CN112329064A - A digital mark-based electronic document security management system and method - Google Patents

A digital mark-based electronic document security management system and method Download PDF

Info

Publication number
CN112329064A
CN112329064A CN202011257628.1A CN202011257628A CN112329064A CN 112329064 A CN112329064 A CN 112329064A CN 202011257628 A CN202011257628 A CN 202011257628A CN 112329064 A CN112329064 A CN 112329064A
Authority
CN
China
Prior art keywords
document
electronic document
security
module
electronic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011257628.1A
Other languages
Chinese (zh)
Inventor
余鹏飞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan Chenya Technology Co ltd
Original Assignee
Wuhan Chenya Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan Chenya Technology Co ltd filed Critical Wuhan Chenya Technology Co ltd
Priority to CN202011257628.1A priority Critical patent/CN112329064A/en
Publication of CN112329064A publication Critical patent/CN112329064A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Document Processing Apparatus (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides an electronic document safety management system and method based on digital marks, wherein the system comprises: the system comprises a digital mark generation module, a document safe use module, a document safe circulation module and a document safe output module; the method specifically comprises the following steps: generating a security attribute for the electronic document by using the digital mark generation module, and digitally marking the electronic document according to the security attribute; the document security use module is used for carrying out security control and audit on the use of the digitally marked electronic document; the document security circulation module is used for carrying out security control and audit on circulation of the digitally marked electronic document; and utilizing the document safety output module to perform safety control and audit on the output of the digitally marked electronic document. The invention relies on the block chain technology and the digital marking method, solves the problem of the safety management of the electronic document, and greatly improves the overall safety and the use efficiency of the electronic document safety management system.

Description

Electronic document safety management system and method based on digital mark
Technical Field
The invention relates to the field of document security technology management, in particular to an electronic document security management system and method based on digital marks.
Background
Information data such as electronic documents and the like are core assets of companies, are life lines of enterprises, and protect data security is a source basic work for protecting national secrets, business secrets and personal privacy. At present, mainstream schemes for electronic document security protection and data leakage prevention at home and abroad lack a unique identity mark facing data and a uniform security control method based on the mark, so that a uniform data security control 'hand grip' is lacked in the links of data generation, use, circulation, outgoing, filing, output and the like, and trusted transmission and control connection cannot be performed between each business system and a security product. Moreover, the data computing environment lacks the capability of recognizing the 'strange oneself' and the insights and identification methods of behaviors, so that the data of cross-platform, cross-application and cross-service cannot be recognized and audited quickly and efficiently in the processes of data use, network transmission, boundary exchange and the like, and sensitive information and malicious behaviors cannot be blocked quickly.
A blockchain is a non-falsifiable and non-falsifiable distributed book (also called a database) that connects data blocks in sequence in chronological order and is cryptographically secured. It has the characteristics of non-tamper, anti-counterfeiting, traceability and the like. In the block chain, each block contains the data fingerprints (hash values) of all data packets of the previous block, and when the data fingerprint (hash value) of the current block is calculated, the data fingerprint (hash value) of the previous block is also contained, so that a link relation is formed. Therefore, once any chunk is changed, all the data fingerprints (hash values) of the subsequent chunks are changed, all people can see and discover that the data is tampered, and all people cannot recognize invalid data. This ensures that the chunk data is not tampered with in the blockchain.
The existing document marking technology is insufficient in safety of watermarks, signatures and the like, corresponding attribute information is not bound with a document, a centralized database is mostly adopted for storage, document marks and attribute information are easy to separate and tamper, and a data center generally has the risk of single-point faults. By means of the advantages of the block chain technology, the safety problem of the electronic documents can be well solved, and the overall safety and the using efficiency of the system are greatly improved.
Disclosure of Invention
In view of the fact that the mainstream schemes for electronic document security protection and data leakage prevention at home and abroad at present lack of unique identity marks facing data and a uniform security control method based on marks, the existing document marking technology is insufficient in security including watermarks, signatures and the like, corresponding attribute information is not bound with documents, centralized storage is mostly adopted, marks and attributes are easy to separate and are tampered, and the risk of single-point failure of a data center exists. The invention adopts the technical scheme that a digital mark-based electronic document safety management system and a digital mark-based electronic document safety management method are provided based on a block chain technology and a digital mark management and control technology.
The system of the invention comprises: the system comprises a digital mark generation module, a document safe use module, a document safe circulation module and a document safe output module.
The digital mark generation module is used for generating security attributes of the electronic documents, digitally marking the electronic documents according to the security attributes, and respectively outputting the digitally marked electronic documents to the document security use module, the document security circulation module and the document security output module;
the document safe use module is used for carrying out safe control and audit on the use (opening, browsing and the like) of the digitally marked electronic document at the PC end;
the document security circulation module is used for performing security control and audit on circulation (OA, mail and the like) of the digitally marked electronic document at different PC terminals;
the document safety output module is used for carrying out safety control and audit on the output (printing, burning and the like) of the electronic document after the digital mark.
The method specifically comprises the following steps:
s1: generating a security attribute for the electronic document by using the digital mark generation module, and digitally marking the electronic document according to the security attribute; respectively outputting the digitally marked electronic documents to a document safety use module, a document safety circulation module and a document safety output module;
s2: the document security use module is used for carrying out security control and audit on the use of the digitally marked electronic document at the PC end;
the document security circulation module is used for carrying out security control and audit on circulation of the digitally marked electronic document at different PC terminals;
and utilizing the document safety output module to perform safety control and audit on the output of the digitally marked electronic document.
The invention has the beneficial effects that:
(1) the invention relies on the advantages of the block chain technology to design an electronic document security management system based on digital marks, which comprises: the system comprises a mark safety generation module, a document safety use module, a document safety circulation module and a document safety output module, and realizes safety protection and supervision on the whole life cycle of the electronic document based on the identity mark, so that the safety management problem of the electronic document is solved, and the overall safety and the use efficiency of the system are greatly improved.
(2) A method for generating an electronic document identity tag is designed for the system, and the identity tag, attribute information and the electronic document are spliced and fused, so that each electronic document has a globally unique identity tag and corresponding attributes.
Drawings
FIG. 1 is a logical relationship diagram of modules of a digital mark-based electronic document security management system according to an embodiment of the present invention;
FIG. 2 is a flow chart of security attribute generation and binding of an electronic document security management system based on digital mark in the embodiment of the present invention;
FIG. 3 is a diagram illustrating a document chain block of an electronic document security management system based on digital mark in an embodiment of the present invention;
FIG. 4 is a flowchart of document access control in an electronic document security management system based on digital mark-up according to an embodiment of the present invention;
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be further described with reference to the accompanying drawings.
Please refer to fig. 1, fig. 1 is a logic relationship diagram of modules of an electronic document security management system based on digital mark according to an embodiment of the present invention;
the embodiment provides an electronic document security management system based on digital marks, which comprises: the system comprises a digital mark generation module, a document safe use module, a document safe circulation module and a document safe output module;
the digital mark generation module is used for generating security attributes of the electronic documents, digitally marking the electronic documents according to the security attributes, and respectively outputting the digitally marked electronic documents to the document security use module, the document security circulation module and the document security output module;
the document safety use module is used for carrying out safety control and audit on the use (opening, browsing and the like) of the digitally marked electronic document at the PC end;
the document security circulation module is used for performing security control and audit on circulation (OA, e-mail and the like) of the digitally marked electronic document at different PC terminals;
and the document safety output module is used for carrying out safety control and audit on the output (printing, burning and the like) of the electronic document after the digital mark.
The embodiment also provides an electronic document security management method based on digital marks, which is applied to an electronic document security management system based on digital marks and comprises the following specific steps:
s1: generating security attributes for the electronic documents by using a digital mark generation module, and digitally marking the electronic documents according to the security attributes; respectively outputting the digitally marked electronic documents to a document safety use module, a document safety circulation module and a document safety output module;
in this embodiment, the digital mark generation module generates a security attribute including a unique identity ID, a document content Hash value, and an important Level value of a document for each important electronic document at a PC terminal, writes the security attribute value into a corresponding block in a document chain using a block chain technique, and writes the unique identity ID into Metadata of the electronic document. Each electronic document has a unique identity ID which can be rapidly identified, and the binding and the non-tampering of the identity ID and the electronic document are guaranteed through a block chain technology.
Please refer to fig. 2 for the main steps and flow of generating and binding the security attribute related to the digital mark generating module, wherein the specific flow is as follows:
1) the digital mark generation module monitors the operation of 'setting digital mark' of a PC terminal user, and specifically, the user selects 'setting digital mark' for a certain electronic document through a right-click menu.
2) The digital mark generation module generates a unique identity ID of the electronic document and calculates a Hash value of the document. The Unique ID of the electronic document may be implemented by using UUID, which is an abbreviation of universal Unique Identifier (universal Unique Identifier), and is derived from DCE (Distributed Computing Environment) specification of OSF (Open Software Foundation), and the UUID may enable all elements in the Distributed system to have Unique identification information. To ensure the uniqueness of the UUID, the specification defines elements including the network card MAC address, timestamp, Namespace (Namespace), random or pseudo-random numbers, timing, and the like, as well as algorithms to generate the UUID from these elements. In a specific coding implementation, for example, JDK itself provides the method randomUUID () that generates UUID.
3) The digital mark generation module acquires an 'important Level value' set by a user through a human-computer interaction interface for 'setting digital marks' in the step 1), wherein the Level value can be set to be in the forms of '1, 2, 3' or 'important, common' and the like.
4) After the user finishes the operation of setting a digital mark and closes the man-machine interaction interface, the digital mark generation module writes the identity ID generated in the step 2) into the Metadata of the electronic document by calling a standard interface of an operating system, so as to realize the fusion of the unique identity ID and the electronic document; and (3) taking the identity ID and the Hash value generated in the step 2) and the level value generated in the step 3) as the security attribute value of the electronic document, and writing the security attribute value and the Hash value into a corresponding block in a document chain adopting a block chain technology, referring to fig. 3, thereby realizing the non-falsification of the binding relationship between the identity ID and the electronic document.
S2: the document security use module is used for carrying out security control and audit on the use of the digitally marked electronic document at the PC end;
the document security circulation module is used for carrying out security control and audit on circulation of the digitally marked electronic document at different PC terminals;
and carrying out safety control and audit on the output of the digitally marked electronic document by using a document safety output module.
In the embodiment, the PC terminal of the document safe use module identifies each important electronic document and controls the use authority. Taking a scene that a user opens a certain electronic document by double-click at a PC terminal as an example, the document safe use module monitors double-click operation of the user on the electronic document, intercepts and filters the operation, and increases control over the document opening authority. Referring to fig. 4, the specific steps and processes are as follows:
1) the document safe use module monitors the operation of opening the electronic document by a user, scans Metadata of the electronic document and judges whether the electronic document has a UUID or not;
2) if the UUID exists, the electronic document is an important electronic document set by a user and contains security attributes such as digital marks, and the step 3) is carried out; otherwise, the electronic document is shown to be a common document, the document is normally opened, the process is terminated, and the step 7) is carried out;
3) comparing the read UUID with the UUID of each block of the document chain, and if the same UUID exists, entering the step 4); otherwise, the electronic document is damaged, the user is prompted to be abnormal, the process is terminated, and the step 7) is carried out;
4) calculating a Hash value of the electronic document, comparing the Hash value with the Hash value of the block where the UUID is located in the document chain, and entering the step 5) if the two Hash values are the same; otherwise, the electronic document is damaged, the user is prompted to be abnormal, the process is terminated, and the step 7) is carried out;
5) comparing the Level value of the block where the UUID is located in the document chain with the Level value of the current user (obtained from an identity authentication system such as CA or the like or the existing system such as OA and the like), and entering step 6 if the Level value of the user is greater than the Level value of the document); otherwise, prompting that the access right is not enough, terminating the process and entering the step 7);
6) normally opening the electronic document, and normally browsing the electronic document by a current user;
7) and (6) ending.
The document security circulation module in the embodiment is similar to the document security use module in the working principle, and monitors and controls access to an event that a user circulates by using a document, including but not limited to scenarios such as sending through an OA attachment and sending an email attachment. When the electronic document is uploaded to application systems such as OA and mails as an attachment, the application systems sequentially identify and compare the security attributes of the electronic document through a document security circulation module, firstly judge the type, authenticity and integrity of the electronic document through UUID and Hash values and judge whether the electronic document is damaged or not, and then compare the Level value of the electronic document with the Level value of a receiver. After the comparison is passed, the electronic document can be normally sent to the receiver through application systems such as OA, mail and the like, otherwise, the document is prompted to be damaged or the access authority is not enough, and the divulgence event caused by the fact that high-level important files are transferred to low-level users is prevented.
The document security output module in this embodiment is similar to the document security circulation module in the working principle, and monitors and controls access to an event that a user uses an electronic document to output, including but not limited to, through printing, burning and other scenes. When the electronic document is printed or recorded, the printing and recording auditing system sequentially identifies and compares the security attributes of the electronic document through the document security output module, firstly judges the type, authenticity and integrity of the electronic document through UUID and Hash values and judges whether the electronic document is damaged or not, and then compares the Level value of the electronic document with the Level value of the current printing or recording personnel. After the comparison is passed, the electronic document can be normally output through a printing and recording auditing system, otherwise, the electronic document is prompted to be damaged or the access authority is insufficient, and a secret divulging event caused by outputting high-level important files to low-level users is prevented.
The innovation points of the invention are as follows:
(1) designing a generation method of electronic document identity tags, splicing and fusing the identity tags and attribute information with electronic documents, and realizing that each electronic document has a globally unique identity tag and corresponding attributes.
(2) Designing modules such as an identity mark safety generation module, a document safety use module, a document safety circulation module, a document safety output module and the like, and realizing safety protection and supervision on the whole life cycle of the electronic document based on the identity mark.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.

Claims (8)

1.一种基于数字标记的电子文档安全管理系统,其特征在于,所述系统包括:数字标记生成模块、文档安全使用模块、文档安全流转模块和文档安全输出模块;1. An electronic document security management system based on digital mark, is characterized in that, described system comprises: digital mark generation module, document security use module, document security circulation module and document security output module; 所述数字标记生成模块,用于对电子文档生成安全属性,并根据所述安全属性对电子文档进行数字标记,将所述数字标记后的电子文档分别输出给文档安全使用模块、文档安全流转模块和文档安全输出模块;The digital mark generation module is used for generating security attributes for electronic documents, digitally marking the electronic documents according to the security attributes, and outputting the digitally marked electronic documents to the document security use module and the document security circulation module respectively and document security output module; 所述文档安全使用模块,用于对数字标记后的电子文档的使用进行安全管控与审计;The document security use module is used to perform security control and audit on the use of digitally marked electronic documents; 所述文档安全流转模块,用于对数字标记后的电子文档的流转进行安全管控与审计;The document security circulation module is used for security control and auditing of the circulation of digitally marked electronic documents; 所述文档安全输出模块,用于对数字标记后的电子文档的输出进行安全管控与审计。The document security output module is used to perform security control and audit on the output of digitally marked electronic documents. 2.一种基于数字标记的电子文档安全管理方法,应用于如权利要求1所述的一种基于数字标记的电子文档安全管理系统,其特征在于,所述方法具体步骤包括:2. A digital-mark-based electronic document security management method, applied to a digital-mark-based electronic document security management system as claimed in claim 1, wherein the method concrete steps include: S1:利用所述数字标记生成模块对电子文档生成安全属性,并根据所述安全属性对电子文档进行数字标记;将数字标记后的电子文档分别输出给文档安全使用模块、文档安全流转模块和文档安全输出模块;S1: Use the digital mark generation module to generate a security attribute for the electronic document, and digitally mark the electronic document according to the security attribute; output the digitally marked electronic document to the document security use module, the document security circulation module and the document respectively Safety output module; S2:利用所述文档安全使用模块对数字标记后的电子文档的使用进行安全管控与审计;S2: Use the document security use module to perform security control and audit on the use of digitally marked electronic documents; 利用所述文档安全流转模块对数字标记后的电子文档的流转进行安全管控与审计;Use the document security circulation module to perform security control and audit on the circulation of digitally marked electronic documents; 利用所述文档安全输出模块对数字标记后的电子文档的输出进行安全管控与审计。The output of the digitally marked electronic document is securely controlled and audited by using the document security output module. 3.如权利要求2所述的一种基于数字标记的电子文档安全管理系统,其特征在于,步骤S1中所述数字标记模块对电子文档生成安全属性,所述安全属性包括:唯一身份ID、电子文档内容Hash值和电子文档的重要等级Level值;3. a kind of electronic document security management system based on digital mark as claimed in claim 2 is characterized in that, described in step S1, digital mark module generates security attribute to electronic document, and described security attribute comprises: unique ID, The Hash value of the content of the electronic document and the level value of the importance level of the electronic document; 所述电子文档的唯一身份ID采用UUID实现。The unique ID of the electronic document is realized by using UUID. 4.如权利要求2所述的一种基于数字标记的电子文档安全管理系统,其特征在于,步骤S2中,所述对电子文档的使用包括:打开电子文档、浏览电子文档;4. a kind of electronic document security management system based on digital mark as claimed in claim 2, is characterized in that, in step S2, the described use to electronic document comprises: open electronic document, browse electronic document; 所述对电子文档的流转包括:将电子文档通过OA附件发送、将电子文档通过邮件附件发送;The circulation of the electronic document includes: sending the electronic document through an OA attachment, and sending the electronic document through an email attachment; 所述对电子文档的输出包括:打印电子文档、刻录电子文档。The output of the electronic document includes: printing the electronic document and recording the electronic document. 5.如权利要求3所述的一种基于数字标记的电子文档安全管理方法,其特征在于,步骤S1中所述利用数字标记生成模块对电子文档生成安全属性,并根据所述安全属性对电子文档进行数字标记的具体步骤为:5. A digital mark-based electronic document security management method as claimed in claim 3, characterized in that, described in step S1, utilizes a digital mark generation module to generate a security attribute for an electronic document, and generates a security attribute for the electronic document according to the security attribute. The specific steps for digital marking of documents are as follows: S11、数字标记生成模块监听到用户的“设定数字标记”操作;S11. The digital mark generation module monitors the user's "set digital mark" operation; S12、数字标记生成模块生成电子文档的唯一身份ID,并计算该电子文档的Hash值;S12, the digital mark generation module generates the unique ID of the electronic document, and calculates the Hash value of the electronic document; S13、数字标记生成模块通过步骤S11中“设定数字标记”的人机交互界面获取用户设定的“重要等级Level值”;S13, the digital mark generation module obtains the "importance level Level value" set by the user through the human-computer interaction interface of "setting the digital mark" in step S11; S14、“设定数字标记”操作完成且人机交互界面被关闭后,数字标记生成模块将步骤S12生成的身份ID通过调用操作系统的标准接口写入电子文档的元数据Metadata,实现唯一身份ID与电子文档的融合;将步骤S12生成的身份ID、Hash值以及步骤S13生成的level值作为该电子文档的安全属性值,一并写入采用区块链技术的文档链中对应的区块,实现身份ID与电子文档的绑定。S14, after the operation of "setting digital mark" is completed and the human-computer interaction interface is closed, the digital mark generation module writes the identity ID generated in step S12 into the metadata Metadata of the electronic document by calling the standard interface of the operating system to realize the unique identity ID Fusion with the electronic document; take the identity ID, Hash value generated in step S12 and the level value generated in step S13 as the security attribute value of the electronic document, and write them into the corresponding block in the document chain using blockchain technology, Realize the binding of identity ID and electronic document. 6.如权利要求3所述的一种基于数字标记的电子文档安全管理方法,其特征在于,步骤S2中所述利用文档安全使用模块对数字标记后的电子文档的使用进行安全管控与审计的具体步骤为;6. a kind of electronic document security management method based on digital mark as claimed in claim 3, is characterized in that, utilizes document security use module described in step S2 to carry out security control and audit to the use of electronic document after digital mark. The specific steps are; S201、文档安全使用模块监听到用户打开电子文档的操作,扫描电子文档的元数据Metadata,判断该电子文档是否存在UUID;S201, the document security use module monitors the operation of the user opening the electronic document, scans the metadata Metadata of the electronic document, and determines whether the electronic document has a UUID; S202、若存在UUID,则表明该电子文档是被用户设定的重要文档,含有数字标记的安全属性,进入步骤S203;否则,说明该电子文档是普通文档,直接进入步骤S206;S202, if there is a UUID, it indicates that the electronic document is an important document set by the user, and contains the security attribute of the digital mark, and proceeds to step S203; otherwise, it indicates that the electronic document is an ordinary document, and directly proceeds to step S206; S203、将读取到的UUID与文档链各区块的UUID进行比对,若存在相同的UUID,进入步骤S204;否则,说明该电子文档被破坏,向用户提示异常,流程终止,进入步骤S207;S203, compare the read UUID with the UUID of each block of the document chain, if there is the same UUID, go to step S204; otherwise, it means that the electronic document is destroyed, and an abnormality is prompted to the user, and the process terminates, and goes to step S207; S204、对电子文档计算Hash值,并与文档链中UUID所在区块的Hash值进行比对,若两个Hash值相同,则进入步骤S205;否则,说明该电子文档被破坏,向用户提示异常,流程终止,进入步骤S207;S204. Calculate the hash value of the electronic document, and compare it with the hash value of the block where the UUID is located in the document chain. If the two hash values are the same, proceed to step S205; otherwise, it means that the electronic document is damaged, and the user is prompted to be abnormal , the process is terminated, and enter step S207; S205、将文档链中UUID所在区块的Level值与当前用户的Level值进行比对,若用户的Level值大于文档的Level值,则进入步骤S206;否则,提示访问权限不够,流程终止,进入步骤S207;S205. Compare the Level value of the block where the UUID is located in the document chain with the Level value of the current user. If the Level value of the user is greater than the Level value of the document, go to step S206; Step S207; S206、电子文档正常打开,当前用户正常浏览电子文档;S206, the electronic document is opened normally, and the current user browses the electronic document normally; S207、结束。S207. End. 7.如权利要求3所述的一种基于数字标记的电子文档安全管理方法,其特征在于,步骤S2中所述利用文档安全流转模块对标记后的电子文档在的流转进行安全管控与审计的具体工作为:7. a kind of electronic document safety management method based on digital mark as claimed in claim 3, it is characterized in that, described in step S2 utilizes document safe circulation module to carry out security control and audit to the circulation of electronic document after mark. The specific work is: S211、文档安全流转模块监听到用户将电子文档作为附件上传到OA、邮件应用系统时,扫描电子文档的元数据Metadata,判断该电子文档是否存在UUID;S211, the document security flow module monitors that the user uploads the electronic document as an attachment to the OA and mail application systems, scans the metadata Metadata of the electronic document, and determines whether the electronic document has a UUID; S212、若存在UUID,则表明该电子文档是被用户设定的重要文档,含有数字标记的安全属性,进入步骤S213;否则,说明该电子文档是普通文档,直接进入步骤S216;S212, if there is a UUID, it is indicated that the electronic document is an important document set by the user, and contains the security attribute of the digital mark, and proceeds to step S213; otherwise, it is explained that the electronic document is an ordinary document, and directly proceeds to step S216; S213、将读取到的UUID与文档链各区块的UUID进行比对,若存在相同的UUID,进入步骤S214;否则,说明该电子文档被破坏,向用户提示异常,流程终止,进入步骤S217;S213, compare the read UUID with the UUID of each block of the document chain, if there is the same UUID, go to step S214; otherwise, it means that the electronic document is destroyed, and an exception is prompted to the user, and the process terminates, and goes to step S217; S214、对电子文档计算Hash值,并与文档链中UUID所在区块的Hash值进行比对,若两个Hash值相同,则进入步骤S215;否则,说明该电子文档被破坏,向用户提示异常,流程终止,进入步骤S217;S214. Calculate the hash value of the electronic document and compare it with the hash value of the block where the UUID is located in the document chain. If the two hash values are the same, then go to step S215; , the process is terminated, and enter step S217; S215、将文档链中UUID所在区块的Level值与当前用户的Level值进行比对,若用户的Level值大于文档的Level值,则进入步骤S216;否则,提示访问权限不够,流程终止,进入步骤S217;S215. Compare the Level value of the block where the UUID is located in the document chain with the Level value of the current user. If the Level value of the user is greater than the Level value of the document, proceed to step S216; Step S217; S216、电子文档正常发送;S216. The electronic document is sent normally; S217、结束。S217. End. 8.如权利要求3所述的一种基于数字标记的电子文档安全管理方法,其特征在于,步骤S2中所述文档安全输出模块对标记后的电子文档的输出进行安全管控与审计,具体工作为:8. a kind of electronic document security management method based on digital mark as claimed in claim 3, is characterized in that, the document security output module described in step S2 carries out security control and audit to the output of electronic document after mark, concrete work for: S221、文档安全输出模块监听到用户对电子文档进行打印或刻录操作时,扫描电子文档的元数据Metadata,判断该文档是否存在UUID;S221, when the document security output module monitors that the user performs a printing or burning operation on the electronic document, it scans the metadata Metadata of the electronic document to determine whether the document has a UUID; S222、若存在UUID,则表明该电子文档是被用户设定的重要文档,含有数字标记的安全属性,进入步骤S223;否则,说明该电子文档是普通电子文档,直接进入步骤S226;S222, if there is a UUID, it means that the electronic document is an important document set by the user, and contains the security attribute of the digital mark, and enters step S223; otherwise, it is explained that the electronic document is an ordinary electronic document, and directly enters step S226; S223、将读取到的UUID与文档链各区块的UUID进行比对,若存在相同的UUID,进入步骤S224;否则,说明该文档被破坏,向用户提示异常,流程终止,进入步骤S227;S223, compare the read UUID with the UUID of each block of the document chain, if there is the same UUID, go to step S224; otherwise, it means that the document is destroyed, and an exception is prompted to the user, and the process terminates, and goes to step S227; S224、对电子文档计算Hash值,并与文档链中UUID所在区块的Hash值进行比对,若两个Hash值相同,则进入步骤S225;否则,说明该电子文档被破坏,向用户提示异常,流程终止,进入步骤S227;S224. Calculate the hash value of the electronic document, and compare it with the hash value of the block where the UUID is located in the document chain. If the two hash values are the same, go to step S225; otherwise, it means that the electronic document is damaged, and the user is prompted to be abnormal , the process is terminated, and enter step S227; S225、将文档链中UUID所在区块的Level值与当前用户的Level值进行比对,若用户的Level值大于文档的Level值,则进入步骤S226;否则,提示访问权限不够,流程终止,进入步骤S227;S225. Compare the Level value of the block where the UUID is located in the document chain with the Level value of the current user. If the Level value of the user is greater than the Level value of the document, go to step S226; Step S227; S226、电子文档正常打印或刻录;S226, the electronic document is normally printed or recorded; S227、结束。S227. End.
CN202011257628.1A 2020-11-11 2020-11-11 A digital mark-based electronic document security management system and method Pending CN112329064A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011257628.1A CN112329064A (en) 2020-11-11 2020-11-11 A digital mark-based electronic document security management system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011257628.1A CN112329064A (en) 2020-11-11 2020-11-11 A digital mark-based electronic document security management system and method

Publications (1)

Publication Number Publication Date
CN112329064A true CN112329064A (en) 2021-02-05

Family

ID=74317903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011257628.1A Pending CN112329064A (en) 2020-11-11 2020-11-11 A digital mark-based electronic document security management system and method

Country Status (1)

Country Link
CN (1) CN112329064A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037612A (en) * 2021-03-09 2021-06-25 西安四叶草信息技术有限公司 Method and device for distributing mails
CN116432210A (en) * 2023-06-13 2023-07-14 成都航空职业技术学院 File management method and system based on security protection

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090027553A (en) * 2007-09-12 2009-03-17 한국전자거래진흥원 A method and apparatus for storing electronic documents, a method and apparatus for distributing electronic documents, and a recording medium having recorded thereon a program for performing the method.
CN102006302A (en) * 2010-12-03 2011-04-06 中国软件与技术服务股份有限公司 Method for identifying security classification of electronic file
CN103824031A (en) * 2014-02-28 2014-05-28 江苏敏捷科技股份有限公司 Method and system for guaranteeing security of electronic documents by using electronic document security labels
CN105681034A (en) * 2016-02-24 2016-06-15 山东超越数控电子有限公司 Document secret management method and system based on digital labels
CN107180195A (en) * 2017-05-18 2017-09-19 北京计算机技术及应用研究所 Electronic document Life cycle safety protecting method based on safety label
CN107506366A (en) * 2017-06-27 2017-12-22 北京明朝万达科技股份有限公司 A kind of document life management method and system based on globally unique ID
WO2018139951A1 (en) * 2017-01-25 2018-08-02 Акционерное общество "Кросс технолоджис" System for placing a confidentiality mark in an electronic document
CN109508563A (en) * 2018-12-11 2019-03-22 南京大学 Electronic document authenticity guarantee method based on block chain
CN109656882A (en) * 2017-10-10 2019-04-19 上海能链众合科技有限公司 Data record method, extracting method and device, storage medium, terminal

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20090027553A (en) * 2007-09-12 2009-03-17 한국전자거래진흥원 A method and apparatus for storing electronic documents, a method and apparatus for distributing electronic documents, and a recording medium having recorded thereon a program for performing the method.
CN102006302A (en) * 2010-12-03 2011-04-06 中国软件与技术服务股份有限公司 Method for identifying security classification of electronic file
CN103824031A (en) * 2014-02-28 2014-05-28 江苏敏捷科技股份有限公司 Method and system for guaranteeing security of electronic documents by using electronic document security labels
CN105681034A (en) * 2016-02-24 2016-06-15 山东超越数控电子有限公司 Document secret management method and system based on digital labels
WO2018139951A1 (en) * 2017-01-25 2018-08-02 Акционерное общество "Кросс технолоджис" System for placing a confidentiality mark in an electronic document
CN107180195A (en) * 2017-05-18 2017-09-19 北京计算机技术及应用研究所 Electronic document Life cycle safety protecting method based on safety label
CN107506366A (en) * 2017-06-27 2017-12-22 北京明朝万达科技股份有限公司 A kind of document life management method and system based on globally unique ID
CN109656882A (en) * 2017-10-10 2019-04-19 上海能链众合科技有限公司 Data record method, extracting method and device, storage medium, terminal
CN109508563A (en) * 2018-12-11 2019-03-22 南京大学 Electronic document authenticity guarantee method based on block chain

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘庆悦: "基于区块链技术的电子档案管理模型探析", 浙江档案, no. 10, 31 October 2018 (2018-10-31), pages 22 - 24 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113037612A (en) * 2021-03-09 2021-06-25 西安四叶草信息技术有限公司 Method and device for distributing mails
CN116432210A (en) * 2023-06-13 2023-07-14 成都航空职业技术学院 File management method and system based on security protection
CN116432210B (en) * 2023-06-13 2023-08-29 成都航空职业技术学院 File management method and system based on security protection

Similar Documents

Publication Publication Date Title
US11372994B2 (en) Security application for data security formatting, tagging and control
CA2791794C (en) A method and system for managing confidential information
US10079835B1 (en) Systems and methods for data loss prevention of unidentifiable and unsupported object types
AU2005320910B9 (en) Method and system for securely identifying computer storage devices
JP2008541273A5 (en)
CN115982764A (en) Method, system, device and medium for storing electronic file based on block chain
CN114254269B (en) System and method for determining rights of biological digital assets based on block chain technology
CN117313122A (en) Data sharing and exchanging management system based on block chain
CN112329064A (en) A digital mark-based electronic document security management system and method
KR102294926B1 (en) Automated system for forming analyzed data by extracting original data
CN202872828U (en) A circulation control system of files
CN108390857B (en) Method and device for exporting file from high-sensitivity network to low-sensitivity network
CN112948870A (en) Electronic document security management method and management system based on big data
Jain et al. A review on data leakage prevention using image steganography
US20250175498A1 (en) Ransomware protection in advanced injection-based attacks
CN116561777A (en) Data processing method and device
Moric et al. ENTERPRISE TOOLS FOR DATA FORENSICS.
Stallings Data loss prevention as a privacy-enhancing technology
CN115134089A (en) A data sharing supervision system and method
CN100476750C (en) Computer activity monitoring and recording system and method
CN119232506B (en) One-object-one-code multiple encryption method and system based on data security architecture
CN117951174B (en) A data classification and grading method, device, equipment and medium based on data set
JP7566230B1 (en) Placement location selection device, placement location selection method, and placement location selection program
CN106650321A (en) Method and system for trusted control of electronic file in standalone mode
CN118709224A (en) Data security protection method, model, device, electronic device and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination