CN104796394B - File non-proliferation technology based on LAN safety area - Google Patents

File non-proliferation technology based on LAN safety area Download PDF

Info

Publication number
CN104796394B
CN104796394B CN201410245067.1A CN201410245067A CN104796394B CN 104796394 B CN104796394 B CN 104796394B CN 201410245067 A CN201410245067 A CN 201410245067A CN 104796394 B CN104796394 B CN 104796394B
Authority
CN
China
Prior art keywords
file
safety
place
key
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410245067.1A
Other languages
Chinese (zh)
Other versions
CN104796394A (en
Inventor
姜华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Dashu Xinke Technology Co ltd
Original Assignee
Qianhai Shenzhen Nationwide Financial Services Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qianhai Shenzhen Nationwide Financial Services Inc filed Critical Qianhai Shenzhen Nationwide Financial Services Inc
Priority to CN201410245067.1A priority Critical patent/CN104796394B/en
Publication of CN104796394A publication Critical patent/CN104796394A/en
Application granted granted Critical
Publication of CN104796394B publication Critical patent/CN104796394B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

File non-proliferation technology based on LAN safety area.The present invention provides a kind of document security non-proliferation method, and before file is opened, local machine is asked to server transmission key data and uses the key data obtained to file decryption;File encryption is preserved the key data for asking and using to obtain to server transmission key data when file preserves and transmits or encrypted transmission, failing to monitored by place of safety, client can not obtain key, necessary safeguard procedures are taken it, so as to effectively prevent the illegal copies of file and be transferred to the place of unauthorized.

Description

File non-proliferation technology based on LAN safety area
Technical field
The invention belongs to computer information safety technique field, more particularly to a kind of document security non-proliferation method.
Background technology
Today's society, informationization have development at full speed in all trades and professions.For enterprises and institutions, electronic document The lifeblood of company is turned into.At this stage, enterprises and institutions generally comprise following for the safeguard procedures of these electronic documents These technologies:1) redundancy technique is used, based on file server or the backup of memory of specialty, file is collected;2) Using local cipher technology, in-company file is encrypted locally, prevents unwarranted propagation;3) authority is used Control technology, the intentionally or accidentally operation to file of unauthorized user is prevented, causes the destruction of file.These three typical cases above Technology, can protect file to a certain extent, prevent it is illegal propagate, but network manager, be responsible for backup or authority pipe The personnel of reason in itself but outside strick precaution, while file Yi Dan open just it is complete out of control, arbitrarily can be replicated and be transmitted.
The content of the invention
A kind of method of document security non-proliferation, methods described are to set closed security zone under given network environment, safety Document can only operate in closed security zone;Depart from the closed security zone, can not open and preserve and transmit using any instrument.In file During opening can area's decryption technology safe to use and file preserve and transmit when can zone encryption technology safe to use, so as to ensure text Safety of the part in opening and use.
The place of safety decryption technology is before opening file, and local machine sends key request, server to server Place of safety inspection rule inspection security is called, and assay is returned into client.
Specifically, after the place of safety decryption refers to the browsing file request that server receives client, file is checked The place of safety of setting.When online user number reaches that system is minimum to be required in place of safety, that is, think that this time request is legal, then return Key is decrypted can and used to client, client acquisition key-pair file.
The place of safety encryption technology refers to when file preserves to server requests key, obtains after key to entering to file Row encrypting storing or transmission operation.
Specifically, the place of safety encryption technology refers to that local machine sends key request to server, and server receives After request, the place of safety that file is set is checked.When online user number reaches that system is minimum to be required in place of safety, that is, think that this time please Ask legal, and after key is obtained, forward it to local machine, local machine file is encrypted preservation after obtaining key Or transmission operation.
Further, when opening or preserving and transmit file, the online user number of place of safety is less than system minimum and required, Server can be refused this time to ask, and can prompt that " place of safety fails to monitor minimum number of users, please joins with keeper in local machine System!”.
The present invention provides a kind of method of document non-proliferation, the method ensure that there is enough users to exist in place of safety simultaneously Line could be browsed and operated to encrypted document, be otherwise accordingly to be regarded as illegally stealing and illegally propagated.When document is opened Place of safety decryption technology is carried out, prevents unwarranted reading and browsing;Simultaneously this method include place of safety encryption technology can be It is encrypted when document storing and transmission by the key-pair file asked from server, so as to effectively protect enterprises The safety of core document, the illegal copies of file are effectively prevented and have been transferred to the place of unauthorized.
Brief description of the drawings
Fig. 1 is that document flow schematic diagram is opened in document security non-proliferation method provided by the invention;
Fig. 2 is to preserve and transmit document flow schematic diagram in document security non-proliferation method provided by the invention.
Embodiment
The invention will now be described in detail with reference to the accompanying drawings, its as part of this specification, illustrates this by embodiment The principle of invention.
As shown in Figure 1, 2, a kind of document security non-proliferation method, wherein, methods described is that can be used in File Open Place of safety decryption technology and file preserve and transmit when can zone encryption technology safe to use, so as to ensure that file is being opened and made The safety of used time.
The workflow of methods described is as follows:
First, in File Open, basic flow is as follows:Open file;Send and ask to server;Whois lookup text Shelves place of safety is set;To place of safety, user is sent in line justification;When meeting minimum number of users, key is sent to client;Client End decryption file;Open, alarm or close file;Start fence operation;Normal use file.
2nd, when file preserves and transmits, basic flow is as follows:Send and ask to server;Whois lookup document Place of safety is set;To place of safety, user is sent in line justification;When meeting minimum number of users, key is sent to client;Client Key encryption file, alarm do not allow to preserve and transmit file;It is normal to preserve and transmit operation;Start non-proliferation operation.
The present invention provides a kind of document security non-proliferation method, and before file is opened, local machine is sent to server Key data is asked and uses the key data obtained to file decryption;When file preserves and transmits cipher key number is sent to server According to request and with the key data obtained to file encryption preservation or encrypted transmission, failing to being monitored by place of safety, client End can not obtain key, take it necessary safeguard procedures, so as to effectively prevent illegal copies and the transmission of file To the place of unauthorized.

Claims (1)

1. a kind of method of document security non-proliferation, closed security zone is set under given network environment, security document can only protected Operated in close area, depart from the closed security zone, can not opened and preserve and transmit using any instrument;It can be used in File Open Place of safety decryption technology and file preserve and transmit when can zone encryption technology safe to use, so as to ensure that file is being opened and made The safety of used time, it is characterised in that:The place of safety decryption technology is before opening file, and local machine sends close to server Key is asked, and server calls place of safety inspection rule user into place of safety is sent in line justification, only when online in place of safety Number of users reaches the minimum requirement of system, that is, thinks that this time request is legal, then " return " key" returns to client and by assay Return to client;The place of safety encryption technology refers to when file preserves to server requests key, server calls place of safety Inspection rule user into place of safety is sent in line justification, only when in place of safety online user number reach that system is minimum to be required, Think that this time request is legal, and file is encrypted after key is obtained preservation or transmission operation.
CN201410245067.1A 2014-06-05 2014-06-05 File non-proliferation technology based on LAN safety area Active CN104796394B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410245067.1A CN104796394B (en) 2014-06-05 2014-06-05 File non-proliferation technology based on LAN safety area

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410245067.1A CN104796394B (en) 2014-06-05 2014-06-05 File non-proliferation technology based on LAN safety area

Publications (2)

Publication Number Publication Date
CN104796394A CN104796394A (en) 2015-07-22
CN104796394B true CN104796394B (en) 2018-02-27

Family

ID=53560907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410245067.1A Active CN104796394B (en) 2014-06-05 2014-06-05 File non-proliferation technology based on LAN safety area

Country Status (1)

Country Link
CN (1) CN104796394B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101150713A (en) * 2006-09-21 2008-03-26 中国科学技术大学 VoD system and method for realizing VoD based on system
CN101290642A (en) * 2007-04-16 2008-10-22 瞬联软件科技(北京)有限公司 Electronic file transmission control method and its system based on area limit
CN101512490A (en) * 2006-01-17 2009-08-19 基达罗(以色列)有限公司 Securing data in a networked environment
CN201403103Y (en) * 2009-04-16 2010-02-10 厦门柏事特信息科技有限公司 Network fixation safety management system
CN102624699A (en) * 2012-01-19 2012-08-01 歌尔声学股份有限公司 Method and system for protecting data

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4478547B2 (en) * 2004-10-28 2010-06-09 キヤノン株式会社 Network system, control method therefor, and program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101512490A (en) * 2006-01-17 2009-08-19 基达罗(以色列)有限公司 Securing data in a networked environment
CN101150713A (en) * 2006-09-21 2008-03-26 中国科学技术大学 VoD system and method for realizing VoD based on system
CN101290642A (en) * 2007-04-16 2008-10-22 瞬联软件科技(北京)有限公司 Electronic file transmission control method and its system based on area limit
CN201403103Y (en) * 2009-04-16 2010-02-10 厦门柏事特信息科技有限公司 Network fixation safety management system
CN102624699A (en) * 2012-01-19 2012-08-01 歌尔声学股份有限公司 Method and system for protecting data

Also Published As

Publication number Publication date
CN104796394A (en) 2015-07-22

Similar Documents

Publication Publication Date Title
KR101522445B1 (en) Client computer for protecting confidential file, server computer therefor, method therefor, and computer program
CN104239820B (en) A kind of safety storage apparatus
CN105740725B (en) A kind of document protection method and system
CN101923678A (en) Data security protection method of enterprise management software
Nguyen et al. Cloud-based secure logger for medical devices
CN103763313A (en) File protection method and system
CN102299920A (en) Electronic document safety management system
CN107563221A (en) A kind of certification decoding security management system for encrypting database
CN104636675A (en) System and method for providing safety protection for database
JP5334739B2 (en) Log monitoring program, log monitoring system
Morovati et al. A network based document management model to prevent data extrusion
US10726104B2 (en) Secure document management
US8886958B2 (en) Systems and methods for digital evidence preservation, privacy, and recovery
CN104796394B (en) File non-proliferation technology based on LAN safety area
TWI381285B (en) Rights management system for electronic files
US20240070303A1 (en) File Encapsulation Validation
CN110933042B (en) Data security messenger method and system suitable for alliance chain
JP6385462B2 (en) System and method for monitoring encrypted data and blocking mass decryption
US11250150B2 (en) File synchronization and centralization system, and file synchronization and centralization method
Takemori et al. In-vehicle network security using secure element
Ko et al. Trends in Mobile Ransomware and Incident Response from a Digital Forensics Perspective
CN104318173B (en) File non-proliferation technology based on LAN cross validation
JP2005227866A (en) Operation management apparatus, operation content judgment method, operation managing program, operation management system, and client terminal
CN104318172A (en) File nonproliferation technology based on local area network personalized features
KR20100119125A (en) Security system of collaboration draft design

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
EXSB Decision made by sipo to initiate substantive examination
SE01 Entry into force of request for substantive examination
CB03 Change of inventor or designer information
CB03 Change of inventor or designer information

Inventor after: Jiang Hua

Inventor before: Hu Ping

TA01 Transfer of patent application right
TA01 Transfer of patent application right

Effective date of registration: 20180125

Address after: 518100 Guangdong city of Shenzhen province Qianhai Shenzhen Hong Kong cooperation zone before Bay Road No. 1 building 201 room A (located in Shenzhen Qianhai business secretary Co. Ltd.)

Applicant after: SHENZHEN QIANHAI DASHU FINANCE SERVICE Co.,Ltd.

Address before: Tai Sheng Plaza No. 58 Luzhou Avenue in Baohe District of Hefei city in Anhui province 230051 Building 2 building room 1118

Applicant before: HEFEI XINGFU INFORMATION TECHNOLOGY Co.,Ltd.

GR01 Patent grant
GR01 Patent grant
CP01 Change in the name or title of a patent holder
CP01 Change in the name or title of a patent holder

Address after: 518100 Room 201, Building A, No. 1 Qianwan Road, Qianhai Shenzhen-Hong Kong Cooperation Zone, Shenzhen, Guangdong Province

Patentee after: Shenzhen Dashu Xinke Technology Co.,Ltd.

Address before: 518100 Room 201, Building A, No. 1 Qianwan Road, Qianhai Shenzhen-Hong Kong Cooperation Zone, Shenzhen, Guangdong Province

Patentee before: SHENZHEN QIANHAI DASHU FINANCE SERVICE Co.,Ltd.