CN106790160A - Security level identification and method of calibration and device - Google Patents

Abstract

The present invention proposes a kind of security level identification and method of calibration and device.Wherein, methods described includes：Send terminal and selected file is sent to client, after client receives the file, the close state of mark of the file is inquired about by server；When the file does not mark close, mark is completed by file described in surely close terminal-pair close；When the file has marked close, the file level of confidentiality of the file is obtained by server, and the file is verified according to the file level of confidentiality.Technical scheme can enter that rower is close to not marking ciphertext part, while verification management and control user can be carried out to having marked the access rights of ciphertext part to having marked ciphertext part, so as to improve the frequent present situation of the leakage of a state or party secret.

Description

Security level identification and method of calibration and device

Technical field

The present invention relates to field of information security technology, in particular to a kind of security level identification and method of calibration and device.

Background technology

With computer and the high speed development of Internet technology, electronic government affairs system and office automation are popularized, made Obtain heap file to be circulated in concerning security matters system in the form of electronic document, file security level identification problem is produced therewith.In party and government, army Work and enterprises and institutions etc. are related in the unit of state secret and business secret, although strengthened to the control of the approach of divulging a secret and let out The postaudit of penetralia part, still can not completely prevent the generation of the leakage of a state or party secret.Only managed by establishing and improve classified information Personnel and classified information are strictly carried out differentiated control and control of authority by system, could effectively prevent the generation of the leakage of a state or party secret.

Now widely used security level identification technology has：Digital watermark technology, Electronic Signature technology, file cascade protection skill Art etc..Although existing security level identification technology is a lot, all there are problems that, e.g., digital watermark technology is needed to the capacity of watermark Ask very big.Therefore it provides a kind of security level identification for preventing the leakage of a state or party secret from occurring and method of calibration are problem demanding prompt solutions.

The content of the invention

In view of this, the purpose of the embodiment of the present invention is to provide a kind of security level identification and method of calibration, to not marking ciphertext Part enters that rower is close, verification is carried out so as to management and control user is to having marked the access rights of ciphertext part to having marked ciphertext part, to improve at present The frequent present situation of the leakage of a state or party secret.

First preferred embodiment of the invention provides a kind of security level identification and method of calibration, and methods described is applied to level of confidentiality mark Know and check system, the system includes being in communication with each other the transmission terminal of connection, client, fixed close terminal and server, institute The method of stating includes：

The selection operation that terminal response is sent to file, and give the client by the file for selecting；

The close state of mark that the client passes through file described in the server lookup；

When the file does not mark close, it is close that the client enters rower by file described in surely close terminal-pair；

When the file has marked close, the client obtains the file level of confidentiality of the file by the server, and The file is verified according to the file level of confidentiality.

Second preferred embodiment of the invention provides a kind of security level identification and method of calibration, is applied to and sends terminal, clothes Business device and the client of fixed close terminal communication connection, methods described include：

The file for sending terminal response to transmission after the selection operation of file is received, and to the mark of the file Close state is inquired about；

When the file does not mark close, rower is entered by file described in surely close terminal-pair close；

When the file has marked close, the file level of confidentiality of the file is obtained by the server, and according to the text Part level of confidentiality is verified to the file.

Third embodiment of the invention additionally provides a kind of security level identification and calibration equipment, the security level identification and calibration equipment Above-mentioned security level identification and method of calibration are applied to, the security level identification includes with calibration equipment：

Enquiry module is received, for receiving the text sent after selection operation of the transmission terminal response to file Part, and the close state of mark to the file inquires about；

Close module is marked, for when the file does not mark close, entering rower by file described in surely close terminal-pair close；

Correction verification module, for when the file has marked close, the file level of confidentiality of the file being obtained by the server, And the file is verified according to the file level of confidentiality.

In terms of existing technologies, the invention has the advantages that：

Send terminal and selected file is sent to client, after client receives the file, by server pair The close state of mark of the file is inquired about；When the file does not mark close, mark is completed by file described in surely close terminal-pair close； When the file has marked close, the file level of confidentiality of the file is obtained by server, and according to the file level of confidentiality to described File is verified.Technical scheme can to enter rower close to not marking ciphertext part, while can enter to having marked ciphertext part Row verification is so that thus user improves the current leakage of a state or party secret frequent to having marked the access rights of ciphertext part by management and control Present situation.

Brief description of the drawings

Technical scheme in order to illustrate more clearly the embodiments of the present invention, below will be attached to what is used needed for embodiment Figure is briefly described, it will be appreciated that the following drawings illustrate only certain embodiments of the present invention, thus be not construed as it is right The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this A little accompanying drawings obtain other related accompanying drawings.

Fig. 1 is the block diagram of security level identification provided in an embodiment of the present invention and check system.

Fig. 2 is the block diagram of client shown in Fig. 1.

Fig. 3 is the block diagram that terminal is sent shown in Fig. 1.

Fig. 4 is the block diagram of fixed close terminal shown in Fig. 1.

Fig. 5 is the block diagram of server shown in Fig. 1.

Fig. 6 is the block diagram of fixed close terminal shown in Fig. 1.

The schematic flow sheet of the security level identification that Fig. 7 is provided for first embodiment of the invention and method of calibration.

The schematic flow sheet of the security level identification that Fig. 8 is provided for second embodiment of the invention and method of calibration.

A kind of schematic flow sheet of the sub-step that Fig. 9 includes for step S210 in Fig. 8.

Figure 10 is a kind of schematic flow sheet of the sub-step that step S220 includes in Fig. 8.

Figure 11 is another schematic flow sheet of the sub-step that step S220 includes in Fig. 8.

Figure 12 is a kind of schematic flow sheet of the sub-step that step S230 includes in Fig. 8.

Figure 13 is a kind of schematic flow sheet of the sub-step that sub-step S235 includes in Figure 12.

The block diagram of the security level identification that Figure 14 is provided for third embodiment of the invention and calibration equipment.

Icon：10- security level identifications and check system；100- clients；101- first memories；The storage controls of 102- first Device；103- first processors；104- first network modules；200- sends terminal；201- second memories；The storage controls of 202- second Device processed；203- second processing devices；The mixed-media network modules mixed-medias of 204- second；The fixed close terminals of 300-；The memories of 301- the 3rd；302- the 3rd is stored Controller；The processors of 303- the 3rd；The mixed-media network modules mixed-medias of 304- the 3rd；400- servers；The memories of 401- the 4th；402- the 4th is stored Controller；403- fourth processors；The mixed-media network modules mixed-medias of 404- the 4th；500- receiving terminals；The memories of 501- the 5th；502- the 5th is deposited Storage controller；The processors of 503- the 5th；The mixed-media network modules mixed-medias of 504- the 5th；600- security level identifications and calibration equipment；610- receives inquiry Module；620- marks close module；630- correction verification modules.

Specific embodiment

Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground description, it is clear that described embodiment is only a part of embodiment of the invention, rather than whole embodiments.Generally exist The component of the embodiment of the present invention described and illustrated in accompanying drawing can be arranged and designed with a variety of configurations herein.Cause This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below Scope, but it is merely representative of selected embodiment of the invention.Based on embodiments of the invention, those skilled in the art are not doing The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.

It should be noted that：Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined in individual accompanying drawing, then it need not be further defined and explained in subsequent accompanying drawing.Meanwhile, of the invention In description, term " first ", " second " etc. are only used for distinguishing description, and it is not intended that indicating or implying relative importance.

Fig. 1 is refer to, Fig. 1 is the block diagram of security level identification provided in an embodiment of the present invention and check system 10.Institute State security level identification includes being in communication with each other client 100, transmission terminal 200, fixed close terminal 300, the clothes being connected with check system 10 Business device 400 and receiving terminal 500.In the present embodiment, send terminal 200 and the file of selection is sent to client 100, client Hold 100 to be processed the file according to the state of the file, and be sent to server 400 and preserved.In the text When part is by verifying, receiving terminal 500 receives the file.

Wherein, the transmission terminal 200, fixed close terminal 300 and receiving terminal 500 may be, but not limited to, flat board electricity Brain, computing device etc..The fixed close terminal 300 is used to receive the fixed close knot to needing surely close file of Ding Mi mechanisms input Really.

Fig. 2 is refer to, Fig. 2 is the block diagram of the client 100 shown in Fig. 1.The client 100 includes：It is close Level mark and calibration equipment 600, first memory 101, the first storage control 102, first processor 103 and first network Module 104.

The first memory 101, the first storage control 102, first processor 103 and first network module 104 are each Directly or indirectly it is electrically connected between element, to realize the transmission or interaction of data.For example, these elements can lead to each other Cross one or more communication bus or holding wire is realized being electrically connected with.Security level identification can include at least one with calibration equipment 600 It is individual the first memory 101 can be stored in the form of software or firmware (firmware) in or be solidificated in the client Software function module in 100 operating system (operating system, OS).The first processor 103 is by operation Software program and module in first memory 101 are stored, so as to perform various function application and data processing.

Wherein, the first memory 101 may be, but not limited to, random access memory (Random Access Memory, RAM), read-only storage (Read Only Memory, ROM), programmable read only memory (Programmable Read-Only Memory, PROM), erasable read-only memory (Erasable Programmable Read-Only Memory, EPROM), electricallyerasable ROM (EEROM) (Electric Erasable Programmable Read-Only Memory, EEPROM) etc..Wherein, first memory 101 is used for storage program, and the first processor 103 is receiving execution After instruction, described program is performed.The first processor 103 and other access of possible component to first memory 101 Can be carried out under the control of first storage control 102.

The first processor 103 is probably a kind of IC chip, the disposal ability with signal.Above-mentioned first Processor 103 can be at general processor, including central processing unit (Central Processing Unit, CPU), network Reason device (Network Processor, NP) etc..Can also be digital signal processor (DSP), application specific integrated circuit (ASIC), It is field programmable gate array (FPGA) or other PLDs, discrete gate or transistor logic, discrete hard Part component.Can realize or perform disclosed each method in the embodiment of the present invention, step and logic diagram.General processor Can be microprocessor or the processor can also be any conventional processor etc..

First network module 104 is used for the communication connection set up between client 100 and external communications terminals by network, Realize the transmitting-receiving operation of network signal and data.Above-mentioned network signal may include wireless signal or wire signal.

It is appreciated that the structure shown in Fig. 2 is only to illustrate, client 100 may also include more more than shown in Fig. 2 or more Few component, or with the configuration different from shown in Fig. 2.Each component shown in Fig. 2 can use hardware, software or its group Close and realize.

Fig. 3 is refer to, Fig. 3 is the block diagram that terminal 200 is sent shown in Fig. 1.The transmission terminal 200 includes the Two memories 201, the second storage control 202, the mixed-media network modules mixed-media 204 of second processing device 203 and second.

Wherein, the second memory 201, the second storage control 202, the network mould of second processing device 203 and second First memory 101, the first storage control 102, first processor 103 and first network module in block 204 and Fig. 2 104 hardware configuration is identical, just no longer introduces one by one herein.

Fig. 4 is refer to, Fig. 4 is the block diagram of fixed close terminal 300 shown in Fig. 1.The fixed close terminal 300 includes the Three memories 301, the 3rd storage control 302, the 3rd processor 303 and the 3rd mixed-media network modules mixed-media 304.

Wherein, the 3rd memory 301, the 3rd storage control 302, the 3rd processor 303 and the 3rd network mould First memory 101, the first storage control 102, first processor 103 and first network module in block 304 and Fig. 2 104 hardware configuration is identical, just no longer introduces one by one herein.

Fig. 5 is refer to, Fig. 5 is the block diagram of server 400 shown in Fig. 1.The server 400 is deposited including the 4th Reservoir 401, the 4th storage control 402, the mixed-media network modules mixed-media 404 of fourth processor 403 and the 4th.

Wherein, the 4th memory 401, the 4th storage control 402, the network mould of fourth processor 403 and the 4th First memory 101, the first storage control 102, first processor 103 and first network module in block 404 and Fig. 2 104 hardware configuration is identical, just no longer introduces one by one herein.

Fig. 6 is refer to, Fig. 6 is the block diagram of receiving terminal 500 shown in Fig. 1.The receiving terminal 500 includes the Five memories 501, the 5th storage control 502, the 5th processor 503 and the 5th mixed-media network modules mixed-media 504.

Wherein, the 5th memory 501, the 5th storage control 502, the 5th processor 503 and the 5th network mould First memory 101, the first storage control 102, first processor 103 and first network module in block 504 and Fig. 2 104 hardware configuration is identical, just no longer introduces one by one herein.

First embodiment

Fig. 7 is refer to, Fig. 7 is the flow chart of the security level identification that first embodiment of the invention is provided and method of calibration, described Method is applied to security level identification and check system 10.Security level identification is explained in detail with the idiographic flow of method of calibration below State.

Step S110, sends the selection operation of the sound concordance file of terminal 200, and the file for selecting is sent into client End 100.

In the present embodiment, the transmission terminal 200 may include an input unit (such as mouse), it is also possible to including one Individual interactive interface, for receiving the selection operation to file.In the implementation method of the present embodiment, the interactive interface can be Touching display screen.Wherein, touching display screen, can be that the capacitance type touch control screen or resistance-type for supporting single-point and multi-point touch operation are touched Control screen etc..Support that single-point and multi-point touch operation refer to that touch control display can be sensed from one on the touch control display or many At individual position produce touch control operation, and by the touch control operation for sensing transfer to the second processing device 203 carry out treatment and Calculate.The file can be sent to client 100 by the transmission terminal 200 by second mixed-media network modules mixed-media 204.

Step S120, it is close that the client 100 judges whether the file has been marked by server 400.

In the present embodiment, after the client 100 receives the file, obtaining the state of the file (such as, is It is no to upload, download or take), and whether file is legal according to the condition adjudgement of the file.In the text During part legal (be not at uploading, download or occupied state etc.), the file for judging selection by the server 400 is It is no to have marked close, therefore ensure that security level identification information and file are one-to-one relations.

In the present embodiment, be stored with hash algorithm in the client 100, and the text is obtained by the hash algorithm The Hash digest of part.Wherein, the binary value of random length can be mapped as the two of shorter regular length and enters by hash algorithm Value processed, this binary value is referred to as cryptographic Hash, also referred to as Hash digest.Because Hash digest is a unique and extremely compact file The numerical value form of expression, it is possible to using Hash digest as the file unique mark.

In the implementation method of the present embodiment, judge whether the file has been marked by Hash digest close.The client 100 Hash digests that will be calculated are sent to the server 400, the Hash that the server 400 will be received The Hash digest for having marked ciphertext part stored with the server 400 of making a summary is compared, to judge whether the file has been marked It is close.When the Hash digest is inquired from server 400, judge that the file has been marked close；When not looked into from server 400 When asking the Hash digest, judge that the file is not marked close.

When the file does not mark close, step S130 is performed.

Step S130, it is close that the client 100 enters rower by surely close 300 pairs of files of terminal.

In the present embodiment, the file is sent to the fixed close terminal 300 by the client 100.Wherein, it is described fixed Close terminal 300 can include an input unit (such as, keyboard), the security level identification information for receiving the file.Wherein, it is close Level identification information can include mandatory-attribute and extended attribute.Mandatory-attribute can include file level of confidentiality, security deadline, know model Enclose, and extended attribute is including drafter, fixed close person liable, the life cycle of mark ciphertext part etc..It is described when in security deadline Security level identification information does not allow arbitrarily modification, when again passing by client 100 with markers ciphertext part, at former security level identification information Reason, does not allow to be changed.The security level identification information of the file is sent to the client 100 by the fixed close terminal 300.

After the client 100 receives the security level identification information, obtained according to the security level identification information and the file To the mark ciphertext part.The mark ciphertext part is sent to server 400 and is preserved by the client 100.In the service After the mark ciphertext part of device 400 pairs is preserved successfully, the information of the file is sent to the clothes with the security level identification information Business device 400 is preserved.Wherein, the information of the file refers to some own information of file and storage in the server 400 On mark etc., such as filename, size, type etc..The fileinfo and the security level identification information, mark both ciphertext parts It is retained separately so that convenient management, while ensureing that security level identification information is not arbitrarily distorted or deleted.

In the implementation method of embodiment, the server 400 can be the multiple servers being separately provided.In this implementation In a kind of implementation method of example, the server being separately provided can include file server and management server.Wherein, the pipe Reason server be used for judge the file whether marked it is close, and receive and preserve the file information and the security level identification letter Breath.The file server is used to receive the mark ciphertext part.Above-mentioned setting causes convenient management, while can be according to actual feelings Condition configures the server of different size species.

In the implementation method of the present embodiment, the server 400 can also be a server.The server 400 For judging that whether the file has been marked close, receives and preserve the information and the security level identification information of the file, and connect Receive and preserve the mark ciphertext part.Above-mentioned setting causes that management and information searching are convenient.

In the implementation method of the present embodiment, the server 400 is in the information to the file and the security level identification After information, sent to the client 100 and preserve successful information.

When the file has marked close, step S140 is performed.

Step S140, the client 100 obtains the file level of confidentiality of the file by the server 400, and according to The file level of confidentiality is verified to the file.

In the present embodiment, the security level identification information that is stored with the server 400 is counted correspondingly with document entity According to.Wherein, the security level identification information includes file level of confidentiality, security deadline.When in security deadline, the security level identification information Arbitrarily modification is not allowed, when again passing by client 100 with markers ciphertext part, by former security level identification information processing, does not allow quilt Modification.The server 400 obtains the file level of confidentiality of the file by inquiring about.

The transmission accessible file level of confidentiality of terminal 200 is also previously stored with the server 400 and receiving terminal 500 can The file level of confidentiality for the treatment of.The client 100 receives the transmission terminal 200 that the server 400 inquires about and send can be located The accessible file level of confidentiality of file level of confidentiality and receiving terminal 500 of reason.

Judge the file level of confidentiality whether higher than the transmission accessible file level of confidentiality of terminal 200.

In file level of confidentiality file level of confidentiality accessible higher than transmission terminal 200, verification failure is judged.

When the file level of confidentiality is not higher than the transmission accessible file level of confidentiality of terminal 200, judge that the file level of confidentiality is It is no higher than the accessible file level of confidentiality of receiving terminal 500.

In file level of confidentiality file level of confidentiality accessible higher than receiving terminal 500, verification failure is judged.

When the file level of confidentiality is not higher than the accessible file level of confidentiality of receiving terminal 500, judge that verification passes through.

In the implementation method of the present embodiment, when verification passes through, the receiving terminal 500 is received and accesses the client The file that end 100 sends.The receiving terminal 500 may include a display screen, for showing the file.

In an embodiment of the present embodiment, after having marked ciphertext part and having been changed, the Hash for having marked ciphertext part Summary changes, and when the Hash digest for having marked ciphertext part with storage in server 400 is mismatched, the mark that will be changed is close File is sent to surely close terminal 300, and to enter rower close.Thus ensure mark ciphertext part security level identification information not by arbitrarily distorted and The fileinfo for marking ciphertext part is not changed arbitrarily.

Second embodiment

Fig. 8 is refer to, Fig. 8 is the schematic flow sheet of the security level identification that second embodiment of the invention is provided and method of calibration. Methods described is applied to and the client 100 for sending terminal 200, fixed close terminal 300 and server 400 are communicated to connect.It is right below Security level identification is illustrated with method of calibration idiographic flow.

Step S210, receives the file sent after the selection operation for sending the sound concordance file of terminal 200, and judge institute State file whether marked it is close.

Refer to Fig. 9, a kind of schematic flow sheet of the sub-step that Fig. 9 includes for step S210 in Fig. 8.The step S210 Including sub-step S212, sub-step S214.

The sub-step S212, the Hash digest of the file is calculated by hash algorithm, and the Hash digest is sent out Give the server 400.

The sub-step S214, receives the server 400 and the Hash digest for receiving is deposited with the server 400 The Hash digest for having marked ciphertext part of storage is compared so as to obtain whether the file has marked close Query Result.

When the file does not mark close, step S220 is performed.

Step S220, enters rower close by surely close 300 pairs of files of terminal.

Refer to Figure 10, Figure 10 is a kind of schematic flow sheet of the sub-step that step S220 includes in Fig. 8.In the present embodiment In, the step S200 can include sub-step S221, sub-step S222, sub-step S223 and sub-step S224.

The sub-step S221, the fixed close terminal 300 is sent to by the file.

The sub-step S222, receives the fixed close terminal 300 in response operation close to the mark of the file, transmission The security level identification information of the file.

The sub-step S223, after the security level identification information is received, according to the security level identification information and the text Part is obtained marking ciphertext part, and the mark ciphertext part is sent into the server 400, so that the server 400 is preserved.

The sub-step S224, after 400 pairs of mark ciphertext parts of the server are preserved successfully, by the letter of the file Breath is sent to the server 400 and is preserved with the security level identification information.

Refer to Figure 11, Figure 11 is another schematic flow sheet of the sub-step that step S220 includes in Fig. 8.In this implementation In example, the step S220 can also include sub-step S225, receive the information to the file that the server 400 sends Successful message is preserved with the security level identification information.

Refer to Figure 12,12 is a kind of schematic flow sheet of the sub-step that step S230 includes in Fig. 8.In the present embodiment In, the step S230 can include sub-step S231, sub-step S232, sub-step S233 and sub-step S234.

Sub-step 231, receive the accessible file level of confidentiality of transmission terminal 200 that the server 400 obtains and send and The accessible file level of confidentiality of receiving terminal 500.

Whether sub-step S232, judge the file level of confidentiality higher than the transmission accessible file level of confidentiality of terminal 200.

In file level of confidentiality file level of confidentiality accessible higher than transmission terminal 200, sub-step S233 is performed.

Step S233, judges verification failure.

When the file level of confidentiality is not higher than the transmission accessible file level of confidentiality of terminal 200, sub-step S234 is performed.

Whether sub-step S234, judge the file level of confidentiality higher than the accessible file level of confidentiality of receiving terminal 500.

Refer to Figure 13, a kind of schematic flow sheet of the sub-step that Figure 13 includes for sub-step S234 in Figure 12.In this reality Apply in example, the sub-step S234 includes sub-step S2341 and sub-step S2342.

In file level of confidentiality file level of confidentiality accessible higher than receiving terminal 500, sub-step S2341 is performed.

Sub-step S2341, judges verification failure.

When the file level of confidentiality is not higher than the accessible file level of confidentiality of receiving terminal 500, sub-step S2342 is performed.

Sub-step S2342, judges that verification passes through.

Referring once again to Figure 13, in the implementation method of the present embodiment, the sub-step S2342 can include sub-step S23421, the receiving terminal 500 receives the file of the transmission of the client 1000.

3rd embodiment

Figure 14 is refer to, Figure 14 is that the security level identification that third embodiment of the invention is provided shows with the square frame of calibration equipment 600 It is intended to.The security level identification includes with calibration equipment 600：

Enquiry module 610 is received, for the institute sent after the selection operation for receiving the transmission sound concordance file of terminal 200 State file, and the close state of mark to the file is inquired about；

Close module 620 is marked, for when the file does not mark close, entering rower by surely close 300 pairs of files of terminal close；

Correction verification module 630, for when the file has marked close, the text of the file being obtained by the server 400 Part level of confidentiality, and the file is verified according to the file level of confidentiality.

In the present embodiment, it is described to receive the selection behaviour that enquiry module 610 receives the transmission sound concordance file of terminal 200 The file sent after work, and the mode inquired about the close state of mark of the file includes：

The Hash digest of the file is calculated by hash algorithm, and the Hash digest is sent to the server 400；

Receive the ciphertext part of mark that the server 400 stores the Hash digest for receiving with the server 400 The Hash digest file obtained from of comparing whether marked close Query Result.

In sum, a kind of security level identification and method of calibration and device be the embodiment of the invention provides.Send terminal response To the selection operation of file, and the file for selecting is sent to client.The client is by described in server lookup It is close whether file has been marked, and when the file does not mark close, the close operation of rower is entered by file described in surely close terminal-pair；In the text When part has marked close, the file level of confidentiality of the file is obtained by inquiring about server, and according to the file level of confidentiality to the file Verified.Technical scheme can to enter rower close to not marking ciphertext part, while school can be carried out to having marked ciphertext part Test with management and control user to having marked the access rights of ciphertext part, so as to improve the frequent present situation of the current leakage of a state or party secret.

In several embodiments provided herein, it should be understood that disclosed apparatus and method, it is also possible to pass through Other modes are realized.Apparatus embodiments described above are only schematical, for example, flow chart and block diagram in accompanying drawing Show the equipment of multiple embodiments of the invention, the architectural framework in the cards of method and computer program product, Function and operation.At this point, each square frame in flow chart or block diagram can represent one the one of module, program segment or code Part a, part for the module, program segment or code is used to realize holding for the logic function for specifying comprising one or more Row instruction.It should also be noted that at some as in the implementation replaced, the function of being marked in square frame can also be being different from The order marked in accompanying drawing occurs.For example, two continuous square frames can essentially be performed substantially in parallel, they are sometimes Can perform in the opposite order, this is depending on involved function.It is also noted that every in block diagram and/or flow chart The combination of the square frame in individual square frame and block diagram and/or flow chart, can use the function or the special base of action for performing regulation Realized in the system of hardware, or can be realized with the combination of computer instruction with specialized hardware.

In addition, each functional module in each embodiment of the invention can integrate to form an independent portion Divide, or modules individualism, it is also possible to which two or more modules are integrated to form an independent part.

If the function is to realize in the form of software function module and as independent production marketing or when using, can be with Storage is in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are used to so that a computer equipment (can be individual People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the invention.

It should be noted that herein, such as first and second or the like relational terms are used merely to a reality Body or operation make a distinction with another entity or operation, and not necessarily require or imply these entities or deposited between operating In any this actual relation or order.And, term " including ", "comprising" or its any other variant be intended to Nonexcludability is included, so that process, method, article or equipment including a series of key elements not only will including those Element, but also other key elements including being not expressly set out, or also include being this process, method, article or equipment Intrinsic key element.In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that Also there is other identical element in process, method, article or equipment including the key element.

The preferred embodiments of the present invention are the foregoing is only, is not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.It is all within the spirit and principles in the present invention, made any repair Change, equivalent, improvement etc., should be included within the scope of the present invention.It should be noted that：Similar label and letter exists Similar terms is represented in following accompanying drawing, therefore, once being defined in a certain Xiang Yi accompanying drawing, then it is not required in subsequent accompanying drawing It is further defined and is explained.

The above, specific embodiment only of the invention, but protection scope of the present invention is not limited thereto, and it is any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all contain Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.

The preferred embodiments of the present invention are the foregoing is only, is not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.It is all within the spirit and principles in the present invention, made any repair Change, equivalent, improvement etc., should be included within the scope of the present invention.

Claims (10)

1. a kind of security level identification and method of calibration, it is characterised in that methods described is applied to security level identification and check system, described System includes being in communication with each other the transmission terminal of connection, client, fixed close terminal and server, and methods described includes：

The selection operation that terminal response is sent to file, and the file for selecting is sent to the client；

The close state of mark that the client passes through file described in the server lookup；

When the file does not mark close, it is close that the client enters rower by file described in surely close terminal-pair；

When the file has marked close, the file level of confidentiality that the client passes through the server acquisition file, and according to The file level of confidentiality is verified to the file.

2. a kind of security level identification and method of calibration, it is characterised in that methods described is applied to and sends terminal, server and fixed close The client of terminal communication connection, methods described includes：

The file for sending terminal response to transmission after the selection operation of file is received, and to the close shape of mark of the file State is inquired about；

When the file does not mark close, rower is entered by file described in surely close terminal-pair close；

When the file has marked close, the file level of confidentiality of the file is obtained by the server, and it is close according to the file Level is verified to the file.

3. method according to claim 2, it is characterised in that what described and to the file the close state of mark was inquired about Step includes：

The Hash digest of the file is calculated by hash algorithm, and the Hash digest is sent to the server；

The server is received by the Hash digest for receiving and the Hash digest for having marked ciphertext part of the server storage Whether the file obtained from of comparing has marked close Query Result.

4. method according to claim 2, it is characterised in that described when the file does not mark close, by surely close terminal Entering the close step of rower to the file includes：

The file is sent to the fixed close terminal；

The fixed close terminal is received in response operation close to the mark of the file, the security level identification letter of the file of transmission Breath；

After the security level identification information is received, obtained marking ciphertext part according to the security level identification information and the file, and will The mark ciphertext part is sent to the server, so that the server is preserved；

After the server is preserved successfully to the mark ciphertext part, the fileinfo is sent with the security level identification information Preserved to the server.

5. method according to claim 4, it is characterised in that methods described also includes：

Receive information and the security level identification information successful message of preservation to the file that the server sends.

6. method according to claim 2, it is characterised in that the client is also communicated to connect with receiving terminal, described When the file has marked close, the file level of confidentiality of the file is obtained by the server, and according to the file level of confidentiality pair The step of file is verified includes：

Receive the accessible file level of confidentiality of transmission terminal and the accessible file of receiving terminal that the server is obtained and sent Level of confidentiality；

The file level of confidentiality is compared with the accessible file level of confidentiality of terminal is sent；

If the file level of confidentiality fails higher than the accessible file level of confidentiality of terminal, verification is sent；

If the file level of confidentiality is not higher than the transmission accessible file level of confidentiality of terminal, can by the file level of confidentiality and receiving terminal The file level of confidentiality for the treatment of is compared.

7. method according to claim 6, it is characterised in that terminal can be located if the file level of confidentiality is not higher than transmission The file level of confidentiality of reason, then include the step of the accessible file level of confidentiality of the file level of confidentiality and receiving terminal is compared：

If the file level of confidentiality is higher than the accessible file level of confidentiality of receiving terminal, inspection failure；

If the file level of confidentiality is not higher than the accessible file level of confidentiality of receiving terminal, upcheck.

8. method according to claim 6, it is characterised in that methods described also includes：

When verification passes through, the receiving terminal receives the file that the client sends.

9. a kind of security level identification and calibration equipment, it is characterised in that the security level identification is applied to claim with calibration equipment Security level identification and method of calibration in 2-8 described in any one, the security level identification include with calibration equipment：

Enquiry module is received, for receiving the file sent after selection operation of the transmission terminal response to file, and The close state of mark to the file is inquired about；

Close module is marked, for when the file does not mark close, entering rower by file described in surely close terminal-pair close；

Correction verification module, for when the file has marked close, obtaining the file level of confidentiality of the file, and root by the server The file is verified according to the file level of confidentiality.

10. device according to claim 9, it is characterised in that the reception enquiry module receives the transmission terminal and rings The file sent after the selection operation of concordance file, and the mode inquired about the close state of mark of the file includes：

The Hash digest of the file is calculated by hash algorithm, and the Hash digest is sent to the server；

The server is received by the Hash digest for receiving and the Hash digest for having marked ciphertext part of the server storage Whether the file obtained from of comparing has marked close Query Result.