CN111046403A - Electronic document safety management system - Google Patents
Electronic document safety management system Download PDFInfo
- Publication number
- CN111046403A CN111046403A CN201911243082.1A CN201911243082A CN111046403A CN 111046403 A CN111046403 A CN 111046403A CN 201911243082 A CN201911243082 A CN 201911243082A CN 111046403 A CN111046403 A CN 111046403A
- Authority
- CN
- China
- Prior art keywords
- file
- client
- security
- module
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an electronic document security management system, which comprises a control module, a server and a client, wherein the client comprises a file driving transparent encryption and decryption module which is used for detecting whether secret-related data exist or not and carrying out corresponding encryption and decryption processing on the secret-related data according to a security strategy; a clipboard control module for restricting any copying, clipboard operations from a trusted process to an untrusted process; and the process identification module is used for extracting the process related information, judging the legality of the process according to the process related information, allowing the corresponding operation if the process is legal, and rejecting the corresponding operation if the process is not legal. The invention takes data security as a core, establishes an all-dimensional file data information security management system covering the life cycle and the application range of the file, and can effectively prevent information leakage caused by non-subjective events such as hacker intrusion, loss of storage media and the like. The invention introduces the file driving transparent encryption and decryption module, thereby improving the safety of the electronic document.
Description
Technical Field
The invention belongs to the technical field of computer document security, and relates to an electronic document security management system.
Background
With the development of computer technology and office automation technology, electronic file archives have come into play. Electronic documents and electronic files are documents and files generated in digital equipment and environment, stored in digital form on carriers such as magnetic tapes, magnetic disks, optical disks and the like, read and processed by digital equipment such as one year computers and the like, and transmitted over a communication network. The advent of electronic documents has moved files and archives from "tangible" to "intangible" and has brought vitality and vitality to the work of archives, but at the same time has also presented new challenges to the work of archives. Among them, the security and confidentiality problems of electronic documents are a new issue facing archive workers.
The computer network is an open system, and many application systems are often in an unprotected state. The computer network has the characteristic of wide area, and the information resources in the computer network have the characteristics of density, sharing and public property, which provide a possible opportunity for various harassment and destructive behaviors such as information stealing, embezzlement and the like, and bring great risk to the confidentiality of electronic documents. For electronic documents, whether they are circulation and approval or filing and utilization, the whole circulation process needs to be carried out on the network, and the dependence on the computer system is strong. Electronic documents face serious network security privacy concerns. To ensure the security of electronic documents, effective security measures should be taken in the managed computer system.
Security of electronic documents involves many factors. It puts more demands on management and technology, software and hardware, etc. The archive workers should continuously summarize experience and training in the working practice, so that the electronic document management work gradually goes to scientification and systematization, operates in the same, efficient and safe environment, and serves the public.
Disclosure of Invention
The invention aims to provide an electronic document security management system, which introduces a file drive transparent encryption and decryption module and improves the security of an electronic document.
The technical scheme adopted by the invention is that the electronic document safety management system comprises a control module, a server and a client; the control module is used for storing the security control management strategy, determining whether the client and the server are bound or not, and sending the security control management strategy to the bound client; the server is used for receiving the binding request of the client and completing the binding with the client by the authorization of the security management control module; the client comprises a file driving transparent encryption and decryption module, a clipboard control module and a process identification module; the file driving transparent encryption and decryption module is used for detecting whether the operation of the confidential data exists according to the security control management strategy and carrying out corresponding encryption and decryption processing on the confidential data; a clipboard control module for restricting any copying, clipboard operations from a trusted process to an untrusted process according to a security control management policy; and the process identification module is used for extracting process related information according to the security control management strategy, judging the legality of the process according to the process related information, if the process is legal, allowing the corresponding operation, and otherwise, rejecting the corresponding operation.
The present invention is also characterized in that,
the trusted process is an application program protected by the file-driven transparent encryption and decryption module, and the untrusted process is an application program unprotected by the file-driven transparent encryption and decryption module.
The file driving transparent encryption and decryption module is used for driving and judging an encrypted target address issued by a strategy at a network layer, judging whether to encrypt or not by a driver when a user accesses a certain application system, monitoring a browser at a client, and once a file is stored or downloaded additionally, starting to encrypt: when uploading the locally delivered document to the application system server, the client side judges and monitors to upload the decrypted document to the server.
The client user can utilize the system to encrypt own files, the files are authorized according to the role distribution, the files are uploaded to the FTP server to be stored, the user with administrator authority can authorize common users to enable the common users to operate the encrypted files in an off-line state, meanwhile, when the electronic document online security system is opened, the documents needing to be protected are protected, the unauthorized users are prevented from opening, modifying, moving and the like, the behaviors of the users for operating the documents are recorded, and the client uses java swing to write and compile the documents
The control module controls the editing, copying and storing of the outgoing file, and can selectively control the access of external users.
The electronic document security management system provided by the invention has the beneficial effects that the data security is taken as a core, an omnibearing file data information security management system covering the life cycle and the application range of a file is established, and information leakage caused by non-subjective events such as hacker intrusion, storage medium loss and the like can be effectively prevented. The invention realizes the security of the document, introduces the control module and improves the security of the electronic document.
Detailed Description
The present invention will be described in detail with reference to the following embodiments.
The system comprises a control module, a server and a client; the control module is used for storing the security control management strategy, determining whether the client and the server are bound or not, and sending the security control management strategy to the bound client; the server is used for receiving the binding request of the client and completing the binding with the client by the authorization of the security management control module; the client comprises a file driving transparent encryption and decryption module, a clipboard control module and a process identification module; the file driving transparent encryption and decryption module is used for detecting whether the operation of the confidential data exists according to the security control management strategy and carrying out corresponding encryption and decryption processing on the confidential data; the clipboard control module is used for limiting any copying and clipping operations from the trusted process to the untrusted process according to the security control management strategy, wherein the trusted process is an application program protected by the file-driven transparent encryption and decryption module, and the untrusted process is an application program not protected by the file-driven transparent encryption and decryption module; and the process identification module is used for extracting process related information according to the security control management strategy, judging the legality of the process according to the process related information, if the process is legal, allowing the corresponding operation, and otherwise, rejecting the corresponding operation.
The file driving transparent encryption and decryption module is used for driving and judging an encrypted target address issued by a strategy at a network layer, judging whether to encrypt or not by a driver when a user accesses a certain application system, monitoring a browser at a client, and once a file is stored or downloaded additionally, starting to encrypt: when uploading the locally delivered document to the application system server, the client side judges and monitors to upload the decrypted document to the server.
The client user can utilize the system to encrypt own files, the files are authorized according to the role distribution, the files are uploaded to the FTP server to be stored, the user with administrator authority can authorize common users to enable the common users to operate the encrypted files in an off-line state, meanwhile, when the electronic document online security system is opened, the documents needing to be protected are protected, the unauthorized users are prevented from opening, modifying, moving and the like, the behaviors of the users for operating the documents are recorded, and the client uses java swing to write and compile the documents
The control module controls the editing, copying and storing of the outgoing file, and can selectively control the access of external users.
Claims (5)
1. The electronic document security management system is characterized by comprising a control module, a server and a client; the control module is used for storing the security control management strategy, determining whether the client and the server are bound or not, and sending the security control management strategy to the bound client; the server is used for receiving the binding request of the client and completing the binding with the client by the authorization of the security management control module; the client comprises a file driving transparent encryption and decryption module, a clipboard control module and a process identification module; the file driving transparent encryption and decryption module is used for detecting whether the operation of the confidential data exists according to the security control management strategy and carrying out corresponding encryption and decryption processing on the confidential data; the clipboard control module for restricting any copying, clipboard operations from a trusted process to an untrusted process according to a security control management policy; the process identification module is used for extracting process related information according to a security control management strategy, judging the legality of the process according to the process related information, if the process is legal, allowing the corresponding operation, and if the process is not legal, rejecting the corresponding operation.
2. The system of claim 1, wherein the file driver transparent encryption/decryption module is an encrypted target address issued by a network layer driver judgment policy, and when a user accesses an application system, the driver judges whether to encrypt the file, and monitors the browser at the client, and once the file is stored or downloaded, the driver starts to encrypt the file: when uploading the locally delivered document to the application system server, the client side judges and monitors to upload the decrypted document to the server.
3. The system of claim 1, wherein the client user can encrypt his own file, authorize the file to be assigned by role, upload the file to the FTP server for storage, and authorize a general user to operate the encrypted file in an offline state by using the system, and protect the file to be protected when the online security system of the electronic document is opened, so as to prevent unauthorized users from opening, modifying, moving, etc. the file is operated by the user, and record the behavior of the user in operating the file, and the client is written by java swing.
4. The system of claim 3, wherein the control module controls editing, copying, and saving of outgoing documents, and selectively controls access by external users.
5. The system for security management of electronic documents according to claim 3, wherein said trusted process is an application protected by said file driven transparent encryption/decryption module, and said untrusted process is an application not protected by said file driven transparent encryption/decryption module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911243082.1A CN111046403A (en) | 2019-12-06 | 2019-12-06 | Electronic document safety management system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911243082.1A CN111046403A (en) | 2019-12-06 | 2019-12-06 | Electronic document safety management system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111046403A true CN111046403A (en) | 2020-04-21 |
Family
ID=70234889
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911243082.1A Pending CN111046403A (en) | 2019-12-06 | 2019-12-06 | Electronic document safety management system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111046403A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114297684A (en) * | 2021-12-29 | 2022-04-08 | 广州睿冠信息科技有限公司 | Engineering document safety management system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102156844A (en) * | 2011-04-22 | 2011-08-17 | 南京邮电大学 | Implementation method of electronic document on-line/off-line safety management system |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
| CN104680079A (en) * | 2015-02-04 | 2015-06-03 | 上海信息安全工程技术研究中心 | Electronic document security management system and electronic document security management method |
| CN105205405A (en) * | 2014-06-10 | 2015-12-30 | 高芳 | Novel electronic file safe management system |
-
2019
- 2019-12-06 CN CN201911243082.1A patent/CN111046403A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102156844A (en) * | 2011-04-22 | 2011-08-17 | 南京邮电大学 | Implementation method of electronic document on-line/off-line safety management system |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
| CN105205405A (en) * | 2014-06-10 | 2015-12-30 | 高芳 | Novel electronic file safe management system |
| CN104680079A (en) * | 2015-02-04 | 2015-06-03 | 上海信息安全工程技术研究中心 | Electronic document security management system and electronic document security management method |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114297684A (en) * | 2021-12-29 | 2022-04-08 | 广州睿冠信息科技有限公司 | Engineering document safety management system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101853363B (en) | File protection method and system | |
| CN102254117B (en) | Virtualized technology-based data anti-disclosure system | |
| US8341756B2 (en) | Securing data in a networked environment | |
| US7155745B1 (en) | Data storage device provided with function for user's access right | |
| CN101729550B (en) | Digital content safeguard system based on transparent encryption and decryption, and encryption and decryption method thereof | |
| CN103530570B (en) | A kind of electronic document safety management system and method | |
| AU2002326226B2 (en) | Method and device for encryption/decryption of data on mass storage device | |
| US8832458B2 (en) | Data transcription in a data storage device | |
| CN100592313C (en) | Electric document anti-disclosure system and its implementing method | |
| US20050114672A1 (en) | Data rights management of digital information in a portable software permission wrapper | |
| US20090196417A1 (en) | Secure disposal of storage data | |
| JP2009524153A5 (en) | ||
| US8769271B1 (en) | Identifying and enforcing strict file confidentiality in the presence of system and storage administrators in a NAS system | |
| CN1571999A (en) | Secure single drive copy method and apparatus | |
| CN101894242B (en) | System and method for protecting information safety of mobile electronic equipment | |
| CN103679050A (en) | Security management method for enterprise-level electronic documents | |
| US20150188910A1 (en) | Policy group based file protection system, file protection method thereof, and computer readable medium | |
| CN112329050A (en) | File security management terminal and system | |
| CN104636675A (en) | System and method for providing safety protection for database | |
| CN102073597B (en) | A kind of operating system dish full disk encryption method based on authenticating user identification | |
| CN111046403A (en) | Electronic document safety management system | |
| US20070283169A1 (en) | Method for controlling file access on computer systems | |
| CN107247907A (en) | A kind of electric automobile interconnects Information Security Defending System | |
| KR20090128818A (en) | The management system and management method of a secure area | |
| CN113407984A (en) | System and method for providing security protection for database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200421 |