CN111914300A - Document encryption device and method for preventing file leakage - Google Patents
Document encryption device and method for preventing file leakage Download PDFInfo
- Publication number
- CN111914300A CN111914300A CN202010997247.0A CN202010997247A CN111914300A CN 111914300 A CN111914300 A CN 111914300A CN 202010997247 A CN202010997247 A CN 202010997247A CN 111914300 A CN111914300 A CN 111914300A
- Authority
- CN
- China
- Prior art keywords
- data
- file
- management
- management module
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 15
- 238000007726 management method Methods 0.000 claims abstract description 96
- 238000013523 data management Methods 0.000 claims abstract description 13
- 238000000586 desensitisation Methods 0.000 claims abstract description 8
- 230000002452 interceptive effect Effects 0.000 claims abstract description 4
- 230000006835 compression Effects 0.000 claims description 5
- 238000007906 compression Methods 0.000 claims description 5
- 230000005540 biological transmission Effects 0.000 claims description 4
- 238000013475 authorization Methods 0.000 claims description 3
- 238000012795 verification Methods 0.000 claims description 3
- 238000003860 storage Methods 0.000 abstract description 4
- 238000012544 monitoring process Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 5
- 238000011161 development Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000013500 data storage Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000004519 manufacturing process Methods 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000012545 processing Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000006378 damage Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000007418 data mining Methods 0.000 description 1
- 238000001914 filtration Methods 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000009545 invasion Effects 0.000 description 1
- 238000010801 machine learning Methods 0.000 description 1
- 238000005065 mining Methods 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06V—IMAGE OR VIDEO RECOGNITION OR UNDERSTANDING
- G06V30/00—Character recognition; Recognising digital ink; Document-oriented image-based pattern recognition
- G06V30/40—Document-oriented image-based pattern recognition
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Vision & Pattern Recognition (AREA)
- General Engineering & Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Software Systems (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Artificial Intelligence (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Biology (AREA)
- Bioinformatics & Computational Biology (AREA)
- Evolutionary Computation (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a document encryption device and a method for preventing file leakage, belonging to the technical field of big data management, wherein the document encryption device comprises a data service unit, a system management unit and an intelligent encryption unit; the data service management unit comprises a data management module and a flow management module, the data management module is used for managing files stored in the database, and the flow management module is used for managing data flow interactive operation generated by the database; the system management unit comprises a user management module and an event management module, wherein the user management module is used for managing users accessing the database; the intelligent encryption unit comprises a desensitization encryption module and a data decryption module. The file is automatically identified, classified and encrypted, so that the safety of the file is ensured, the file is effectively prevented from being leaked by monitoring user access and downloaded files, and the safety of file storage and application is greatly improved.
Description
Technical Field
The invention relates to the technical field of big data management, in particular to a document encryption device and a document encryption method for preventing file leakage.
Background
Currently, the global big data industry is in active development period, technology evolution and application innovation are advanced in parallel and rapidly, novel data storage, calculation and analysis key technologies such as a non-relational database, distributed parallel calculation, machine learning and deep mining are developed and rapidly developed, big data mining and analysis begin to conduct and penetrate to the traditional first industry and the traditional second industry while creating business values and application values in the industries such as telecommunication, internet, finance, traffic and medical treatment, and big data gradually become national basic strategic resources and social basic production elements.
At the same time, big data security issues are gradually exposed. The big data becomes a key target of network attack due to the huge value of the big data and a centralized storage management mode, the problems of lasso attack and data leakage of the big data become serious day by day, and global big data security events are in a frequent situation. Correspondingly, the security requirements of big data have already urged the development and production of related security technologies, solutions and products, but compared with the industrial development, the big data has a hysteresis phenomenon, because the big data has the characteristic of being given by a large amount of data, and the access is convenient, therefore, the data stored in the database is easy to leak, the traditional data leakage prevention mode generally adopts a data encryption mode, but only can provide security protection for files, and whether the security of the encrypted files is high enough cannot be ensured, if the encrypted files are cracked, a large amount of leakage can be caused, loss is brought to users or enterprises, and therefore the single encryption cannot meet the actual requirements.
Disclosure of Invention
The invention aims to solve the problems that the encrypted data of the data leakage prevention system is easy to crack, once the file is cracked, the leakage is easy to cause, and the enterprise loss is caused, and provides a file encryption device and a method for preventing the file leakage.
The invention achieves the above-mentioned purpose through the following technical scheme, a file encryption device and method for preventing file divulgence, including data service unit, system management unit and intellectual encryption unit;
the data service management unit comprises a data management module and a flow management module, the data management module is used for managing files stored in the database, and the flow management module is used for managing data flow interactive operation generated by the database;
the system management unit comprises a user management module and an event management module, wherein the user management module is used for managing users accessing the database, and the event management module is used for recording and managing the operation of the device;
the intelligent encryption unit comprises a desensitization encryption module and a data decryption module, wherein the desensitization encryption module is used for encrypting the sensitive data in the file, and the data decryption module is used for decrypting the encrypted sensitive data.
Preferably, the data management module comprises data identification, data classification, data matching, data encryption and data encryption marking.
Preferably, the data identification comprises file content identification and file compression identification.
Preferably, the traffic management module includes network traffic management, mail traffic management, terminal traffic management, and network security management.
Preferably, the user management module comprises identity authentication management, user role management and unified policy management.
Preferably, the event management module includes system configuration management and operation log management.
A document encryption method for preventing a file from being divulged uses the document encryption device, and the method comprises the following steps:
identifying, classifying and matching sensitive data of file data stored in a database through a data service management unit, and searching a file with the sensitive data;
desensitizing and encrypting the file with the sensitive data through an intelligent encryption unit;
the user management module carries out authorization verification on a user accessing the database, the verified user can access the encrypted file of the database, the encrypted file is decrypted and sent to the user through the data decryption module, and the flow management module supervises file transmission;
the completed operations are all recorded by the event management module.
Compared with the prior art, the invention has the beneficial effects that: the file is automatically identified, classified and encrypted, so that the safety of the file is ensured, the file is effectively prevented from being leaked by monitoring user access and downloaded files, and the safety of file storage and application is greatly improved.
Drawings
FIG. 1 is a schematic diagram of the overall system of the present invention.
FIG. 2 is a functional block diagram of a data service management unit according to the present invention.
FIG. 3 is a functional block diagram of a system management unit according to the present invention.
Fig. 4 is a flowchart of a file leakage-preventing encryption method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, a document encryption device for preventing a file from being divulged includes a data service unit, a system management unit, and an intelligent encryption unit; the data service management unit comprises a data management module and a flow management module, the data management module is used for managing files stored in the database, and the flow management module is used for managing data flow interactive operation generated by the database; the system management unit comprises a user management module and an event management module, wherein the user management module is used for managing users accessing the database, and the event management module is used for recording and managing the operation of the device; the intelligent encryption unit comprises a desensitization encryption module and a data decryption module, wherein the desensitization encryption module is used for encrypting sensitive data in a file, the data decryption module is used for decrypting the encrypted sensitive data, desensitizing encryption is performed on the file containing the sensitive data, and no processing is performed on the file not containing the sensitive data.
As shown in fig. 2, the data management module includes data identification, data classification, data matching, data encryption, and data encryption marking, where the data identification includes file content identification and file compression identification, and the file content identification supports content identification of more than 1000 file types, including all common file types on the market, such as: doc, xls, ppt, wps, txt, dwg, c, java, h, rar, zip, 7z and the like, and simultaneously supports high-performance content identification of nearly 20 common formats, file compression identification can penetrate compressed files for the types of the compressed files, automatically identify the file content and the file type in a multi-layer compressed file, and can set the number of compression layers needing to penetrate in a user-defined manner, data classification is to classify different types of files and facilitate subsequent file query, data matching is to match and compare the identified files with a sensitive database and find out whether the files contain sensitive data, data encryption is to call an intelligent encryption unit to encrypt the files after the files containing the sensitive data are queried, and mark the encrypted files through data encryption marking, and a file intelligent marking technology is adopted to mark the sensitive files inside enterprises, according to the category and content sensitivity degree of file content, each file is labeled with a classification and grading label, the label can accompany the whole life cycle of the file, the file can be monitored and protected by identifying the classification and grading labels of the file in the processes of data storage, use, transmission and destruction, the flow management module comprises network flow management, mail flow management, terminal flow management and network security management, the network flow management can monitor network communication flow, whether the sensitive information is included before the data leaves the network is detected according to all network protocols and content types, and auditing and blocking are performed before the data containing the sensitive information flows out of the interior of an enterprise; the mail flow management monitors data sent by an electronic mail through deep integration with a mail server in an enterprise, and prevents internal sensitive data from leaking by a mail mode; the terminal flow management can automatically scan and find the distribution condition of the sensitive data on each terminal, and effectively prevent the sensitive data from leaking from the terminal by combining the peripheral port control function of the terminal; the network security management can control the internal internet access behavior of the enterprise, protect the internet access security of the staff to the maximum extent by combining the technologies of internet access agency, URL filtering, virus scanning and the like, and prevent hackers from stealing the intranet data through webpage invasion.
As shown in fig. 3, the user management module includes identity authentication management, user role management, and unified policy management, where the identity authentication management is to authenticate a user logging in the device, and assign rights to the authenticated user, where the user operation ranges of different rights are different, for example: the file with sensitive data can not be inquired by the user with low authority, the file with sensitive data can be inquired and downloaded by the user with high authority, the identity authentication and the authority distribution are logically managed through unified policy management, the same policy management can be distributed by an administrator, the event management module comprises system configuration management and operation log management, the system configuration management is that the administrator user carries out personalized configuration on the system of the device, so that the system meets the operation habit, the operation log management uploads various events and logs generated by various functional modules to the server for storage, and the events and the logs are displayed in a unified management interface in a centralized mode, and the file with sensitive data comprises the following steps: a performance log of the system; the administrator logs in logs and operation logs and transmits various detailed logs of data through a network channel, a mail channel, a terminal channel and an internet channel; operation logs of all files such as reading, writing, copying, pasting, deleting and the like and encryption and decryption logs of the files; the log query method supports a flexible log query function, can set flexible query conditions, such as query according to conditions of user names, IP addresses, channels, execution actions, levels, states, time and the like, and facilitates tracing work after data leakage.
A document encryption method for preventing a file from being divulged uses the document encryption device, and the method comprises the following steps:
step S101, identifying, classifying and matching sensitive data of file data stored in a database through a data service management unit, and searching a file with the sensitive data;
step S102, carrying out desensitization encryption processing on the file with the sensitive data through an intelligent encryption unit;
step S103, the user management module carries out authorization verification on a user accessing the database, the verified user can access the encrypted file of the database, the encrypted file is decrypted and sent to the user through the data decryption module, and the flow management module supervises file transmission;
and step S104, recording the completed operations by the event management module.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Furthermore, it should be understood that although the present description refers to embodiments, not every embodiment may contain only a single embodiment, and such description is for clarity only, and those skilled in the art should integrate the description, and the embodiments may be combined as appropriate to form other embodiments understood by those skilled in the art.
Claims (7)
1. A document encryption device for preventing file divulgence is characterized in that: the system comprises a data service unit, a system management unit and an intelligent encryption unit;
the data service management unit comprises a data management module and a flow management module, the data management module is used for managing files stored in the database, and the flow management module is used for managing data flow interactive operation generated by the database;
the system management unit comprises a user management module and an event management module, wherein the user management module is used for managing users accessing the database, and the event management module is used for recording and managing the operation of the device;
the intelligent encryption unit comprises a desensitization encryption module and a data decryption module, wherein the desensitization encryption module is used for encrypting the sensitive data in the file, and the data decryption module is used for decrypting the encrypted sensitive data.
2. A document encryption apparatus for preventing a file from being divulged according to claim 1, characterized in that: the data management module comprises data identification, data classification, data matching, data encryption and data encryption marking.
3. A document encryption apparatus for preventing a file from being divulged according to claim 2, characterized in that: the data identification comprises file content identification and file compression identification.
4. A document encryption apparatus for preventing a file from being divulged according to claim 1, characterized in that: the flow management module comprises network flow management, mail flow management, terminal flow management and network security management.
5. A document encryption apparatus for preventing a file from being divulged according to claim 1, characterized in that: the user management module comprises identity authentication management, user role management and unified policy management.
6. A document encryption apparatus for preventing a file from being divulged according to claim 1, characterized in that: the event management module comprises system configuration management and operation log management.
7. A document encryption method for preventing file leakage, using the document encryption apparatus of any one of claims 1 to 6, characterized in that: the method comprises the following steps:
identifying, classifying and matching sensitive data of file data stored in a database through a data service management unit, and searching a file with the sensitive data;
desensitizing and encrypting the file with the sensitive data through an intelligent encryption unit;
the user management module carries out authorization verification on a user accessing the database, the verified user can access the encrypted file of the database, the encrypted file is decrypted and sent to the user through the data decryption module, and the flow management module supervises file transmission;
the completed operations are all recorded by the event management module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010997247.0A CN111914300A (en) | 2020-09-21 | 2020-09-21 | Document encryption device and method for preventing file leakage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010997247.0A CN111914300A (en) | 2020-09-21 | 2020-09-21 | Document encryption device and method for preventing file leakage |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111914300A true CN111914300A (en) | 2020-11-10 |
Family
ID=73265328
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010997247.0A Pending CN111914300A (en) | 2020-09-21 | 2020-09-21 | Document encryption device and method for preventing file leakage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111914300A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112417477A (en) * | 2020-11-24 | 2021-02-26 | 恒安嘉新(北京)科技股份公司 | Data security monitoring method, device, equipment and storage medium |
| CN114666091A (en) * | 2022-02-15 | 2022-06-24 | 广州图灵科技有限公司 | Database system capable of automatically encrypting backup and preventing secret leakage |
| CN114866532A (en) * | 2022-04-25 | 2022-08-05 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
| CN117077130A (en) * | 2023-08-31 | 2023-11-17 | 北京火山引擎科技有限公司 | File detection method, device, electronic equipment and readable medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284631A (en) * | 2018-10-26 | 2019-01-29 | 中国电子科技网络信息安全有限公司 | A kind of document desensitization system and method based on big data |
| CN110049021A (en) * | 2019-03-27 | 2019-07-23 | 中国电力科学研究院有限公司 | Data of information system safety protecting method and system |
-
2020
- 2020-09-21 CN CN202010997247.0A patent/CN111914300A/en active Pending
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109284631A (en) * | 2018-10-26 | 2019-01-29 | 中国电子科技网络信息安全有限公司 | A kind of document desensitization system and method based on big data |
| CN110049021A (en) * | 2019-03-27 | 2019-07-23 | 中国电力科学研究院有限公司 | Data of information system safety protecting method and system |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112417477A (en) * | 2020-11-24 | 2021-02-26 | 恒安嘉新(北京)科技股份公司 | Data security monitoring method, device, equipment and storage medium |
| CN114666091A (en) * | 2022-02-15 | 2022-06-24 | 广州图灵科技有限公司 | Database system capable of automatically encrypting backup and preventing secret leakage |
| CN114866532A (en) * | 2022-04-25 | 2022-08-05 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
| CN114866532B (en) * | 2022-04-25 | 2023-11-10 | 安天科技集团股份有限公司 | Method, device, equipment and medium for uploading security check result information of endpoint file |
| CN117077130A (en) * | 2023-08-31 | 2023-11-17 | 北京火山引擎科技有限公司 | File detection method, device, electronic equipment and readable medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111914300A (en) | Document encryption device and method for preventing file leakage | |
| Terzi et al. | A survey on security and privacy issues in big data | |
| CN107577939B (en) | Data leakage prevention method based on keyword technology | |
| US7987496B2 (en) | Automatic application of information protection policies | |
| CA2553648C (en) | Adaptive transparent encryption | |
| CN115733681A (en) | Data security management platform for preventing data loss | |
| CN103413088B (en) | A kind of computer document operation safety auditing system | |
| CN112560027A (en) | Data safety monitoring system | |
| CN110889130B (en) | Database-based fine-grained data encryption method, system and device | |
| CN111726353A (en) | Sensitive data grading protection method and grading protection system based on numerical control system | |
| CN103632080A (en) | Mobile data application safety protection system and mobile data application safety protection method based on USBKey | |
| JP2008541273A5 (en) | ||
| CN112217835A (en) | Message data processing method and device, server and terminal equipment | |
| CN112115199A (en) | Data management system based on block chain technology | |
| CN111931239A (en) | Data leakage prevention system for database security protection | |
| CN117313122A (en) | Data sharing and exchanging management system based on block chain | |
| CN113034028A (en) | Responsibility traceability confirmation system | |
| CN110826094A (en) | Information leakage monitoring method and device | |
| CN114218194A (en) | Data bank safety system | |
| CN117521091A (en) | Access control method and system of security policy matrix based on data classification and grading | |
| CN117333026A (en) | Risk identification method based on energy big data | |
| CN201805447U (en) | Electronic information management platform system of Intranet | |
| Al-Fedaghi et al. | Events classification in log audit | |
| CN115941743A (en) | Method and system for identity authentication and data backup | |
| CN115643573A (en) | Privileged account authentication method and system based on dynamic security environment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201110 |
|
| RJ01 | Rejection of invention patent application after publication |