CN107368747A - A kind of mobile office method, service end, client and system - Google Patents
A kind of mobile office method, service end, client and system Download PDFInfo
- Publication number
- CN107368747A CN107368747A CN201610309349.2A CN201610309349A CN107368747A CN 107368747 A CN107368747 A CN 107368747A CN 201610309349 A CN201610309349 A CN 201610309349A CN 107368747 A CN107368747 A CN 107368747A
- Authority
- CN
- China
- Prior art keywords
- file
- encryption
- mobile office
- client
- services
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000012545 processing Methods 0.000 claims abstract description 41
- 238000013475 authorization Methods 0.000 claims description 28
- 230000005540 biological transmission Effects 0.000 claims description 8
- 230000000977 initiatory effect Effects 0.000 claims description 7
- 238000012805 post-processing Methods 0.000 claims description 7
- 230000008569 process Effects 0.000 abstract description 11
- 230000005055 memory storage Effects 0.000 abstract description 4
- 238000007726 management method Methods 0.000 description 52
- 230000008859 change Effects 0.000 description 5
- 238000004891 communication Methods 0.000 description 5
- 230000006870 function Effects 0.000 description 5
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000010354 integration Effects 0.000 description 2
- 230000009466 transformation Effects 0.000 description 2
- 244000035744 Hura crepitans Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000000926 separation method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Multimedia (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
- Computer And Data Communications (AREA)
- Mobile Radio Communication Systems (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a kind of mobile office method, service end, client and system, this method includes:Service end receives mobile office file, carries out encrypted signature processing to mobile office file, generates and store encryption file, generates the access information on services of mobile office file;Client initiates file access request according to information on services is accessed to service end;Service end is called and sends encryption file corresponding to file access request;Client receives encryption file, decryption encryption file and watermarking displaying.Pass through the implementation of the present invention, in whole process, client can not directly access mobile office file, and then it can not directly obtain the mobile office file of mobile office application service end memory storage, and it is modified, so that file security greatly enhances, file security caused by solving the problems, such as existing directly acquisition mobile office file is relatively low, enhances the usage experience of user.
Description
Technical field
The present invention relates to mobile office field, more particularly to a kind of mobile office method, service end, client
End and system.
Background technology
For mobile trend most very swift and violent over the past two years, equipment vendor, software developer etc. are paying close attention to this
The change in individual market, also excavating the new chance of enterprise market application.
Many enterprises have been carried out mobile office at present, and the operation flow that some frequent routines are used moves
Change, substantially increase office efficiency.But in the prior art, mobile office applications client can be straight
The mobile office file for taking mobile office application service end memory to store up is obtained, and it is modified so that
File security substantially reduces.
In view of the above-mentioned problems, a kind of mobile office method is proposed to solve existing directly acquisition mobile office text
The problem of file security is relatively low caused by part, it is those skilled in the art's technical problem urgently to be resolved hurrily.
The content of the invention
It is existing to solve the invention provides a kind of mobile office method, service end, client and system
The problem of file security caused by directly obtaining mobile office file is relatively low.
The invention provides a kind of mobile office method, it includes:
Receive mobile office file, to mobile office file carry out encrypted signature processing, generate and store plus
Ciphertext part, the access information on services of mobile office file is generated, send and access information on services to client;
The file access request that client is initiated according to information on services is accessed is received, calls file access request
Corresponding encryption file, corresponding encryption file is sent to client.
Further, in addition to:Receive authorization policy and period generation strategy corresponding to mobile office file, power
Limit strategy includes access profile and file level of confidentiality;According to authorization policy and period generation strategy, encryption file is set
The access term of validity and/or expired post processing pattern and/or trusted application list.
Further, encrypted signature processing is carried out to mobile office file, generates and store encryption file bag
Include:The cryptographic Hash of mobile office file, call number Signcryption Algorithm are calculated using predetermined Hash algorithm
Service private key is controlled using text processing generation signing messages is carried out to predetermined Hash algorithm and cryptographic Hash, will sign
Information and the intermediate file of mobile office file composition mobile office file, call symmetric encipherment algorithm to use
The encryption secret key pair intermediate file of mobile office file is encrypted, generation encryption file.
Further, after client is received according to the file access request that information on services is initiated is accessed,
Also include:The text control service public key of client, encryption text corresponding to lookup are extracted in file access request
The encryption key of part, control service public key using text and encryption key is encrypted, after transmission encryption
Key is encrypted to client.
The invention provides a kind of mobile office method, it includes:
Receive the access information on services that simultaneously storage service end is sent;
According to access information on services to service end initiate file access request, receive service end return with visit
Ask encryption file corresponding to information on services, decryption encryption file and watermarking displaying.
Further, in addition to:The period generation strategy and authorization policy of encryption file are obtained, to encrypting file
And its Crypted password carries out storage management.
Further, before file access request is initiated to service end according to access information on services, also wrap
Include:Judge whether to be stored with and access encryption file corresponding to information on services, if so, then directly invoking.
Further, file access request carries text control service public key;Decryption, which is encrypted file and shown, to be included:
The encryption key after servicing the encryption that public key returns to service end is controlled using text processing is decrypted, obtained and add
Close key, call symmetric encipherment algorithm to be decrypted using encryption secret key pair encryption file, obtain middle text
Part, intermediate file include signing messages and mobile office file, and call number Signcryption Algorithm uses text
Control service private key carries out signature check to signing messages, and signature check is by rear, according to watermark configuration information
Watermark processing, the mobile office file after displaying processing are carried out to mobile office file.
The invention provides a kind of mobile office method, it includes:
Service end receives mobile office file, encrypted signature processing is carried out to mobile office file, generation is simultaneously
Storage encryption file, the access information on services of mobile office file is generated, sends and accesses information on services to visitor
Family end;
The access information on services that client is received and storage service end is sent, according to accessing information on services to clothes
Initiate file access request in business end;
Service end receives the file access request that client is initiated according to information on services is accessed, and calls file to visit
Encryption file corresponding to request is asked, sends corresponding encryption file to client;
Client receives the corresponding with accessing information on services of service end return and encrypts file, decryption encryption text
Part and watermarking displaying.
The invention provides a kind of service end for mobile office, it includes:
Document management module, for receiving mobile office file, encrypted signature is carried out to mobile office file
Processing, generates and stores encryption file, generates the access information on services of mobile office file, sends and accesses
Information on services is to client;
File sending module, please according to the file access for accessing information on services initiation for receiving client
Ask, call encryption file corresponding to file access request, send corresponding encryption file to client.
Further, document management module is additionally operable to receive corresponding to mobile office file authorization policy and week
Phase strategy, authorization policy include access profile and file level of confidentiality;According to authorization policy and period generation strategy, if
Put the access term of validity and/or expired post processing pattern and/or the trusted application list of encryption file.
Further, document management module is used for the Kazakhstan that mobile office file is calculated using predetermined Hash algorithm
Uncommon value, call number Signcryption Algorithm control service private key using text and predetermined Hash algorithm and cryptographic Hash are entered
Row processing generation signing messages, signing messages and mobile office file are formed to the centre of mobile office file
File, symmetric encipherment algorithm is called to be added using the encryption secret key pair intermediate file of mobile office file
It is close, generation encryption file.
Further, file sending module is additionally operable to extract the text control clothes of client in file access request
Business public key, the encryption key of corresponding encryption file is searched, service public key using text control enters to encrypting key
Row encryption, the encryption key after encryption is transmitted to client.
The invention provides a kind of client for mobile office, it includes:
Information storage module, for the access information on services received and storage service end is sent;
File read module, for according to information on services is accessed to service end initiation file access request, connecing
Receive the corresponding with accessing information on services of service end return and encrypt file, decryption encryption file and watermarking exhibition
Show.
Further, information storage module is additionally operable to obtain the period generation strategy and authorization policy of encryption file,
Storage management is carried out to encryption file and its Crypted password.
Further, file read module is additionally operable to initiating file to service end according to access information on services
Before access request, judge whether to be stored with to access and file is encrypted corresponding to information on services, if so, then straight
Connect calling.
Further, file access request carries text control service public key;File read module is used for using text
Processing is decrypted in encryption key after the encryption that control service public key returns to service end, and it is secret to obtain encryption
Key, call symmetric encipherment algorithm to be decrypted using encryption secret key pair encryption file, obtain intermediate file,
Intermediate file includes signing messages and mobile office file, and call number Signcryption Algorithm is taken using text control
Private key be engaged in signing messages progress signature check, signature check is by rear, according to watermark configuration information to moving
Dynamic office document carries out watermark processing, the mobile office file after displaying processing.
The invention provides a kind of system for mobile office, it include service end provided by the invention,
And client provided by the invention.
Beneficial effects of the present invention:
The invention provides a kind of mobile office method, service end after mobile office file is received,
Encrypted signature processing is carried out to mobile office file, generation encryption file is simultaneously stored, subsequently moved
Office document is in use, service end calls the encryption file cocurrent of the mobile office file of client request to send
To client, in whole process, client can not directly access mobile office file, and then can not
The mobile office file of mobile office application service end memory storage is directly obtained, and it is modified, is made
Obtain file security to greatly enhance, solve file security caused by existing directly acquisition mobile office file
The problem of property is relatively low, enhance the usage experience of user.
Brief description of the drawings
Fig. 1 is the structural representation for the mobile office system that first embodiment of the invention provides;
Fig. 2 is the flow chart for the mobile office method that second embodiment of the invention provides;
Fig. 3 is the structural representation for the mobile office system that third embodiment of the invention provides.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out
Clearly and completely describing, it is clear that described embodiment is part of the embodiment in the present invention, and
The embodiment being not all of.Based on the embodiment in the present invention, those of ordinary skill in the art are not doing
Go out under the premise of creative work the every other embodiment obtained, belong to the scope of protection of the invention.
Further annotation explanation is now made to the present invention by way of embodiment combination accompanying drawing.
First embodiment:
Fig. 1 is the structural representation for the mobile office system that first embodiment of the invention provides, can by Fig. 1
Know, in the present embodiment, mobile office system provided by the invention includes:
Service end 1, the door for being provided by application server receives mobile office file, to movement
Office document carries out encrypted signature processing, generates and stores encryption file, generates the visit of mobile office file
Information on services is asked, sends and accesses information on services to client 2, be additionally operable to receive client 2 according to access
The file access request that information on services is initiated, call encryption file corresponding to file access request, transmission pair
The encryption file answered is to client 2;
Client 2, for the access information on services received and storage service end 1 is sent, it is additionally operable to basis
Access information on services and initiate file access request to service end 1, receive being serviced with accessing for service end return
Encryption file corresponding to information, decryption encryption file and watermarking displaying.
Labor is carried out to service end 1 and client 2 in conjunction with Fig. 1.
Specifically, service end 1 is directed to, as shown in figure 1, in the present embodiment, clothes provided by the invention
Business end 1 includes:
Document management module 11, for receiving mobile office file, signature is carried out to mobile office file and is added
Close processing, generate and store encryption file, generate the access information on services of mobile office file, send and visit
Ask information on services to client;
File sending module 12, please according to the file access for accessing information on services initiation for receiving client
Ask, call encryption file corresponding to file access request, send corresponding encryption file to client.
In certain embodiments, the document management module 11 in above-described embodiment is additionally operable to receive mobile do
Authorization policy and period generation strategy corresponding to official document part, authorization policy include access profile and file level of confidentiality;Root
According to authorization policy and period generation strategy, set encryption file the access term of validity and/or expired post processing pattern and
/ or trusted application list.
In certain embodiments, the document management module 11 in above-described embodiment is used to use predetermined Hash
Algorithm calculates the cryptographic Hash of mobile office file, and call number Signcryption Algorithm services private key using text control
Processing generation signing messages is carried out to predetermined Hash algorithm and cryptographic Hash, by signing messages and mobile office text
Part forms the intermediate file of mobile office file, calls symmetric encipherment algorithm adding using mobile office file
Close secret key pair intermediate file is encrypted, generation encryption file.
In certain embodiments, the file sending module 12 in above-described embodiment is additionally operable in file access
The text control service public key of client is extracted in request, the encryption key of encryption file, is used corresponding to lookup
Encryption key is encrypted text control service public key, the encryption key after transmission encryption to client.
Specifically, client 2 is directed to, as shown in figure 1, in the present embodiment, visitor provided by the invention
Family end 2 includes:
Information storage module 21, for the access information on services received and storage service end is sent;
File read module 22, for initiating file access request to service end according to access information on services,
Receive the corresponding with accessing information on services of service end return and encrypt file, decryption encryption file and watermarking
Displaying.
In certain embodiments, the information storage module 21 in above-described embodiment is additionally operable to obtain encryption text
The period generation strategy and authorization policy of part, storage management is carried out to encryption file and its Crypted password.
In certain embodiments, the file read module 22 in above-described embodiment is additionally operable to according to access
Before information on services initiates file access request to service end, judge whether to be stored with access information on services pair
The encryption file answered, if so, then directly invoking.
In certain embodiments, the file access request in above-described embodiment carries text control service public key;Text
The encryption key that part read module 22 is used to control using text after servicing the encryption that public key returns to service end is entered
Row decryption processing, encryption key is obtained, call symmetric encipherment algorithm to enter using encryption secret key pair encryption file
Row decryption, obtains intermediate file, and intermediate file includes signing messages and mobile office file, call number
Signcryption Algorithm services private key using text control and carries out signature check to signing messages, and signature check passes through
Afterwards, watermark processing is carried out to mobile office file according to watermark configuration information, the movement after displaying processing is done
Official document part.
Second embodiment:
Fig. 2 is the flow chart for the mobile office implementation method that second embodiment of the invention provides, can by Fig. 2
Know, in the present embodiment, mobile office implementation method provided by the invention comprises the following steps:
S201:Service end receives mobile office file, and encrypted signature processing is carried out to mobile office file,
Generate and store encryption file, generate the access information on services of mobile office file, send and access service letter
Cease to client;
S202:The access information on services that client is received and storage service end is sent, letter is serviced according to accessing
Cease to service end and initiate file access request;
S203:Service end receives the file access request that client is initiated according to information on services is accessed, and calls
Encryption file corresponding to file access request, corresponding encryption file is sent to client;
S204:Client receives the corresponding with accessing information on services of service end return and encrypts file, decryption
Encrypt file and watermarking displaying.
Specifically, include for embodiment of the mobile office method in service end 1:
Receive mobile office file, to mobile office file carry out encrypted signature processing, generate and store plus
Ciphertext part, the access information on services of mobile office file is generated, send and access information on services to client;
The file access request that client is initiated according to information on services is accessed is received, calls file access request
Corresponding encryption file, corresponding encryption file is sent to client.
In certain embodiments, the method in above-described embodiment also includes:It is corresponding to receive mobile office file
Authorization policy and period generation strategy, authorization policy include access profile and file level of confidentiality;According to authorization policy
And period generation strategy, set encryption file the access term of validity and/or expired post processing pattern and/or it is credible should
Use list.
In certain embodiments, encrypted signature processing is carried out to mobile office file in above-described embodiment,
Generating and storing encryption file includes:The cryptographic Hash of mobile office file is calculated using predetermined Hash algorithm,
Call number Signcryption Algorithm using text control service private key to predetermined Hash algorithm and cryptographic Hash at
Reason generation signing messages, signing messages and mobile office file are formed to the middle text of mobile office file
Part, symmetric encipherment algorithm is called to be encrypted using the encryption secret key pair intermediate file of mobile office file,
Generation encryption file.
In certain embodiments, the method in above-described embodiment is receiving client according to access information on services
After the file access request of initiation, in addition to:The text control clothes of client are extracted in file access request
Business public key, the encryption key of corresponding encryption file is searched, service public key using text control enters to encrypting key
Row encryption, the encryption key after encryption is transmitted to client.
Specifically, include for embodiment of the mobile office method in client 2:
Receive the access information on services that simultaneously storage service end is sent;
According to access information on services to service end initiate file access request, receive service end return with visit
Ask encryption file corresponding to information on services, decryption encryption file and watermarking displaying.
In certain embodiments, the method in above-described embodiment also includes:Obtain the cycle plan of encryption file
Summary and authorization policy, storage management is carried out to encryption file and its Crypted password.
In certain embodiments, the method in above-described embodiment is being sent out according to access information on services to service end
Before playing file access request, in addition to:Judge whether to be stored with and access encryption text corresponding to information on services
Part, if so, then directly invoking.
In certain embodiments, the file access request in above-described embodiment carries text control service public key;Solution
It is close encryption file and show include:The encryption controlled using text after servicing the encryption that public key returns to service end is secret
Processing is decrypted in key, obtains encryption key, calls symmetric encipherment algorithm to use encryption secret key pair encryption text
Part is decrypted, and obtains intermediate file, and intermediate file includes signing messages and mobile office file, calls
Digital signature encryption algorithm services private key using text control and carries out signature check to signing messages, and signature check is led to
Later, watermark processing, the movement after displaying processing are carried out to mobile office file according to watermark configuration information
Office document.
3rd embodiment:
Further annotation explanation is done to the present invention in conjunction with concrete application scene.
For mobile trend most very swift and violent over the past two years, equipment vendor, software developer etc. are paying close attention to this
The change in individual market, also excavating the new chance of enterprise market application.Many enterprises have been carried out moving at present
Dynamic office, the operation flow mobile that some frequent routines are used, substantially increases office efficiency.Enterprise
Industry realizes that mobile needs a process, and document security is most important for mechanism of government and enterprises, but some weights
The document information wanted also fails to fully achieve mobile in many enterprises, and its reason includes:
1) mobile device be different from the equipment such as ordinary PC, be easily lost, document security risk it is higher.
2) not in government and enterprises' Administrative Area, document content is easy to artificially be leaked to other people for mobile device office
As evidence, it is difficult to trace.
3) managing and control system at traditional PC ends is not easy to be transplanted to mobile terminal, needs to combine mobile terminal safety
Management and control scheme is implemented together.
4) it is related to move document reader to mobile system scheme and related API and plug-in unit also constantly complete
Kind, many functions do not possess also.
At present, although many governments and enterprise have been carried out the mobile in operation flow in office,
For still holding conservative strategy on document.For example, may only it be plucked after some important document mobiles
Want the form of document to show to check, and need attendant to safeguard summary info, so that leader's examination & approval are examined
Core;Content can be seen in Move Mailbox, but attachment content can not check.
In view of the above problems, the present embodiment is based on Android system, implements effective management and control for document security
Method, facilitate it is easy-to-use in the case of with mobile security managing and control system be combined guarantee document security, can root
According to the security management and control for needing to set different document security strategies to realize different stage.
The purpose of the present embodiment, which is to provide one kind, can help enterprise quickly to realize Android Mobile solution content
The method of security management and control, and Mobile solution fast integration can be allowed to use, ensure that application content is safely controllable.
The present embodiment provides mobile client component and service end security management component device, can easily by
Enterprise applies fast integration, is conveniently realized using that itself need not pay close attention to security management and control detail can
Document content encryption and authority managing and controlling and file life cycle management safely.It can be realized by the present embodiment
The on-line/off-line of mobile content browses, and supports secure watermark, the anti-falsification of content-encrypt, access rights strategy
Regularly update, it is expired self destroy etc. security management and control function.
In actual applications, the present embodiment mainly provides text by client and service end two parts, client
Control service, encryption and decryption service, service end provide file content management, key management, authorization policy plus
Decrypt life cycle and document Transformation Service.Client carries out two-way certificate verification and safety with service end
Coded communication.Service end provides encryption storage, priority assignation, security strategy and the life cycle of document
Management.Service end provides application service interface and document content associated permissions strategy and life cycle is set,
And symmetric encipherment algorithm is signed and then reused to content and is encrypted, each encrypted document distribution one
Individual key is stored in service end, and cipher key delivery is encrypted using client public key, can only have the client to decrypt
Key is obtained, return to application service end is text control information on services, does not expose the tool such as storage location directly
Body information.Authorization policy includes document access scope, read and write access authority, level of confidentiality classification, trusted application
List is set.Client provides text control service, ensures that document security is downloaded, key obtains safely, management and control
The safety that strategy execution and content are read, support online and offline browse and watermark is shown.Client document
Reader assembly communication encrypts controlled, document function pattern by client text control service to drive, to application
For unaware, ensure using safety.
It is complicated without application using the mobile content management-control method of the present embodiment in enterprise mobile application
Transformation, it is possible to allow user to conveniently realize the mobile safety of content.The present embodiment can be widely used in
In government and enterprises' Mobile solution, it can also apply in PC sides, by setting the modes such as transparent encryption and decryption to realize text
The security management and control of shelves content.
As shown in figure 3, the mobile office that the present embodiment provides realizes that system includes two parts:Part I
For service end 1, Part II is client 2.Security management and control service and application, the reading of client 2
The unified communication set packing safe to use such as device assembly is in enterprise security desktop or sandbox, with individual
Using isolation, the security management and control service of client services for client application app.Service end 1 includes should
With service end 11 and content safety management and control service end 12, content safety management and control service end is application service end
File security management and control service is provided.The communication of terminal and service end is using certificate two-way authentication and safety encryption
Transmission.Service end application server uploads content and carries out relative set, and invoking content management service is realized
Content safety management and control function.Client check document be downloaded by client text control service, decrypt and
Browse.
In actual applications, including administrative staff file upload and client user file download and pipe
Reason, concrete methods of realizing and process are described with reference to concrete scene.
The upload of mobile office file comprises the following steps:
In application server door, selection needs the content uploaded for step 1, first administrative staff, and
Authorization policy, period generation strategy are set, then uploaded.
Step 2, application server first establishes two-way Credential-Security certification and encryption with literary control service during upload
Passage, then recall content management and control service end content management service and carry out document security processing.
Step 3, content management server carries out priority assignation to document according to priority assignation, including accesses
Scope, document security level etc..
Step 4, content management server are configured according to period generation strategy, are such as included, the access term of validity,
Expired post processing pattern (renewal, auto-destruct again), trusted application list.
Step 5, set according to system, content document is changed, such as switch to pdf, picture lattice
Formula.
Step 6, content management server calls cipher key management services, to the content assignment encryption key,
Each content assignment one.
Step 7, content management server call cryptographic services, and encrypted signature is carried out to the content,
Hash algorithm is specifically distributed first the calculating of hash values is carried out to content, then by hash values and hash
Algorithm controls the private key of service using text and RSA cryptographic algorithms are signed, and signs and is generated together with content
One new format content, symmetric encipherment algorithm then is used with the key distributed in step 6 again, such as
Aes algorithm carries out content-encrypt, generates final encrypted document.
Step 8, content management server to encrypted document carry out storage management, and establish with authorization policy,
Lifecycle Policies corresponding relation simultaneously stores.
The access information on services of the content is returned to application service end and protected by step 9, content management server
Deposit.The access information on services is not access to content direct address, but can pass through client by the service
End text control service provides indirectly.
Said process completes a typical content uploading encryption flow, then corresponding, client
Safety read encrypted document comprise the following steps:
Step 1, using mobile client by content access information come literary to client text control service request
Shelves are read.The escape way of certification is first established in application with text control service before reading.
Step 2, whether after client text control service receives application, first checking locally has had copy etc.
Information, if then preferential processing locality, into step 5, handled if not into step 3.
Step 3, client text control service, establishes secure communication to service end content management server and carries
The content is handed over to read application.
Step 4, service end content management server, it is effective to carry out user right, credit application and content
Phase etc. verifies, and verifies content and authority and key information secure encrypted transmission after passing through to client.
Wherein key will be encrypted with text control service client public key and be transferred to text control service.
If online browse, then content and key etc. are not preserved in local, it is necessary to which online every time obtain.
Step 5, text control service, using the private key decruption key of oneself, are then decrypted according to content information
Document, and signature check is carried out to document to prevent being tampered.
Step 6, call security reader component to read decryption file, and read according to watermark configuration information
The watermark information of reader's correlation added in component view plus a stacking is read, such as job number name watermark is believed
Breath.
The text control service of client also provides related strategy inspection in addition to the service in above-mentioned reading process
The tasks such as execution, key updating are looked into, such as:
Content Management:Mainly it is responsible for the download of encrypted content and management, signature check, peace is locally stored
The storage management of full strategy, and corresponding key management, mutually isolated independence.
Authority updates:Be responsible for whether updated according to the authority of the tactful scope of examination, if any renewal then in time more
Newly.
Cyclic check:According to authorization policy, check whether local content is expired, and expired, auto-destruct is deleted
Remove, if checking whether discovery is expired, can update or refuse according to strategy decision in read request
Access and auto-destruct absolutely.
Key obtains:Safety obtains contents encryption key, so that subsequent document is decrypted.
Encryption and decryption:Using the private key of itself to content key decryption during reading, and with decryption after key pair
Content is decrypted.
Safety is read:In enterprise security container, safe reading service is provided for application, calling is read
Read safe reading mode of device and open decrypted document, and according to setting further user watermark information.
So far, whole embodiment description is completed.From the point of view of said process, client text control service, answer
With and service end content management service and service end application effectively combine, ensured that content safety is controllable.
For corresponding use, content encryption and decryption and signature process, deposit position and key safety management transmission are all
It is unaware, only need to uses interface.Client text control service is handed over service end content management service
Mutual mode is safe and effective, and document security signature and encryption process are safe and reliable, document and key and peace
Complete tactful separation management and transmission safety are flexible.
Device service end is controlled in text, system safety manager can carry out system parameter setting, encryption and decryption is set
And content document batch updating, backup etc. are safeguarded, do not describing individually here.The present embodiment carries
To feature operation be comparatively perfect, and safety, it is possible to reduce using retrofit work amount, to be real
Existing content mobile provides safely a kind of implementation.This programme selectively can also suitably be become
Change to meet to be actually needed.The mobile content security management and control device that the present embodiment is realized, it is a kind of novel
Mode, effectively can be combined with digital certificate, safety desktop container etc., it is convenient using aligning
Mobile e-government, mobile office in development propulsion etc. will be significant.
In the present embodiment, the content application APP of client refers to the mobile office being arranged in terminal
Only it is the action pane of user, user can select the file that office needs, now, interior using APP
Hold and request initiated to text control service module according to the access information on services of user's select file using APP,
Text control service module forwards requests to service end;Corresponding, the application server of service end refers to provide shifting
The server of dynamic office application, in the present invention, only uploaded as user the window of mobile office file with
And the window to be communicated with client, mobile office file are handled by content managing module completely, application
Server no longer possesses the management function of mobile office file, and so, service end is receiving mobile office
After file, encrypted signature processing is carried out to mobile office file, generation encryption file simultaneously stores, rear
It is continuous to move office document in use, the encryption of the mobile office file of service end calling client request
File cocurrent gives client, and in whole process, client can not directly access mobile office file,
And then the mobile office file of mobile office application service end memory storage can not be directly obtained, and it is entered
Row modification so that file security greatly enhances.
In summary, by the implementation of the present invention, following beneficial effect at least be present:
The invention provides a kind of mobile office method, service end after mobile office file is received,
Encrypted signature processing is carried out to mobile office file, generation encryption file is simultaneously stored, subsequently moved
Office document is in use, service end calls the encryption file cocurrent of the mobile office file of client request to send
To client, in whole process, client can not directly access mobile office file, and then can not
The mobile office file of mobile office application service end memory storage is directly obtained, and it is modified, is made
Obtain file security to greatly enhance, solve file security caused by existing directly acquisition mobile office file
The problem of property is relatively low, enhance the usage experience of user.
It the above is only the embodiment of the present invention, any formal limit not done to the present invention
Make, every any simple modification made according to technical spirit of the invention to embodiment of above, be equal
Change, combination or modification, still fall within the protection domain of technical solution of the present invention.
Claims (18)
- A kind of 1. mobile office method, it is characterised in that including:Mobile office file is received, encrypted signature processing is carried out to the mobile office file, generates and deposits Storage encryption file, the access information on services of the mobile office file is generated, send described access and service letter Cease to client;The file access request that the client is initiated according to the access information on services is received, described in calling Encryption file corresponding to file access request, the corresponding encryption file is sent to the client.
- 2. mobile office method as claimed in claim 1, it is characterised in that also include:Described in reception Authorization policy and period generation strategy corresponding to mobile office file, the authorization policy include access profile and text Part level of confidentiality;According to the authorization policy and period generation strategy, set the encryption file the access term of validity and / or expired post processing pattern and/or trusted application list.
- 3. mobile office method as claimed in claim 1 or 2, it is characterised in that described to the shifting Dynamic office document carries out encrypted signature processing, and generating and storing encryption file includes:Calculated using predetermined Hash Method calculates the cryptographic Hash of the mobile office file, and call number Signcryption Algorithm is private using text control service Key to the predetermined Hash algorithm and cryptographic Hash carry out processing generation signing messages, by the signing messages with The mobile office file forms the intermediate file of the mobile office file, calls symmetric encipherment algorithm to make The intermediate file described in the encryption secret key pair of the mobile office file is encrypted, and generates the encryption text Part.
- 4. mobile office method as claimed in claim 3, it is characterised in that receiving the client After the file access request initiated according to the access information on services, in addition to:In the file access The text control service public key of the client is extracted in request, the encryption for searching the corresponding encryption file is secret Key, control service public key using the text and the encryption key is encrypted, adding after transmission encryption Close key is to the client.
- A kind of 5. mobile office method, it is characterised in that including:Receive the access information on services that simultaneously storage service end is sent;File access request is initiated to the service end according to the access information on services, receives the service The corresponding with the access information on services of end return encrypts file, decrypts the encryption file and watermarking Displaying.
- 6. mobile office method as claimed in claim 5, it is characterised in that also include:Described in acquisition The period generation strategy and authorization policy of file are encrypted, storage tube is carried out to the encryption file and its Crypted password Reason.
- 7. mobile office method as claimed in claim 5, it is characterised in that taken according to described access Before information of being engaged in initiates file access request to the service end, in addition to:Judge whether to be stored with described Encryption file corresponding to information on services is accessed, if so, then directly invoking.
- 8. the mobile office method as described in any one of claim 5 to 7, it is characterised in that the text Part access request carries text control service public key;It is described decryption it is described encryption file and show include:Using institute State the encryption key after the encryption that text control service public key returns to the service end and processing is decrypted, obtain Key is encrypted, calls symmetric encipherment algorithm to be decrypted using encryption file described in the encryption secret key pair, Intermediate file is obtained, the intermediate file includes signing messages and mobile office file, call number signature AES services private key using text control and carries out signature check to the signing messages, and signature check passes through Afterwards, watermark processing, the shifting after displaying processing are carried out to the mobile office file according to watermark configuration information Dynamic office document.
- A kind of 9. mobile office method, it is characterised in that including:Service end receives mobile office file, and encrypted signature processing is carried out to the mobile office file, raw Into and store encryption file, generate the access information on services of the mobile office file, send the access Information on services is to client;The access information on services that the client is received and storage service end is sent, serviced according to described access Information initiates file access request to the service end;The service end receives the file access that the client is initiated according to the access information on services please Ask, call encryption file corresponding to the file access request, send the corresponding encryption file to institute State client;The client receives the encryption text corresponding with the access information on services that the service end returns Part, decrypt the encryption file and watermarking displaying.
- A kind of 10. service end for mobile office, it is characterised in that including:Document management module, for receiving mobile office file, the mobile office file is signed Encryption, generate and store encryption file, generate the access information on services of the mobile office file, The access information on services is sent to client;File sending module, the file initiated for receiving the client according to the access information on services Access request, encryption file corresponding to the file access request is called, send the corresponding encryption text Part is to the client.
- 11. service end as claimed in claim 10, it is characterised in that the document management module is also For receiving authorization policy and period generation strategy corresponding to the mobile office file, the authorization policy includes Access profile and file level of confidentiality;According to the authorization policy and period generation strategy, the encryption file is set Access the term of validity and/or expired post processing pattern and/or trusted application list.
- 12. the service end as described in claim 10 or 11, it is characterised in that the file management Module is used for the cryptographic Hash that the mobile office file is calculated using predetermined Hash algorithm, call number signature AES controls service private key using text and processing generation label is carried out to the predetermined Hash algorithm and cryptographic Hash Name information, the signing messages and the mobile office file are formed to the centre of the mobile office file File, symmetric encipherment algorithm is called to use intermediate file described in the encryption secret key pair of the mobile office file It is encrypted, generates the encryption file.
- 13. service end as claimed in claim 12, it is characterised in that the file sending module is also For extracting the text control service public key of the client in the file access request, the correspondence is searched Encryption file encryption key, using it is described text control service public key to it is described encryption key place is encrypted Reason, the encryption key after encryption is transmitted to the client.
- A kind of 14. client for mobile office, it is characterised in that including:Information storage module, for the access information on services received and storage service end is sent;File read module, for initiating file access to the service end according to the access information on services Request, receive the corresponding with the access information on services of the service end return and encrypt file, decrypt institute State encryption file and watermarking displaying.
- 15. client as claimed in claim 14, it is characterised in that described information memory module is also It is close to the encryption file and its encryption for obtaining the period generation strategy and authorization policy of the encryption file Code carries out storage management.
- 16. client as claimed in claim 14, it is characterised in that the file read module is also For before file access request is initiated to the service end according to the access information on services, judgement to be It is no to be stored with encryption file corresponding to the access information on services, if so, then directly invoking.
- 17. the client as described in any one of claim 14 to 16, it is characterised in that the text Part access request carries text control service public key;The file read module is used for public using the text control service Processing is decrypted in encryption key after the encryption that key returns to the service end, obtains encryption key, adjusts It is decrypted with symmetric encipherment algorithm using encryption file described in the encryption secret key pair, obtains middle text Part, the intermediate file include signing messages and mobile office file, and call number Signcryption Algorithm makes Service private key being controlled with text signature check being carried out to the signing messages, signature check is by rear, according to watermark Configuration information carries out watermark processing, the mobile office file after displaying processing to the mobile office file.
- 18. a kind of system for mobile office, it is characterised in that including such as claim 10 to 13 Service end described in any one and the client as described in any one of claim 14 to 17.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610309349.2A CN107368747A (en) | 2016-05-11 | 2016-05-11 | A kind of mobile office method, service end, client and system |
| PCT/CN2017/083869 WO2017193950A1 (en) | 2016-05-11 | 2017-05-11 | Mobile office method, server, client, and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610309349.2A CN107368747A (en) | 2016-05-11 | 2016-05-11 | A kind of mobile office method, service end, client and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107368747A true CN107368747A (en) | 2017-11-21 |
Family
ID=60267491
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610309349.2A Pending CN107368747A (en) | 2016-05-11 | 2016-05-11 | A kind of mobile office method, service end, client and system |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN107368747A (en) |
| WO (1) | WO2017193950A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108229137A (en) * | 2017-12-29 | 2018-06-29 | 北京长御科技有限公司 | A kind of method and device for distributing document permission |
| CN110011799A (en) * | 2019-04-02 | 2019-07-12 | 河南管软信息技术有限公司 | Communication security method in mobile office |
| CN111651786A (en) * | 2020-05-22 | 2020-09-11 | 北京中兴恒工程咨询有限公司 | Office information management method and system |
| US11327665B2 (en) | 2019-09-20 | 2022-05-10 | International Business Machines Corporation | Managing data on volumes |
| US11328089B2 (en) * | 2019-09-20 | 2022-05-10 | International Business Machines Corporation | Built-in legal framework file management |
| US11443056B2 (en) | 2019-09-20 | 2022-09-13 | International Business Machines Corporation | File access restrictions enforcement |
| CN115168889A (en) * | 2022-09-08 | 2022-10-11 | 北京中宏立达科技发展有限公司 | Method for using secret piece of electronic secret cabinet and authorizing secret piece of secret room |
| CN115484353A (en) * | 2021-06-16 | 2022-12-16 | 中移动信息技术有限公司 | Processing method suitable for watermark picture, electronic equipment and storage medium |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111711689B (en) * | 2020-06-16 | 2023-06-23 | 深圳市思迪信息技术股份有限公司 | Method, system, equipment and storage medium for live image-text of consultation system |
| CN112114922A (en) * | 2020-09-15 | 2020-12-22 | 安徽长泰信息安全服务有限公司 | Desktop security isolation system and method |
| CN112258373B (en) * | 2020-11-17 | 2024-06-21 | 珠海大横琴科技发展有限公司 | Data processing method and device |
| CN112434339A (en) * | 2020-12-01 | 2021-03-02 | 北京五八信息技术有限公司 | Information processing method and device |
| CN115913560B (en) * | 2022-09-08 | 2023-06-16 | 北京中宏立达科技发展有限公司 | System for authorizing and using secret piece |
| CN116882945B (en) * | 2023-09-05 | 2023-12-26 | 圣奥科技股份有限公司 | Collaborative office method, equipment and medium based on office area station information |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101655946B (en) * | 2009-09-24 | 2012-08-01 | 青岛海信移动通信技术股份有限公司 | Method, system and equipment for realizing electronic seal |
| CN103795780A (en) * | 2013-12-06 | 2014-05-14 | 中国科学院深圳先进技术研究院 | Cloud storage data protection method and device |
| CN104239814B (en) * | 2014-09-17 | 2017-10-20 | 上海斐讯数据通信技术有限公司 | A kind of mobile office safety method and system |
-
2016
- 2016-05-11 CN CN201610309349.2A patent/CN107368747A/en active Pending
-
2017
- 2017-05-11 WO PCT/CN2017/083869 patent/WO2017193950A1/en active Application Filing
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108229137A (en) * | 2017-12-29 | 2018-06-29 | 北京长御科技有限公司 | A kind of method and device for distributing document permission |
| CN108229137B (en) * | 2017-12-29 | 2020-04-03 | 北京长御科技有限公司 | Method and device for distributing document permission |
| CN110011799A (en) * | 2019-04-02 | 2019-07-12 | 河南管软信息技术有限公司 | Communication security method in mobile office |
| US11327665B2 (en) | 2019-09-20 | 2022-05-10 | International Business Machines Corporation | Managing data on volumes |
| US11328089B2 (en) * | 2019-09-20 | 2022-05-10 | International Business Machines Corporation | Built-in legal framework file management |
| US11443056B2 (en) | 2019-09-20 | 2022-09-13 | International Business Machines Corporation | File access restrictions enforcement |
| CN111651786A (en) * | 2020-05-22 | 2020-09-11 | 北京中兴恒工程咨询有限公司 | Office information management method and system |
| CN111651786B (en) * | 2020-05-22 | 2024-04-23 | 北京中兴恒工程咨询有限公司 | Office information management method and system |
| CN115484353A (en) * | 2021-06-16 | 2022-12-16 | 中移动信息技术有限公司 | Processing method suitable for watermark picture, electronic equipment and storage medium |
| CN115168889A (en) * | 2022-09-08 | 2022-10-11 | 北京中宏立达科技发展有限公司 | Method for using secret piece of electronic secret cabinet and authorizing secret piece of secret room |
| CN115168889B (en) * | 2022-09-08 | 2022-11-29 | 北京中宏立达科技发展有限公司 | Method for using secret piece of electronic secret cabinet and authorizing secret piece of secret room |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2017193950A1 (en) | 2017-11-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107368747A (en) | A kind of mobile office method, service end, client and system | |
| CN102710633B (en) | Cloud security management system of security electronic documents and method | |
| CN103457733B (en) | A kind of cloud computing environment data sharing method and system | |
| CN104520805B (en) | According to the security application ecosystem with key and data exchange of company information control strategy | |
| CN103530570B (en) | A kind of electronic document safety management system and method | |
| CN103107995B (en) | A kind of cloud computing environment date safety storing system and method | |
| CN107197037B (en) | A kind of data access method and system with audit function based on Cloud Server | |
| CN104104692B (en) | A kind of virtual machine encryption method, decryption method and encryption and decryption control system | |
| CN110034924A (en) | A kind of data processing method and device | |
| CN108259169A (en) | A kind of file security sharing method and system based on block chain cloud storage | |
| CN103390124B (en) | Safety input and the equipment, system and method for processing password | |
| US20120290850A1 (en) | Data management | |
| CN110519049A (en) | A kind of cloud data protection system based on credible performing environment | |
| CN107465689A (en) | The key management system and method for virtual credible platform module under cloud environment | |
| KR101648364B1 (en) | Method for improving encryption/decryption speed by complexly applying for symmetric key encryption and asymmetric key double encryption | |
| CN106304040A (en) | The management method of Mobile solution, device | |
| CN108141626A (en) | Utilize the system and method for the hardware auxiliary protection to media content | |
| CN109587101A (en) | A kind of digital certificate management method, device and storage medium | |
| CN105122265A (en) | Data security service system | |
| CN109948322A (en) | Localize the personal cloud storage data assurance case apparatus and method of encryption protection | |
| CN104462998B (en) | Cloud storage encryption system and its implementation based on domestic commercial cipher algorithm | |
| CN107040520A (en) | A kind of cloud computing data-sharing systems and method | |
| JP2022542095A (en) | Hardened secure encryption and decryption system | |
| CN107426223A (en) | Cloud file encryption and decryption method, encryption and decryption device and processing system | |
| CN109309645A (en) | A kind of software distribution security guard method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20171121 |
|
| WD01 | Invention patent application deemed withdrawn after publication |