAC address of LAN (Local Area Network), will gather network neighbor's MAC Address group in addition.
5. wherein network neighbor's MAC Address group for verifying network environment consistance.
6. network characterization encryption technology described in is used for checking place People Near Me environment when file is preserved, and guarantees, in the network environment of server license, then to utilize networking character value to file encryption.
7., when encrypt file, first making network neighbor's MAC Address group be attached to tail of file, then use gateway address, start address, netmask, the encryption key that gateway MAC address combines is encrypted file.
8. further, system can customize network environment comparing result confidence level or untrusted degree, and by the result received and preset credible acceptance or non-ly can acceptance can to contrast, different safeguard procedures are taked according to comparing result, described system comparison process is suitable for pattern and is divided into two kinds, be respectively credible acceptance and unacceptable degree, adopt wherein a kind of pattern.
CN201410561093.5A 2014-10-21 2014-10-21 File nonproliferation technology based on local area network personalized features Pending CN104318172A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410561093.5A CN104318172A (en) 2014-10-21 2014-10-21 File nonproliferation technology based on local area network personalized features

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410561093.5A CN104318172A (en) 2014-10-21 2014-10-21 File nonproliferation technology based on local area network personalized features

Publications (1)

Publication Number Publication Date
CN104318172A true CN104318172A (en) 2015-01-28

Family

ID=52373403

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410561093.5A Pending CN104318172A (en) 2014-10-21 2014-10-21 File nonproliferation technology based on local area network personalized features

Country Status (1)

Country Link
CN (1) CN104318172A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318173A (en) * 2014-10-27 2015-01-28 合肥星服信息科技有限责任公司 File non-proliferation technique based on local area network cross-validation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101364984A (en) * 2008-08-13 2009-02-11 西安鼎蓝通信技术有限公司 Method for guarantee safety of electronic file
CN102624699A (en) * 2012-01-19 2012-08-01 歌尔声学股份有限公司 Method and system for protecting data
US20130326614A1 (en) * 2012-06-01 2013-12-05 Research In Motion Limited System and method for controlling access to secure resources
CN103530570A (en) * 2013-09-24 2014-01-22 国家电网公司 Electronic document safety management system and method
CN103679050A (en) * 2013-12-31 2014-03-26 中国电子科技集团公司第三研究所 Security management method for enterprise-level electronic documents

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101364984A (en) * 2008-08-13 2009-02-11 西安鼎蓝通信技术有限公司 Method for guarantee safety of electronic file
CN102624699A (en) * 2012-01-19 2012-08-01 歌尔声学股份有限公司 Method and system for protecting data
US20130326614A1 (en) * 2012-06-01 2013-12-05 Research In Motion Limited System and method for controlling access to secure resources
CN103530570A (en) * 2013-09-24 2014-01-22 国家电网公司 Electronic document safety management system and method
CN103679050A (en) * 2013-12-31 2014-03-26 中国电子科技集团公司第三研究所 Security management method for enterprise-level electronic documents

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104318173A (en) * 2014-10-27 2015-01-28 合肥星服信息科技有限责任公司 File non-proliferation technique based on local area network cross-validation

Similar Documents

Publication Publication Date Title
CN101079882B (en) Posture-based data protection
CN110049021A (en) Data of information system safety protecting method and system
US20160301671A1 (en) System-on-chip data security appliance and methods of operating the same
CN102508792B (en) Method for realizing secure access of data in hard disk
CN111277539B (en) Server Lesox virus protection system and method
CN107784207B (en) Display method, device and equipment of financial APP interface and storage medium
CN105740725A (en) File protection method and system
CN106302328A (en) Sensitive user data processing system and method
CN103619014B (en) The method and system for preventing application data from revealing
CA2842741C (en) Password audit system
CN102799539A (en) Safe USB flash disk and data active protection method thereof
CN106169035A (en) A kind of high-security mobile storage system and method
CN107563221A (en) A kind of certification decoding security management system for encrypting database
CN111046405B (en) Data processing method, device, equipment and storage medium
CN106982204A (en) Credible and secure platform
CN103902922B (en) A kind of method and system for preventing file from stealing
CN104376270A (en) File protection method and system
KR20150073567A (en) The Method for Transmitting and Receiving the Secure Message Using the Terminal Including Secure Storage
CN104318172A (en) File nonproliferation technology based on local area network personalized features
US9122504B2 (en) Apparatus and method for encryption in virtualized environment using auxiliary medium
Sharma et al. Smartphone security and forensic analysis
Wang et al. MobileGuardian: A security policy enforcement framework for mobile devices
US9043943B1 (en) Self-destructing content
CN103546472B (en) A kind of method and apparatus of the false proof protection of operation system
Egerton et al. Applying zero trust security principles to defence mechanisms against data exfiltration attacks

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150128

WD01 Invention patent application deemed withdrawn after publication