CN110674477A - Document source tracing method and device based on electronic file security identification - Google Patents
Document source tracing method and device based on electronic file security identification Download PDFInfo
- Publication number
- CN110674477A CN110674477A CN201910905183.4A CN201910905183A CN110674477A CN 110674477 A CN110674477 A CN 110674477A CN 201910905183 A CN201910905183 A CN 201910905183A CN 110674477 A CN110674477 A CN 110674477A
- Authority
- CN
- China
- Prior art keywords
- file
- information
- watermark information
- electronic file
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 77
- 230000008569 process Effects 0.000 claims abstract description 42
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000007246 mechanism Effects 0.000 claims description 4
- 238000005516 engineering process Methods 0.000 description 16
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000012545 processing Methods 0.000 description 4
- 238000007726 management method Methods 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000000007 visual effect Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 230000001681 protective effect Effects 0.000 description 1
- 238000005096 rolling process Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/16—Program or content traceability, e.g. by watermarking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Abstract
The invention relates to a document source tracing method and device based on electronic file security level identification. The method comprises the following steps: installing and deploying a security level identification service program at a client, and binding the security level identification with each security-related electronic file; when the secret-related electronic file with the secret identification is used for document output, intercepting corresponding operation command information, and further starting a digital watermark information embedding service process; the digital watermark information embedding service process acquires the content information of the confidential electronic file and watermark information generated according to the confidential identifier, and carries out watermark information embedding operation; and executing final document output operation on the confidential electronic file embedded with the watermark information. The method solves the problems that the files with the security level identification cannot be subjected to screen tracing and printing tracing, the security level identification information and the file tracing information cannot be combined, the whole process tracing cannot be carried out in the whole life cycle of the files, and the like.
Description
Technical Field
The invention belongs to the technical field of document protection, and relates to a document divulgence tracing method and device based on digital watermarks and electronic file security level identification.
Background
In recent years, with the rapid development of internet and multimedia technology, electronic documents are commonly used, which greatly improves the information transfer processing efficiency, and meanwhile, there are many hidden troubles of information leakage, such as: and storing, transmitting, printing, copying, screen capturing, photographing and the like sensitive information in the electronic document. For electronic files bearing a large amount of sensitive personal information, commercial secret information and national secret information, an advanced technical means is urgently needed for protection, and the information leakage behavior is effectively deterred and traced under the condition that the existing user experience and application system processing are not influenced.
The electronic file security level identification technology provides an important electronic file security protection and leakage tracing means, and is widely applied to the field of information security. The security level identification is a section of digital entity bound with the security-related file, is closely associated with the security-related file entity, carries out protective encryption on the security-related file, simultaneously records the attribute and state information of the file, defines access authority strategies such as an operation object and an operation behavior of the file, records the identity and the operation behavior of a user in each file processing link, ensures that the file is always in a safe and controllable state in all processes such as creation, editing, storage, alteration, forwarding and lookup, and can trace and audit each use detail of the file, thereby realizing the safe and controllable of the whole life cycle of the security-related file. The security level identification can realize encryption protection of the electronic file, so that people without permission can not normally open and read the electronic file; in addition, if the electronic file itself (or fragments) is leaked illegally, the tracing of the leakage source can be effectively carried out through the intercepted electronic document data. But the secret level identification technology still cannot solve output leakage tracing in other two cases: screen display output and printout. The data in both cases is in plain text, which has left the scope of security level identification technology. The existing document divulgence tracing method for screen display and printout is not associated with a security level identification technology, and the effective management and monitoring on the whole life cycle of the document cannot be realized. If the document is to be completely divulged and traced, an additional application system needs to be installed and deployed in a matched manner, so that the implementation cost is high. Therefore, the invention realizes the safety protection and the leakage tracing within the whole life cycle of the document based on the electronic file security level identification technology and the digital watermarking technology.
Disclosure of Invention
The invention provides a document tracing method and a document tracing device based on electronic document security level identification, which are used for solving the problems that the document with the security level identification in the prior art cannot be subjected to screen tracing and printing tracing, the security level identification information and the document tracing information cannot be combined, the document cannot be traced in the whole life cycle and the like on the premise of not changing the normal document use habit of a user.
The concept of the invention is that firstly, a security identification service program is installed and deployed at each client, and security identification is bound with each electronic file, so that the electronic files are always in a safe and controllable state in all processes of the whole life cycle; secondly, when the secret-related electronic file with the secret level identification is subjected to screen display output and printout, the system intercepts corresponding operation command information and further starts a digital watermark information embedding service process; then, the digital watermark information embedding service process acquires the content data of the electronic document, reads the electronic document security identification information and carries out coding processing to obtain document traceability information, and the document traceability information is embedded into the content data of the electronic document by adopting a digital watermark algorithm; and finally, executing final screen display output and printout operation on the document content embedded with the document traceability information. Therefore, the document source tracing method and device based on the electronic file security level identification are obtained.
The invention discloses a document tracing method based on electronic file security identification, which adopts the technical scheme that the method comprises the following steps:
installing and deploying a security level identification service program at each client, and binding the security level identification with each security-related electronic file;
secondly, when the secret-related electronic file with the secret-level identification is output, the system intercepts corresponding operation command information and further starts a digital watermark information embedding service process;
step three, the digital watermark information embedding service process acquires the content information of the confidential electronic file and watermark information generated according to the confidential identifier, and carries out watermark information embedding operation;
and step four, executing final document output operation on the confidential electronic file embedded with the watermark information.
Preferably, the security level identifier includes one or more of the following: document security level, security duration, security basis, knowledge range, drafter, security accountant, issuer, security unit, document number and machine code.
Preferably, the document output operation includes a screen display output operation and a print output operation.
Preferably, the system intercepts the corresponding operation command information, and includes two ways: one is that the security level identification service program or the third party service program executes the HOOK operation of the system, thereby intercepting the opening and printing commands of the security-related electronic file; and the other method is to install a plug-in module in a software system for opening the confidential electronic file and automatically intercept opening and printing commands of the software system.
Preferably, the information content of the watermark information is encoded by combining two parts: the first part is one or more combinations in the content of the security level identification, and is obtained by transferring the file name and path name information of the security-related electronic file by calling an interface function provided by a security level identification service program; the second part is system time information which is read by a watermark information embedding service process in real time.
Preferably, the watermark information embedding step is to respectively call corresponding digital watermark algorithms to embed the watermark information in the text, the image and the graphic object in the confidential electronic file.
Preferably, the plug-in module installation mode supports watermark embedding in screen display output and print output of format file reading software and streaming file typesetting software systems, and supports watermark information embedding in screen display content in a real-time document editing process of streaming file typesetting software.
Preferably, the watermark information is embedded in the process of editing the streaming file typesetting software in real time, a plug-in module is installed and deployed in the streaming file typesetting software system, and the plug-in module intercepts an operating command of the software system to complete the real-time embedding of the watermark information, and the specific process is as follows:
step1, operating the streaming file typesetting software system to open the confidential electronic file, automatically intercepting a file opening operation command by the plug-in module, and reading the file content information;
step2, calling a security identification interface by the plug-in module to acquire security identification content information, reading time information of file operation in real time, and combining and encoding the two parts of information to generate watermark information;
step3, the plug-in module embeds the generated watermark information into the whole file content;
step4, when the electronic file is edited, the plug-in module intercepts the corresponding command in time and adjusts the watermark information embedding strategy according to the modified content;
step5, when the electronic file is printed and output, the plug-in module automatically intercepts the file printing operation command of the system, and embeds the watermark in the file content to be printed and output, finally, the normal printing and output process is carried out;
step6, when the electronic file is closed, the plug-in module automatically intercepts the file closing operation command of the system, and erases all the watermark information to recover the original file content information.
Preferably, the watermark embedding of the layout file reading software comprises the following specific processes:
firstly, when format file reading software is operated to open a confidential electronic file, a confidential identification service program intercepts an opening operation command of the file through a HOOK mechanism of an operating system, backups an original confidential electronic file to obtain a copy of the confidential electronic file, and opens the copy of the confidential electronic file;
secondly, generating watermark information by the security level identification service program, and calling a watermark information embedding module to embed the watermark information in the copy content of the opened security-related electronic file;
then, when the format file reading software carries out printing operation, directly sending the copy content of the confidential electronic file containing the watermark information to a physical printer for outputting;
and finally, after the format file reading software is closed, directly deleting the copies of the confidential electronic files by the security identification service program, thereby retaining the original confidential electronic files.
Based on the same inventive concept, the invention also provides a document tracing device based on the electronic file security level identification, which comprises:
secret identification service module: the security level identification is bound with each security-related electronic file, and the security-related electronic files are in a safe and controllable state in the whole life cycle;
the file output monitoring module: the system is responsible for monitoring the state of the confidential electronic file, and when the confidential electronic file with the confidential identification is output, the system intercepts corresponding operation command information so as to start a digital watermark information embedding service process;
the secret mark information reading module: the system is responsible for receiving the file name and path name information of the incoming confidential electronic file through an interface to obtain confidential identification content information and returning the confidential identification content information to the watermark information embedding module;
watermark information embedding module: the system is responsible for acquiring content information of the confidential electronic file and watermark information generated according to the confidential identifier and carrying out watermark information embedding operation;
the file output execution module: and the electronic file is responsible for executing final document output operation on the confidential electronic file after the watermark information is embedded.
The invention has the following beneficial effects:
in the invention, the security level identification technology of the security-related electronic file and the document leakage tracing technology are combined together, and the security level identification information is embedded into the file content as a part of the document tracing information, thereby realizing the leakage tracing of the security-related electronic file with the security level identification in the screen display output and paper printing output processes. After sensitive content information in the confidential electronic document is shot by a screen, a screen is shot, printing output, scanning copying and paper are shot, confidential identification information can be extracted from the captured document image, and the use information of the confidential document in the processes of creation, storage, transmission, printing and the like can be mastered by combining the confidential identification information, so that the purpose of document leakage tracing in the whole life cycle of the document is achieved.
Because the invention realizes the divulgence tracing of the screen display in the confidential electronic file through the software plug-in technology, and particularly can embed watermark information in the image content output by the screen display in the process of typesetting and editing the streaming file in real time, thereby breaking through the limitation that the original method completely depends on a specific software system, having higher flexibility and wider applicability.
Drawings
Fig. 1 is a schematic flowchart of an implementation process of a document tracing method based on electronic file security level identification in embodiment 1;
fig. 2 is a schematic flowchart of an implementation flow of the method for tracing leakage of a streaming file according to embodiment 2;
fig. 3 is a schematic flowchart of an implementation flow of the method for format file leakage tracing in embodiment 3;
fig. 4 is a schematic structural diagram of a document tracing apparatus based on electronic file security level identification in embodiment 4.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, the present invention shall be described in further detail with reference to the following detailed description and accompanying drawings.
Fig. 1 is a schematic flowchart of an implementation process of the document tracing method based on electronic file security level identification in embodiment 1.
S101, installing and deploying a security level identification service program at each client, and binding the security level identification with each security-related electronic file.
The security attribute is bound with the file by applying an electronic file security identification technology, and high-strength algorithm confusion and encryption are adopted, so that the security attribute is ensured to follow the life cycle of the file, and inseparability and non-falsification with the file are realized. The method has the advantages that the method adopts measures such as secret determination process management, document access control, document audit logs and the like, so that the whole life cycle of the document is effectively managed and monitored, and the effective management and control of the secret level identification of the document in each application system are realized. The content of the security level identification comprises: document security level, security duration, security basis, knowledge range, drafter, security accountant, issuer, security unit, document number and machine code.
S102, when the secret-related electronic file with the secret level identification is output, the system intercepts corresponding operation command information, and then starts a digital watermark information embedding service process.
The confidential electronic file protected by the confidential identification technology is finally used for performing plaintext output operation, and specifically comprises document screen display and printout. At this time, if the output content of the confidential electronic file is captured by a screen or a camera, effective tracing of the divulgence source is difficult to perform. Therefore, corresponding operation command information needs to be intercepted, and invisible watermark information is embedded in the document content output in a clear text. The specific modes mainly include two types:
one is that the security level identification service program or the third party service program executes the HOOK operation of the system and intercepts the opening and printing commands of the security-related electronic file. In the embodiment, gdi (graphics device interface) function commands related to document printing, such as CreateDCA (), CreateDCW (), OpenPrinterA (), OpenPrinterW (), etc., are mainly intercepted by the API HOOK technology, and a target printer is pointed to a specific virtual printer installed in advance, such as a PS, PDF, PCL, EMF, or other virtual printer; the printing data is converted into the file with the specified format through a printing processor of the virtual printer, so that corresponding file content format data is obtained; embedding watermark information by modifying the file content data; and finally, the virtual printer forwards the printing data embedded with the watermark to a real physical printer to complete a printing task. The method is suitable for embedding watermark information in the document content data which is printed and output.
And the other method is to install a plug-in module in a software system for opening the confidential electronic file and automatically intercept opening and printing commands of the software system. For example, microsoft Office software provides two plug-in development modes of vsto (visual Studio Tools for Office) and vba (visual Studio for application), and can conveniently acquire operation information of Office software such as file opening, storage, printing, closing and the like.
The plug-in module installing mode supports watermark embedding in screen display output and paper print output of format file reading software and streaming file typesetting software systems, and supports watermark embedding in screen display content in a real-time document editing process of the streaming file typesetting software.
S103, the digital watermark information embedding service process acquires the content information and the watermark information of the electronic file and carries out watermark information embedding operation.
The watermark information is generated, and the information content is formed by combining and coding two parts: the first part is one or more combinations in the content of the security level identification and is obtained by transferring the file name and path name information of the security-related electronic file from a security level identification interface; the second part is system time information which is read by a watermark information embedding module in real time. In this embodiment, the security level identification content mainly selects file security level, machine code and issuer information, and the time information can be accurate to hours, minutes or seconds according to the limit of the algorithm capacity of the watermark information.
And the watermark information embedding step of respectively calling corresponding digital watermark algorithms to embed the watermark information aiming at the text, the image and the graphic object in the confidential electronic file. The method comprises the following steps of using a text watermarking algorithm based on vector font replacement to embed watermarking information into a text object, and specifically comprising the following steps: selecting a certain number of character sets omega from large to small according to the sequence using word frequency in common computer font files; selecting a characteristic point in a font structure aiming at each character in the character set omega, generating a new font file by modifying the characteristic point, and recording the position information of the characteristic point; the newly designed word stock file is installed in a computer terminal system, and watermark information is embedded by dynamically replacing fonts in a document when the document is displayed on a screen or printed out.
And S104, executing final document output operation on the electronic file embedded with the watermark information.
Watermark information which cannot be identified by naked eyes is automatically embedded into a paper document which is displayed and output on a screen or printed and output, when the document is illegally acquired or copied by screen capture, screen photographing, printing and scanning, copying, paper photographing and the like, the watermark information hidden in the paper document is extracted through a specific watermark identification software tool, so that the leakage source of the confidential document can be traced, and the purposes of performing leakage tracing and safety control on the confidential document are finally achieved.
Fig. 2 is a schematic flowchart of an implementation flow of the method for tracing leakage of a streaming file in embodiment 2.
Common streaming file typesetting software mainly comprises Microsoft Office, Jinshan WPS, Yongzhong Office and the like, each typesetting software can be customized and developed with a corresponding functional module to realize watermark information embedding in screen display and printout, but the universality is poor, the implementation cost of a user is high, and the user often needs to upgrade, install and deploy a corresponding software version. In addition, by installing and deploying the plug-in module in the streaming file typesetting software system, the operation command of the software system can be conveniently intercepted, so that the real-time embedding of the watermark information is completed, and the specific process is as follows:
s201, operating a streaming file typesetting software system to open the confidential electronic file, automatically intercepting a file opening operation command by a plug-in module, and reading file content information.
The plug-in module of the typesetting software can timely acquire operations of file opening, storage, printing, closing and the like, and provides an API function through the typesetting software to read data information of all text objects, image objects, primitive objects and the like in the file.
S202, the plug-in module calls a security identification interface to obtain the content information of the security identification, reads the time information of file operation in real time, and generates watermark information after combining and encoding the two parts of information.
When the plug-in module generates the watermark information, the plug-in module needs to transfer the file name and full path name information of the current opening operation to acquire the security identification content information of the security-related electronic file by calling an interface function provided by the security identification service program.
S203, the plug-in module embeds the generated watermark information into all file contents.
When the confidential electronic file is just opened, the plug-in modules respectively adopt different watermark algorithms (text, image or graph) to embed the generated watermark information in the acquired document content, when the file content is longer, the watermark information needs to be repeatedly and redundantly embedded for multiple times, and the document content can be ensured to contain a complete watermark information bit string in a window displayed by rolling a screen.
S204, when the electronic file is edited, the plug-in module intercepts a corresponding command in time and adjusts the watermark information embedding strategy (modifying the character content and adjusting the time information) according to the modified content.
When the content of an electronic document is subjected to editing operations such as addition, deletion, modification, copy and paste, the integrity of the watermark information bit string is usually damaged to some extent. At this moment, the plug-in module captures the position of the mouse operation in real time, and according to the size of the file content data volume required by the watermark information, a certain content area is searched from the current position of the mouse to the front and back (the area is ensured to be completely within the range of the screen display window), and the complete watermark information bit string is embedded in real time again, and the watermark information bit string in other areas is kept unchanged. And updating the time information in the watermark information content embedded in real time into the current document editing operation time.
S205, when the electronic file is printed and output, the plug-in module automatically intercepts the file printing operation command of the system, re-embeds the watermark in the file content to be printed and output, and finally performs the normal printing and output process.
The process of re-embedding the watermark requires two main points: 1. time information in the watermark information needs to be updated to the current document printing operation time; 2. the complete watermark information bit string needs to be embedded in the document data to be printed and output in a circulating redundancy mode again, and the problem that the correct extraction of the watermark information is influenced by the discontinuity of the watermark information embedded in real time in the document editing process is avoided.
S206, when the electronic file is closed, the plug-in module automatically intercepts the file closing operation command of the system, and erases all the watermark information to recover the original file content information.
Because the content of the file is modified when the watermark information is embedded, in order to ensure the integrity of the content of the electronic file, the embedded watermark information needs to be erased when the electronic file is closed.
Fig. 3 is a schematic flowchart of an implementation flow of the method for format file leakage tracing in embodiment 3.
Usually, the layout file is mainly used for reading purposes, the chinese content does not change during the file circulation process, and the real-time editing operation of the file content is not involved, such as a pdf (portable Document format) file or an OFD (Open Fixed-layout Document) file. Because the real-time editing and modification of the document content are not involved, the watermark embedding in the format file reading software is mainly realized through a HOOK mechanism, and the specific process is as follows:
s301, when the format file reading software is operated to open the confidential electronic file, the confidential identification service program intercepts an opening operation command of the file through a HOOK mechanism of an operating system, backups the original confidential electronic file to obtain a copy of the confidential electronic file, and opens the copy of the confidential electronic file.
S302, the security level identification service program generates watermark information and calls a watermark information embedding module to embed the watermark information in the copy content of the opened security-related electronic file.
And S303, when the format file reading software performs printing operation, directly sending the copy content of the confidential electronic file containing the watermark information to a physical printer for outputting.
S304, after the layout file reading software is closed, the security level identification service program directly deletes the copies of the confidential electronic files, so that the original confidential electronic files are reserved.
Fig. 4 is a schematic structural diagram of a document tracing apparatus based on electronic file security level identification in embodiment 4, including:
security level identification service module 1: the security level identification is bound with each security-related electronic file, and the security-related electronic files are in a safe and controllable state in the whole life cycle;
the file output monitoring module 2: the system is responsible for monitoring the state of the confidential documents, and when the confidential electronic documents with the confidential marks are output, the system intercepts corresponding operation command information so as to start a digital watermark information embedding service process;
the secret mark information reading module 3: the system is responsible for receiving file name and path name information of an incoming confidential electronic file through an interface to obtain confidential identification content information and returning the confidential identification content information to the watermark information embedding module;
the watermark information embedding module 4: the system is responsible for acquiring the content information of the electronic file and watermark information generated according to the security level identification, and performing watermark information embedding operation;
the file output execution module 5: and the electronic file embedded with the watermark information is responsible for executing final file output operation.
The invention has the following beneficial effects:
in the invention, the security level identification technology of the security-related electronic file and the document leakage tracing technology are combined together, and the security level identification information is embedded into the file content as a part of the document tracing information, thereby realizing the leakage tracing problem of the security-related electronic file with the security level identification in the screen display output and paper printing output processes. After sensitive content information in the confidential electronic document is shot by a screen, a screen is shot, printing output, scanning copying and paper are shot, confidential identification information can be extracted from the captured document image, and the use information of the confidential document in the processes of creation, storage, transmission, printing and the like can be mastered by combining the confidential identification information, so that the purpose of document leakage tracing in the whole life cycle of the document is achieved.
Because the invention realizes the divulgence tracing of the screen display in the confidential electronic file through the software plug-in technology, and particularly can embed watermark information in the image content output by the screen display in the process of typesetting and editing the streaming file in real time, thereby breaking through the limitation that the original method completely depends on a specific software system, having higher flexibility and wider applicability.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (10)
1. A document source tracing method based on electronic file security level identification is characterized by comprising the following steps:
installing and deploying a security level identification service program at a client, and binding the security level identification with each security-related electronic file;
when the secret-related electronic file with the secret identification is used for document output, intercepting corresponding operation command information, and further starting a digital watermark information embedding service process;
the digital watermark information embedding service process acquires the content information of the confidential electronic file and watermark information generated according to the confidential identifier, and carries out watermark information embedding operation;
and executing final document output operation on the confidential electronic file embedded with the watermark information.
2. The method of claim 1, wherein the content of the security classification comprises one or more of: document security level, security duration, security basis, knowledge range, drafter, security accountant, issuer, security unit, document number and machine code.
3. The method of claim 1, wherein the document output operation includes a screen display output operation and a print output operation.
4. The method of claim 1, wherein the content of the watermark information is encoded by combining two parts: the first part is one or more combinations in the content of the security level identification, and is obtained by transferring the file name and path name information of the security-related electronic file by calling an interface function provided by a security level identification service program; the second part is system time information which is read by a watermark information embedding service process in real time.
5. The method according to claim 1, wherein the watermark information embedding operation is performed by calling corresponding digital watermark algorithms for text, image and graphic objects in the confidential electronic document, respectively.
6. The method of claim 1, wherein the intercepting the corresponding operation command information comprises two ways: one is that the security level identification service program or the third party service program executes the HOOK operation of the system, thereby intercepting the opening and printing commands of the security-related electronic file; and the other method is to install a plug-in module in a software system for opening the confidential electronic file and automatically intercept opening and printing commands of the software system.
7. The method of claim 6, wherein the plug-in module is installed to support watermark embedding in the screen display output and the printout of the layout file reading software and the streaming file composition software, and to support watermark information embedding in the screen display content during the real-time document editing process of the streaming file composition software.
8. The method as claimed in claim 7, wherein the embedding of the watermark information in the process of editing the streaming type file composition software in real time, installing and deploying a plug-in module in the streaming type file composition software system, and intercepting the operation command of the software system by the plug-in module to complete the embedding of the watermark information in real time comprises the following steps:
running a streaming file typesetting software system to open a secret-related electronic file, automatically intercepting a file opening operation command by a plug-in module, and reading file content information;
the plug-in module calls a security identification interface to obtain the content information of the security identification, reads the time information of file operation in real time, and generates watermark information after combining and encoding the two parts of information;
the plug-in module embeds the generated watermark information into all file contents;
when the confidential electronic file is edited, the plug-in module intercepts a corresponding command in time and adjusts a watermark information embedding strategy according to the modified content;
when the confidential electronic file is printed and output, the plug-in module automatically intercepts a file printing operation command of the system, re-embeds watermarks in the file content to be printed and output, and finally performs a normal printing and output process;
when the confidential electronic file is closed, the plug-in module automatically intercepts a file closing operation command of the system, erases all watermark information and recovers the original file content information.
9. The method of claim 7, wherein the watermark embedding of the layout file reading software comprises the steps of:
when the format file reading software is operated to open the confidential electronic file, the confidential identification service program intercepts an opening operation command of the file through a HOOK mechanism of an operating system, backups the original confidential electronic file to obtain a copy of the confidential electronic file, and opens the copy of the confidential electronic file;
the security level identification service program generates watermark information and calls a watermark information embedding module to embed the watermark information in the copy content of the opened security-related electronic file;
when the format file reading software performs printing operation, directly sending copy contents of the confidential electronic file containing watermark information to a physical printer for outputting;
and after the format file reading software is closed, directly deleting the copies of the confidential electronic files by the security identification service program, thereby retaining the original confidential electronic files.
10. A document source tracing device based on electronic file security identification is characterized by comprising:
the security level identification service module is responsible for binding the security level identification with each security-related electronic file and enabling the security-related electronic files to be in a safe and controllable state in the whole life cycle;
the file output monitoring module is responsible for monitoring the state of the confidential electronic file, and when the confidential electronic file with the confidential identification is output, corresponding operation command information is intercepted, so that a digital watermark information embedding service process is started;
the secret mark information reading module is responsible for receiving the file name and path name information of the incoming secret-related electronic file through the interface to obtain secret level identification content information and returning the secret level identification content information to the watermark information embedding module;
the watermark information embedding module is in charge of acquiring content information of the confidential electronic file and watermark information generated according to the confidential identifier and carrying out watermark information embedding operation;
and the file output execution module is responsible for executing final file output operation on the confidential electronic file embedded with the watermark information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910905183.4A CN110674477A (en) | 2019-09-24 | 2019-09-24 | Document source tracing method and device based on electronic file security identification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910905183.4A CN110674477A (en) | 2019-09-24 | 2019-09-24 | Document source tracing method and device based on electronic file security identification |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110674477A true CN110674477A (en) | 2020-01-10 |
Family
ID=69077541
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910905183.4A Pending CN110674477A (en) | 2019-09-24 | 2019-09-24 | Document source tracing method and device based on electronic file security identification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110674477A (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112529759A (en) * | 2020-12-22 | 2021-03-19 | 北京百度网讯科技有限公司 | Document processing method, device, equipment, storage medium and computer program product |
| CN112822156A (en) * | 2020-12-23 | 2021-05-18 | 武汉兴图新科电子股份有限公司 | Confidential information monitoring system and method |
| CN113032744A (en) * | 2021-03-29 | 2021-06-25 | 吉林省容汇科技服务中心(有限合伙) | Digital watermark all-in-one system |
| CN113177193A (en) * | 2021-04-23 | 2021-07-27 | 深圳依时货拉拉科技有限公司 | Watermark adding method, watermark verifying method and terminal equipment |
| CN113177226A (en) * | 2021-04-21 | 2021-07-27 | 上海辛格迪健康科技有限公司 | Confidential method and system for displaying files to external users through network |
| CN113341803A (en) * | 2021-06-02 | 2021-09-03 | 北京鼎普科技股份有限公司 | Safety copying control system and method |
| CN113407913A (en) * | 2021-05-31 | 2021-09-17 | 南京触手科技有限公司 | Creative work management method and system based on digital watermark |
| CN113656836A (en) * | 2021-08-25 | 2021-11-16 | 北京百度网讯科技有限公司 | Document processing method, device, equipment, storage medium and computer program product |
| CN114357524A (en) * | 2022-03-08 | 2022-04-15 | 北京时代亿信科技股份有限公司 | Electronic document processing method and device |
| CN114708133A (en) * | 2022-01-27 | 2022-07-05 | 北京国隐科技有限公司 | Universal text watermarking method and device |
| CN115795417A (en) * | 2023-01-09 | 2023-03-14 | 北京亿赛通科技发展有限责任公司 | OOXML document tracing method and device, electronic equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1922857A (en) * | 2004-02-23 | 2007-02-28 | 冲电气工业株式会社 | Document processing method and system |
| CN107423629A (en) * | 2017-04-12 | 2017-12-01 | 李晓妮 | A kind of anti-method and system divulged a secret with tracing of fileinfo output |
| CN108664797A (en) * | 2017-03-30 | 2018-10-16 | 北京北信源软件股份有限公司 | It is a kind of for pdf documents into rower it is close and verification method and device |
| CN109063503A (en) * | 2018-08-16 | 2018-12-21 | 中威戎安科技有限公司 | A kind of watermark embedding apparatus and method |
| CN109388952A (en) * | 2017-08-09 | 2019-02-26 | 普天信息技术有限公司 | A kind of method and apparatus of confidential document and security level identification binding |
-
2019
- 2019-09-24 CN CN201910905183.4A patent/CN110674477A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1922857A (en) * | 2004-02-23 | 2007-02-28 | 冲电气工业株式会社 | Document processing method and system |
| CN108664797A (en) * | 2017-03-30 | 2018-10-16 | 北京北信源软件股份有限公司 | It is a kind of for pdf documents into rower it is close and verification method and device |
| CN107423629A (en) * | 2017-04-12 | 2017-12-01 | 李晓妮 | A kind of anti-method and system divulged a secret with tracing of fileinfo output |
| CN109388952A (en) * | 2017-08-09 | 2019-02-26 | 普天信息技术有限公司 | A kind of method and apparatus of confidential document and security level identification binding |
| CN109063503A (en) * | 2018-08-16 | 2018-12-21 | 中威戎安科技有限公司 | A kind of watermark embedding apparatus and method |
Non-Patent Citations (1)
| Title |
|---|
| 孔凡真: "基于插件技术的Word电子文件密级标识生成与管理工具的设计与实现", 《信息科技辑》 * |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112529759A (en) * | 2020-12-22 | 2021-03-19 | 北京百度网讯科技有限公司 | Document processing method, device, equipment, storage medium and computer program product |
| CN112822156B (en) * | 2020-12-23 | 2023-02-14 | 武汉兴图新科电子股份有限公司 | Confidential information monitoring system and method |
| CN112822156A (en) * | 2020-12-23 | 2021-05-18 | 武汉兴图新科电子股份有限公司 | Confidential information monitoring system and method |
| CN113032744A (en) * | 2021-03-29 | 2021-06-25 | 吉林省容汇科技服务中心(有限合伙) | Digital watermark all-in-one system |
| CN113032744B (en) * | 2021-03-29 | 2023-05-09 | 吉林省吉时宇飞电子信息工程有限责任公司 | Digital watermarking integrated machine system |
| CN113177226A (en) * | 2021-04-21 | 2021-07-27 | 上海辛格迪健康科技有限公司 | Confidential method and system for displaying files to external users through network |
| CN113177193A (en) * | 2021-04-23 | 2021-07-27 | 深圳依时货拉拉科技有限公司 | Watermark adding method, watermark verifying method and terminal equipment |
| CN113407913A (en) * | 2021-05-31 | 2021-09-17 | 南京触手科技有限公司 | Creative work management method and system based on digital watermark |
| CN113341803A (en) * | 2021-06-02 | 2021-09-03 | 北京鼎普科技股份有限公司 | Safety copying control system and method |
| CN113656836A (en) * | 2021-08-25 | 2021-11-16 | 北京百度网讯科技有限公司 | Document processing method, device, equipment, storage medium and computer program product |
| CN113656836B (en) * | 2021-08-25 | 2023-10-27 | 北京百度网讯科技有限公司 | Document processing method, apparatus, device, storage medium, and computer program product |
| CN114708133A (en) * | 2022-01-27 | 2022-07-05 | 北京国隐科技有限公司 | Universal text watermarking method and device |
| CN114357524A (en) * | 2022-03-08 | 2022-04-15 | 北京时代亿信科技股份有限公司 | Electronic document processing method and device |
| CN115795417A (en) * | 2023-01-09 | 2023-03-14 | 北京亿赛通科技发展有限责任公司 | OOXML document tracing method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110674477A (en) | Document source tracing method and device based on electronic file security identification | |
| CN107423629B (en) | Method and system for file information output anti-disclosure and tracing | |
| CN107239713B (en) | Sensitive content data information protection method and system | |
| US20060028689A1 (en) | Document management with embedded data | |
| JP5147429B2 (en) | Image processing apparatus, image processing method, and program thereof | |
| US8259322B2 (en) | Printing system, printing program, information collection method, information search method and information search system | |
| JP4154421B2 (en) | Image processing apparatus, program for executing the image processing method, and medium storing the program | |
| JP4143641B2 (en) | Image processing apparatus, program for executing the image processing method, and medium storing the program | |
| JP2007325128A (en) | Apparatus, system and method of image processing | |
| CN112800398A (en) | PDF file circulation tracking method | |
| JP4757208B2 (en) | Information processing apparatus and control method thereof | |
| CN104516692B (en) | Print management in print on demand operation | |
| CN114065148A (en) | Block chain-based security management and disclosure tracing method for confidential documents | |
| US7952750B2 (en) | Image processing apparatus and image processing method | |
| KR101516717B1 (en) | The system for securing external collaboration | |
| JP2008052645A (en) | Image forming system | |
| KR100757393B1 (en) | Printerchaser | |
| JP2007267399A (en) | Image processing system | |
| JP2007116557A (en) | Image processing system | |
| KR102425613B1 (en) | File history tracking system in collaboration tools through steganography and method of the same | |
| RU2739936C1 (en) | Method of adding digital labels to digital image and apparatus for realizing method | |
| KR102515362B1 (en) | Method of protecting secure document leak by shooting security document displaying on display apparatus and system performing the same | |
| JP2007318569A (en) | Electronic device | |
| CN117972741A (en) | Method and system for safely managing cloud service through OFD format file | |
| CN114238875A (en) | Document printing traceability device based on ARM development board |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20210301 Address after: 266555 unit 1, unit 26, Mount Lu Road, Mount Lu Road, Huangdao District, Qingdao, Shandong 602 Applicant after: Li Xiaoni Address before: 100081 2205-1, 19th floor, building 3, 34 Zhongguancun South Street, Haidian District, Beijing Applicant before: SOFOSOFI TECH. Co.,Ltd. |
|
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20200110 |