CN113098899B - Intangible asset protection method, device and computer readable medium - Google Patents

Intangible asset protection method, device and computer readable medium Download PDF

Info

Publication number
CN113098899B
CN113098899B CN202110472039.3A CN202110472039A CN113098899B CN 113098899 B CN113098899 B CN 113098899B CN 202110472039 A CN202110472039 A CN 202110472039A CN 113098899 B CN113098899 B CN 113098899B
Authority
CN
China
Prior art keywords
intangible asset
intangible
client
transmission process
warehouse center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110472039.3A
Other languages
Chinese (zh)
Other versions
CN113098899A (en
Inventor
曾小红
蒋承
汪伟
徐凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Hongmei Intelligent Technology Co Ltd
Original Assignee
Sichuan Hongmei Intelligent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Hongmei Intelligent Technology Co Ltd filed Critical Sichuan Hongmei Intelligent Technology Co Ltd
Priority to CN202110472039.3A priority Critical patent/CN113098899B/en
Publication of CN113098899A publication Critical patent/CN113098899A/en
Application granted granted Critical
Publication of CN113098899B publication Critical patent/CN113098899B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method, a device and a computer readable medium for intangible asset protection, wherein the method comprises the following steps: the client side provided with the encryption plug-in sends an access request which is specific to the warehouse center and carries a legal certificate to an intangible asset management platform which is set up in advance based on code review software gerrit; when the response result of the intangible asset management platform is determined to be that the warehouse center is allowed to be accessed, accessing the warehouse center through a warehousing port of the warehouse center, and starting monitoring on an intangible asset transmission process; when the fact that the local client creates the intangible asset transmission process is monitored, the input end and the output end of the intangible asset transmission process are determined; and when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted in the intangible asset transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets to the local client. According to the scheme, the risk of invisible asset leakage can be reduced.

Description

Intangible asset protection method, device and computer readable medium
Technical Field
The present invention relates to the field of computer technologies, and in particular, to a method and an apparatus for intangible asset protection, and a computer-readable medium.
Background
As business continues to expand, intangible assets within the enterprise become more and more, such as source code, hardware design solutions, documentation, software images, software deliverables, and the like. And the intangible assets are uniformly managed and controlled by establishing an intangible asset management platform.
Intangible assets, as a trade secret within an enterprise, need to be guaranteed against theft by malicious attackers. At present, when a user accesses an intangible asset management platform through a client, the intangible asset management platform determines whether to allow the user to access by verifying whether a personal account of a login user has an access right, and only a user with the access right can access the intangible asset management platform.
However, the personal account number, once leaked, will result in the leakage of intangible assets.
Disclosure of Invention
The embodiment of the invention provides a method and a device for protecting intangible assets and a computer readable medium, which are used for reducing the risk of intangible asset leakage.
In a first aspect, an embodiment of the present invention provides an intangible asset protection method, which is applied to a client, where an encryption plug-in is installed in the client, and the method includes:
sending an access request aiming at a warehouse center to an intangible asset management platform which is set up in advance based on code review software gerrit, wherein the access request carries a legal certificate, so that an encryption gateway plug-in arranged at a warehousing port of the warehouse center by the intangible asset management platform verifies the legal certificate, and returns a response result to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server;
when the response result of the intangible asset management platform is determined to be that the warehouse center is allowed to be accessed, accessing the warehouse center through a warehousing port of the warehouse center, and starting monitoring on an intangible asset transmission process;
when the fact that a local client creates an intangible asset transmission process is monitored, determining an input end and an output end of the intangible asset transmission process; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted in the intangible asset transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets in the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed.
Preferably, further comprising:
when the input end is a local client and the output end is other clients, identifying whether the type of the intangible asset transmitted by the intangible asset transmission process is a file type related to the source code according to a preset encryption strategy;
if yes, further identifying whether the intangible asset is a plaintext file;
if the intangible asset is a plaintext file, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm and storing the encrypted intangible asset to a local client;
and if the intangible asset is a ciphertext file, directly storing the intangible asset in the local client.
Preferably, further comprising:
when the input end is the warehouse center and the output end is the local client end, decrypting the intangible assets transmitted by the intangible asset transmission process by using a decryption algorithm corresponding to the encryption algorithm;
uploading the decrypted intangible asset to a warehousing port of the warehouse center, so that a gerrit auditing tool arranged by the intangible asset management platform at the warehousing port of the warehouse center audits a source code included in the intangible asset, and storing the source code to the warehouse center through the warehousing port after the audit is passed; the decryption algorithm is issued by the authentication server after passing the authentication.
Preferably, further comprising:
when the input end is the other client side and the output end is the local client side, identifying whether the intangible asset transmitted by the intangible asset transmission process is a plaintext file;
if the intangible asset is a plaintext file, further identifying whether the type of the intangible asset is a file type related to a source code according to a preset encryption strategy;
if the intangible asset type is a file type related to a source code, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm, and outputting the encrypted intangible asset to the other client;
and if the intangible asset is a ciphertext file, outputting the intangible asset to the other clients.
Preferably, further comprising:
and when the intangible asset display process is monitored, the intangible asset required to be displayed in the intangible asset display process is decrypted by using a decryption algorithm corresponding to the encryption algorithm, and the decrypted intangible asset is displayed.
Preferably, the way for the authentication server to authenticate the authentication request includes:
and after receiving the authentication request, the authentication server displays the authentication request on a display interface so that a user can confirm whether the client side is legally provided with the encryption plug-in according to client side information carried in the authentication request, and after receiving a confirmation message that the user inputs the authentication passing through the display interface after confirming that the client side is legally provided with the encryption plug-in, the authentication server confirms that the authentication of the authentication request passes.
Preferably, the verifying the legal certificate by the intangible asset management platform through an encryption gateway plug-in disposed at a warehousing port of a warehouse center includes:
and comparing the legal signature included in the legal certificate according to a verification signature acquired from the authentication server in advance, wherein when the verification signature is consistent with the legal signature, the verification result is correct.
In a second aspect, an embodiment of the present invention further provides an intangible asset protection device, located in a client installed with an encryption plug-in, including:
the access unit is used for sending an access request aiming at the warehouse center to an intangible asset management platform which is built in advance based on code review software gerrit, wherein the access request carries a legal certificate, so that an encryption gateway plug-in arranged at a warehousing port of the warehouse center by the intangible asset management platform verifies the legal certificate, and a response result is returned to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server;
the process monitoring unit is used for accessing the warehouse center through a warehousing port of the warehouse center and starting monitoring on an intangible asset transmission process when the response result of the intangible asset management platform is determined to be that the access to the warehouse center is allowed;
the system comprises a process processing unit, a processing unit and a processing unit, wherein the process processing unit is used for determining an input end and an output end of an intangible asset transmission process when monitoring that the local client establishes the intangible asset transmission process; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted in the intangible asset transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets in the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed.
In a third aspect, an embodiment of the present invention further provides an intangible asset protection device, including: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine readable program to perform the intangible asset protection method provided by the first aspect or any possible implementation manner of the first aspect.
In a fourth aspect, the present invention further provides a computer-readable medium, on which computer instructions are stored, and when executed by a processor, the computer instructions cause the processor to execute the intangible asset protection method provided by the first aspect or any possible implementation manner of the first aspect.
The embodiment of the invention provides a method, a device and a computer readable medium for protecting intangible assets, wherein an encryption plug-in is installed in a client, when the encryption plug-in is operated for the first time, the authentication is carried out on an external authentication server, a legal certificate issued by the authentication server can be obtained after the authentication is passed, when the client sends an access request aiming at a warehouse center to an intangible asset management platform, the access request carries the legal certificate, an encryption gateway plug-in arranged at a warehouse inlet port of the warehouse center by the intangible asset management platform can verify the legal certificate so as to return a response result to the client, when the client is allowed to access the warehouse center, the monitoring of an intangible asset transmission process is started, when the monitoring shows that the intangible asset transmission process is established by a local client, when the determined result is that an input end is the local client and an output end is the warehouse center, the transmitted intangible assets are encrypted and stored by an encryption algorithm. Therefore, only the client with the legal certificate is allowed to access the warehouse center, and when the intangible assets of the warehouse center are pulled to the local client, the intangible assets need to be encrypted and then stored in the local client, even if the personal account number is leaked, the client without the legal certificate logs in to access the warehouse center, the access cannot be allowed, and therefore the risk of the leakage of the intangible assets can be reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a system architecture diagram provided by an embodiment of the present invention;
FIG. 2 is a flow chart of a method for intangible asset protection provided by embodiments of the present invention;
fig. 3 is a hardware architecture diagram of a device in which an intangible asset protection apparatus according to an embodiment of the present invention is located;
fig. 4 is a block diagram of an intangible asset protection device according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention, and based on the embodiments of the present invention, all other embodiments obtained by a person of ordinary skill in the art without creative efforts belong to the scope of the present invention.
In the related art, when a client accesses a warehouse center in an intangible asset management platform, a personal account of a user needs to be logged in, the intangible asset management platform needs to verify whether the personal account has authority to determine whether the user is allowed to access, but if the personal account with the access authority leaks, an attacker accesses the warehouse center of the intangible asset management platform by using the personal account and downloads intangible assets in the warehouse center to the client, so that the leakage of intangible assets is caused.
In consideration of the case of an intangible asset leakage, it can be considered to encrypt the intangible asset to reduce the risk of the intangible asset leakage. How to encrypt the information can be realized by installing an encryption plug-in at a client, only the client legally installed with the encryption plug-in can acquire a legal certificate issued by an authentication server, and an intangible asset management platform confirms whether the client is allowed to access a warehouse center according to the legal certificate, which is a first layer of protection measure. When the client downloads the intangible assets from the warehouse center, the intangible assets need to be encrypted and then stored, so that the risk of leakage of the intangible assets at the client can be reduced, which is a second layer of protection measure.
Specific implementations of the above concepts are described below.
For clearly understanding the scheme of the embodiment of the present invention, the system architecture to which the scheme is applied will be described below. Referring to fig. 1, a system architecture diagram for the present application is shown, the system including: at least one client (two shown), an authentication server, and an intangible asset management platform.
The client side is provided with the encryption plug-in, initiates authentication to the authentication server when the encryption plug-in operates for the first time, receives a legal certificate issued by the authentication server after the authentication is passed, and accesses the intangible asset management platform by using the legal certificate to indicate that the local client side is provided with the encryption plug-in.
And the authentication server is used for authenticating the client side provided with the encryption plug-in so as to ensure that the client side is the client side provided with the encryption plug-in correctly.
The intangible asset management platform comprises a warehouse center, wherein intangible assets are stored in the warehouse center, the legal certificate of a client is verified by arranging an encryption gateway plug-in at a warehousing port of the warehouse center to determine whether the client is allowed to access, and when the client is allowed to access, the warehouse center is opened to allow the client to upload and/or download the intangible assets.
Referring to fig. 2, an embodiment of the present invention provides an intangible asset protection method, which is applied to a client, where an encryption plug-in is installed in the client, and the method includes:
step 201: sending an access request aiming at a warehouse center to an intangible asset management platform which is set up in advance based on code review software gerrit, wherein the access request carries a legal certificate, so that an encryption gateway plug-in arranged at a warehousing port of the warehouse center by the intangible asset management platform verifies the legal certificate, and returns a response result to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server;
step 202: when the response result of the intangible asset management platform is determined to be that the warehouse center is allowed to be accessed, accessing the warehouse center through a warehousing port of the warehouse center, and starting monitoring on an intangible asset transmission process;
step 203: when the fact that a local client creates an intangible asset transmission process is monitored, determining an input end and an output end of the intangible asset transmission process; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted in the intangible asset transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets in the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed.
In the embodiment of the invention, an encryption plug-in is installed in a client, when the encryption plug-in is operated for the first time, authentication is carried out on an external authentication server, a legal certificate issued by the authentication server can be obtained after the authentication is passed, when the client sends an access request aiming at a warehouse center to an intangible asset management platform, the access request carries the legal certificate, the encryption gateway plug-in arranged at a warehouse entry port of the intangible asset management platform can verify the legal certificate so as to return a response result to the client, when the client is allowed to access the warehouse center, monitoring of an intangible asset transmission process is started, when the fact that a local client establishes the intangible asset transmission process is monitored, when the fact that an input end is the local client and an output end is the warehouse center is determined, the transmitted intangible asset is encrypted and stored by using an encryption algorithm. Therefore, only the client with the legal certificate is allowed to access the warehouse center, and when the intangible asset of the warehouse center is pulled to the local client, the intangible asset needs to be encrypted and then stored in the local client, even if the personal account number leaks, the client without the legal certificate logs in to access the warehouse center, and the access cannot be allowed, so that the risk of the leakage of the intangible asset can be reduced.
The following describes each of the above steps.
Aiming at the step 201, sending an access request aiming at a warehouse center to an intangible asset management platform which is set up in advance based on code review software gerrit, wherein the access request carries a legal certificate, so that an encryption gateway plug-in arranged at a warehousing port of the warehouse center by the intangible asset management platform verifies the legal certificate, and returns a response result to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server.
Before this step, an encryption plug-in is required to be installed in the client, and the encryption plug-in is used for encrypting and decrypting the local intangible assets according to the configured encryption strategy.
The encryption policy may be assigned to the client by the authentication server according to the user attribute of the client, may be set by the user using the client, or may be a uniform encryption policy. For example, if the user attribute is software development engineer, the encryption policy may be to encrypt files of file types ". C",. Java "in the client; for another example, if the user attribute is general clerk, the encryption policy may be to encrypt the file with file type ". Doc",. Xlsx "in the client.
Since employees within an enterprise use intangible assets differently, the encryption policy may be configurable, either adjustably or manually set, to accommodate more types of employees.
When the encryption plug-ins are installed in the clients, the encryption plug-ins are not installed in all the clients, and the encryption plug-ins can be installed in the clients used by users having access to the intangible asset management platform. In order to prevent other clients from installing the encryption plug-in by themselves to obtain access rights, the authentication server needs to authenticate the client installed with the encryption plug-in.
In the embodiment of the invention, after the installation of the encryption plug-in is finished and when the encryption plug-in is operated for the first time, the client sends an authentication request to the authentication server, the authentication request carries client information, and the authentication server utilizes the client information to confirm whether the authentication is passed. When the authentication server confirms the authentication request, it needs to determine whether the client side legally installs the encryption plug-in.
At the time of confirmation, at least the following manual confirmation mode or automatic confirmation mode can be realized.
Manual confirmation method: the authentication server displays the authentication request on a display interface after receiving the authentication request so that a user can confirm whether the client is legally provided with the encryption plug-in according to client information carried in the authentication request, and the authentication server confirms that the authentication of the authentication request is passed after receiving a confirmation message that the user inputs the authentication through the display interface after confirming that the client is legally provided with the encryption plug-in.
In this way, the encryption plug-in the client can be installed by the user, and then the client is determined to be installed legally, and according to the client information displayed on the display interface by the authentication server, the client information which is installed legally can be determined to be consistent, so that the authentication can be confirmed manually.
Through a manual confirmation mode, the client which passes the authentication can be ensured to be the client which legally installs the encryption plug-in, and the probability that the client which illegally installs the encryption plug-in or does not install the encryption plug-in is authenticated and passed can be reduced, so that the protection on intangible assets is improved, and the risk of the leakage of the intangible assets is reduced.
An automatic confirmation mode: after the client installs the encryption plug-in, the client information legally installed with the encryption plug-in can be uploaded to an authentication server, the authentication server stores the client information, and when the authentication server receives an authentication request, whether the client information carried in the authentication request is consistent with the stored client information or not is compared, and when the client information is consistent with the stored client information, the authentication of the authentication request is confirmed to be passed.
In the two modes, the client information can be information used for representing the client identification and information which cannot be tampered or falsely used. Such as IP address + username.
An intangible asset management platform may be built based on gerrit (code review software) to store intangible assets in its warehouse center. The gerrit is code examination software of free and open source codes, and compared with a traditional service line code, a document isolated control mode and a manual control mode, the gerrit is used for examining and warehousing and uniformly managing intangible assets, so that the waste of manpower and material resources and the loss of intangible assets are reduced, and meanwhile, codes, an asset management center and a uniform continuous integration platform at the whole company level can be established.
Aiming at step 202, when the response result of the intangible asset management platform is determined to be that the warehouse center is allowed to be accessed, monitoring of an intangible asset transmission process is started; and the response result is the response of the intangible asset management platform to verify the legal certificate carried in the access request and to perform the verification when the verification result is correct.
In the embodiment of the present invention, after the authentication server passes the authentication of the authentication request, the authentication server may issue a legal certificate to the client, where the legal certificate is used to indicate that the client is a client with a legally installed encryption plug-in, in this step 201, when an access request for the warehouse center is sent to the intangible asset management platform, the legal certificate is carried in the access request, and the intangible asset management platform may respond to the access request by using the legal certificate.
The legal certificate can be an identifier agreed by three parties, and the identifier cannot be tampered; or, the legal certificate includes the signature of the authentication server, and the signature cannot be tampered.
In the embodiment of the invention, in order to ensure that the intangible assets stored in the warehouse center of the intangible asset management platform are not leaked, an access request for accessing the warehouse center needs to be verified. Specifically, an encryption gateway plug-in may be arranged at a warehousing port of the warehouse center, and the plug-in is used to verify a legal certificate carried in the access request.
In this embodiment of the present invention, the method for verifying the legal certificate by the encryption gateway plug-in disposed at the warehousing port of the warehouse center by the intangible asset management platform at least may include: and comparing the legal signature included in the legal certificate according to the verification signature acquired from the authentication server in advance, wherein when the verification signature is consistent with the legal signature, the verification result is correct.
Because the legal signature in the legal certificate can not be tampered, the intangible asset management platform acquires the signature of the authentication server from the authentication server in advance as a verification signature, and when an access request carrying the legal certificate is received, the verification signature is compared with the legal signature in the legal certificate to determine whether the verification result is correct, so as to determine the response result. If the client side and the server are consistent, the legal certificate is issued by the authentication server, the verification result is correct, the response result is that the client side is allowed to access the warehouse center, otherwise, the client side is refused to access the warehouse center. Therefore, the warehouse center storing the intangible assets is guaranteed not to be accessed by the client side without the legal certificate, and the risk that the intangible assets are leaked is further reduced.
The results of the response to the intangible asset management platform include two types, one is denied access to the warehouse and the other is allowed access to the warehouse center.
Since the client is allowed access to the repository center, the client may upload and/or download intangible assets to and/or from the repository center. Uploading or downloading of the intangible assets is realized through a process in the client, so that monitoring of the transmission process of the intangible assets can be started.
It should be noted that, if the encryption plug-in installed legally in the client is uninstalled, the legal certificate issued by the authentication server obtained by the encryption plug-in will also be automatically deleted.
Aiming at step 203, when the fact that the local client creates the intangible asset transmission process is monitored, determining an input end and an output end of the intangible asset transmission process; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted in the intangible asset transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets in the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed.
When the fact that the local client creates the intangible asset transmission process is monitored, the intangible asset transmission process has the following four conditions:
the first condition is as follows: the input end of the intangible asset transmission process is a local client, and the output end of the intangible asset transmission process is a warehouse center;
case two: the input end of the intangible asset transmission process is a local client, and the output end of the intangible asset transmission process is other clients;
case three: the input end of the intangible asset transmission process is a warehouse center, and the output end of the intangible asset transmission process is a local client.
Case four: the input end of the intangible asset transmission process is other clients, and the output end of the intangible asset transmission process is a local client.
The processing method according to the embodiment of the present invention will be described with respect to the above four cases.
For case one: since the output end is the warehouse center, the intangible assets downloaded from the warehouse center need to be guaranteed not to be leaked, and encrypted storage needs to be carried out on the intangible assets. Specifically, when the output end of the intangible asset transmission process is determined to be the warehouse center, the intangible asset transmitted by the intangible asset transmission process is encrypted according to a preset encryption algorithm, and the encrypted intangible asset is stored in the local client. The preset encryption algorithm is issued by the authentication server after passing the authentication, and also comprises a decryption algorithm corresponding to the encryption algorithm.
For case two: when the input end of the intangible asset transmission process is a local client and the output end is other clients, it indicates that the output end of the intangible asset transmission process is not the warehouse center, and then specifically, the process includes:
identifying whether the type of the intangible asset transmitted by the intangible asset transmission process is a file type related to a source code according to a preset encryption strategy;
if yes, further identifying whether the intangible asset is a plaintext file;
if the intangible asset is a plaintext file, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm and storing the encrypted intangible asset to a local client;
and if the intangible asset is a ciphertext file, directly storing the intangible asset in the local client.
For example, the encryption policy is that encrypted storage needs to be performed on a file type related to the source code, wherein the file type related to the source code may be a.c. To ensure that the transmitted intangible assets are protected by encryption. When the intangible asset is in the plaintext, the other clients are not provided with the encryption plug-ins, so that the intangible asset in the plaintext is encrypted and stored for the safety of the input intangible asset. If the intangible asset is ciphertext, indicating that the other client is also provided with the encryption plug-in, the intangible asset of the ciphertext can be directly stored locally. In this way, the risk of an intangible asset being compromised may be further reduced. If the type of the transmitted intangible asset is not the type of the file related to the source code, the intangible asset can be directly stored regardless of a plaintext file or a ciphertext file.
For case three: and when the input end of the intangible asset transmission process is the warehouse center and the output end is the local client, indicating that the local client uploads the locally stored intangible assets to the warehouse center. According to the encryption policy, the local client is stored in the intangible assets in an encrypted manner, and the warehouse center does not have a decryption function, so that the process can comprise the following steps:
decrypting the intangible assets transmitted by the intangible asset transmission process by using a decryption algorithm corresponding to the encryption algorithm;
uploading the decrypted intangible asset to a warehousing port of the warehouse center so that a gerrit auditing tool arranged by the intangible asset management platform at the warehousing port of the warehouse center audits a source code included in the intangible asset, and storing the source code to the warehouse center through the warehousing port after the audit is passed; the decryption algorithm is issued by the authentication server after the authentication is passed.
In the embodiment of the invention, the local client decrypts the intangible asset and uploads the decrypted intangible asset to the warehouse center, so that a gerrit auditing tool arranged on a warehousing port of an intangible asset management platform can directly open the intangible asset to browse the source code in the intangible asset for auditing, and code auditing and warehousing are realized.
For case four: when the input end of the intangible asset transmission process is other clients and the output end is a local client, it indicates that the input end is not the warehouse center, and since the local client stores part or all of the intangible assets in an encrypted manner, in order to ensure the risk of leakage of the output intangible assets, specifically, the process may include:
identifying whether the intangible asset transmitted by the intangible asset transmission process is a plaintext file;
if the intangible asset is a plaintext file, further identifying whether the type of the intangible asset is a file type related to a source code according to a preset encryption strategy;
if the type of the intangible asset is the file type related to the source code, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm, and outputting the encrypted intangible asset to other clients;
and if the intangible asset is a ciphertext file, outputting the intangible asset to the other clients.
In the embodiment of the invention, when the intangible asset output to other clients belongs to the file type which is configured by the encryption strategy and needs to be encrypted and protected, the output intangible asset is ensured to be a ciphertext file, so that the risk of the intangible asset being leaked can be reduced. If the intangible asset is a plaintext file and the intangible asset type is not a file type associated with the source code, then the intangible asset of the plaintext file may be allowed to be output to other clients.
In an embodiment of the present invention, for an encrypted intangible asset stored in a client, when the client monitors an intangible asset display process, the intangible asset display process is used to open and display the intangible asset on a display interface, so that when the client determines that the intangible asset is a ciphertext file, the client may decrypt the intangible asset required to be displayed by the intangible asset display process by using a decryption algorithm corresponding to the encryption algorithm, and then display the decrypted intangible asset, thereby ensuring that the displayed intangible asset is displayed as a plaintext when the client needs to read the intangible asset, and ensuring that a user can normally use the intangible asset on a local client.
As shown in fig. 3 and 4, an embodiment of the present invention provides an intangible asset protection device. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. From a hardware level, as shown in fig. 3, a hardware structure diagram of a device in which an intangible asset protection apparatus provided in the embodiment of the present invention is located is shown, where in addition to the processor, the memory, the network interface, and the nonvolatile memory shown in fig. 3, the device in which the apparatus is located may also include other hardware, such as a forwarding chip responsible for processing a packet, in general. Taking a software implementation as an example, as shown in fig. 4, as a logical apparatus, the apparatus is formed by reading a corresponding computer program instruction in a non-volatile memory into a memory by a CPU of a device in which the apparatus is located and running the computer program instruction. The intangible asset protection device provided by the embodiment is located in a client installed with an encryption plug-in, and comprises:
the access unit 401 is configured to send an access request for a warehouse center to an intangible asset management platform that is set up in advance based on code review software gerrit, where the access request carries a legal certificate, so that an encryption gateway plug-in that is arranged at a warehouse entry port of the warehouse center by the intangible asset management platform verifies the legal certificate, and returns a response result to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server;
a process monitoring unit 402, configured to, when it is determined that the response result of the intangible asset management platform is that access to the warehouse center is allowed, access the warehouse center through a warehousing port of the warehouse center, and start monitoring of an intangible asset transmission process;
a process processing unit 403, configured to determine an input end and an output end of an intangible asset transmission process when it is monitored that the intangible asset transmission process is created by a local client; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted by the intangible assets transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets to the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed.
In one embodiment of the present invention, the process processing unit is further configured to: when the input end is the local client and the output end is the other client, identifying whether the intangible asset type transmitted by the intangible asset transmission process is a file type related to the source code according to a preset encryption strategy; if yes, further identifying whether the intangible asset is a plaintext file; if the intangible asset is a plaintext file, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm and storing the encrypted intangible asset to a local client; and if the intangible asset is a ciphertext file, directly storing the intangible asset in the local client.
In one embodiment of the present invention, the process processing unit is further configured to: when the input end is the warehouse center and the output end is the local client end, decrypting the intangible assets transmitted by the intangible asset transmission process by using a decryption algorithm corresponding to the encryption algorithm; uploading the decrypted intangible asset to a warehousing port of the warehouse center, so that a gerrit auditing tool arranged by the intangible asset management platform at the warehousing port of the warehouse center audits a source code included in the intangible asset, and storing the source code to the warehouse center through the warehousing port after the audit is passed; the decryption algorithm is issued by the authentication server after passing the authentication.
In one embodiment of the present invention, the process processing unit is further configured to: when the input end is the other client side and the output end is the local client side, identifying whether the intangible asset transmitted by the intangible asset transmission process is a plaintext file; if the intangible asset is a plaintext file, further identifying whether the type of the intangible asset is a file type related to a source code according to a preset encryption strategy; if the intangible asset type is a file type related to a source code, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm, and outputting the encrypted intangible asset to the other client; and if the intangible asset is a ciphertext file, outputting the intangible asset to the other clients.
In one embodiment of the present invention, the process processing unit is further configured to: and when the intangible asset display process is monitored, decrypting the intangible asset required to be displayed by the intangible asset display process by using a decryption algorithm corresponding to the encryption algorithm, and displaying the decrypted intangible asset.
In an embodiment of the present invention, a manner of authenticating the authentication request by the authentication server includes: and after receiving a confirmation message that the user inputs the encryption plug-in unit legally installed on the client side through the display interface after confirming that the client side legally installs the encryption plug-in unit, the authentication server confirms that the authentication request passes the authentication.
In an embodiment of the present invention, the verifying the legal certificate by the encryption gateway plug-in disposed at the warehousing port of the warehouse center by the intangible asset management platform includes: and comparing the legal signature included in the legal certificate according to a verification signature acquired from the authentication server in advance, wherein when the verification signature is consistent with the legal signature, the verification result is correct.
It is to be understood that the illustrated construction of the embodiments of the present invention does not constitute a specific limitation on an intangible asset protection device. In other embodiments of the invention, an intangible asset protection device may include more or fewer components than shown, or some components may be combined, some components may be split, or a different arrangement of components. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.
Because the content of information interaction, execution process, and the like among the modules in the device is based on the same concept as the method embodiment of the present invention, specific content can be referred to the description in the method embodiment of the present invention, and is not described herein again.
An embodiment of the present invention further provides an intangible asset protection device, including: at least one memory area and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor is configured to invoke the machine readable program to perform a method of intangible asset protection in any of the embodiments of the present invention.
Embodiments of the present invention also provide a computer readable medium having stored thereon computer instructions, which, when executed by a processor, cause the processor to execute a method for intangible asset protection according to any of the embodiments of the present invention.
Specifically, a system or an apparatus equipped with a storage medium on which software program codes that realize the functions of any of the above-described embodiments are stored may be provided, and a computer (or a CPU or MPU) of the system or the apparatus is caused to read out and execute the program codes stored in the storage medium.
In this case, the program code itself read from the storage medium can realize the functions of any of the above-described embodiments, and thus the program code and the storage medium storing the program code constitute a part of the present invention.
Examples of the storage medium for supplying the program code include a floppy disk, a hard disk, a magneto-optical disk, an optical disk (e.g., CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD + RW), a magnetic tape, a nonvolatile memory card, and a ROM. Alternatively, the program code may be downloaded from a server computer via a communications network.
Further, it should be clear that the functions of any one of the above-described embodiments may be implemented not only by executing the program code read out by the computer, but also by causing an operating system or the like operating on the computer to perform a part or all of the actual operations based on instructions of the program code.
Further, it is to be understood that the program code read out from the storage medium is written to a memory provided in an expansion board inserted into the computer or to a memory provided in an expansion module connected to the computer, and then causes a CPU or the like mounted on the expansion board or the expansion module to perform part or all of the actual operations based on instructions of the program code, thereby realizing the functions of any of the above-described embodiments.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrases "comprising a" ... "does not exclude the presence of additional like elements in a process, method, article, or apparatus that comprises the element.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: various media that can store program codes, such as ROM, RAM, magnetic or optical disks.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (7)

1. An intangible asset protection method is applied to a client, wherein an encryption plug-in is installed in the client, and the method comprises the following steps:
sending an access request aiming at a warehouse center to an intangible asset management platform which is set up in advance based on code review software gerrit, wherein the access request carries a legal certificate, so that an encryption gateway plug-in arranged at a warehousing port of the warehouse center by the intangible asset management platform verifies the legal certificate, and returns a response result to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server;
when the response result of the intangible asset management platform is determined to be that the warehouse center is allowed to be accessed, accessing the warehouse center through a warehousing port of the warehouse center, and starting monitoring on an intangible asset transmission process;
when the fact that a local client creates an intangible asset transmission process is monitored, determining an input end and an output end of the intangible asset transmission process; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted by the intangible assets transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets to the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed;
when the input end is a local client and the output end is other clients, identifying whether the type of the intangible asset transmitted by the intangible asset transmission process is a file type related to the source code according to a preset encryption strategy;
if yes, further identifying whether the intangible asset is a plaintext file;
if the intangible asset is a plaintext file, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm and storing the encrypted intangible asset to a local client;
if the intangible asset is a ciphertext file, directly storing the intangible asset in a local client;
when the input end is the warehouse center and the output end is the local client end, decrypting the intangible assets transmitted by the intangible asset transmission process by using a decryption algorithm corresponding to the encryption algorithm;
uploading the decrypted intangible asset to a warehousing port of the warehouse center so that a gerrit auditing tool arranged by the intangible asset management platform at the warehousing port of the warehouse center audits a source code included in the intangible asset, and storing the source code to the warehouse center through the warehousing port after the audit is passed; the decryption algorithm is issued by the authentication server after passing the authentication;
when the input end is the other client side and the output end is the local client side, identifying whether the intangible asset transmitted by the intangible asset transmission process is a plaintext file;
if the intangible asset is a plaintext file, further identifying whether the type of the intangible asset is a file type related to a source code according to a preset encryption strategy;
if the intangible asset type is a file type related to a source code, encrypting the intangible asset transmitted by the intangible asset transmission process according to a preset encryption algorithm, and outputting the encrypted intangible asset to the other client;
and if the intangible asset is a ciphertext file, outputting the intangible asset to the other clients.
2. The intangible asset protection method of claim 1, further comprising:
and when the intangible asset display process is monitored, decrypting the intangible asset required to be displayed by the intangible asset display process by using a decryption algorithm corresponding to the encryption algorithm, and displaying the decrypted intangible asset.
3. The intangible asset protection method of claim 1, wherein the authentication server authenticates the authentication request by:
and after receiving the authentication request, the authentication server displays the authentication request on a display interface so that a user can confirm whether the client side is legally provided with the encryption plug-in according to client side information carried in the authentication request, and after receiving a confirmation message that the user inputs the authentication passing through the display interface after confirming that the client side is legally provided with the encryption plug-in, the authentication server confirms that the authentication of the authentication request passes.
4. The intangible asset protection method according to claim 1, wherein the verifying the legal certificate by the intangible asset management platform through an encryption gateway plug-in disposed at an entry port of a warehouse center comprises:
and comparing the legal signature included in the legal certificate according to a verification signature acquired from the authentication server in advance, wherein when the verification signature is consistent with the legal signature, the verification result is correct.
5. An intangible asset protection device, located in a client installed with an encryption plug-in, adapted to an intangible asset protection method of any one of claims 1 to 4, comprising:
the access unit is used for sending an access request aiming at the warehouse center to an intangible asset management platform which is built in advance based on code review software gerrit, wherein the access request carries a legal certificate, so that an encryption gateway plug-in arranged at a warehousing port of the warehouse center by the intangible asset management platform verifies the legal certificate, and a response result is returned to the client according to a verification result; the legal certificate is issued after the authentication of the authentication request is passed by the authentication server;
the process monitoring unit is used for accessing the warehouse center through a warehousing port of the warehouse center and starting monitoring on the transmission process of the intangible assets when the response result of the intangible asset management platform is determined to be that the warehouse center is allowed to be accessed;
the system comprises a process processing unit, a processing unit and a processing unit, wherein the process processing unit is used for determining an input end and an output end of an intangible asset transmission process when monitoring that the local client establishes the intangible asset transmission process; when the input end is the local client and the output end is the warehouse center, encrypting the intangible assets transmitted by the intangible assets transmission process according to a preset encryption algorithm, and storing the encrypted intangible assets to the local client; the preset encryption algorithm is issued by the authentication server after the authentication is passed.
6. An intangible asset protection device, comprising: at least one memory and at least one processor;
the at least one memory to store a machine readable program;
the at least one processor, configured to invoke the machine readable program to perform the method of any of claims 1 to 4.
7. Computer readable medium, characterized in that it has stored thereon computer instructions which, when executed by a processor, cause the processor to carry out the method of any one of claims 1 to 4.
CN202110472039.3A 2021-04-29 2021-04-29 Intangible asset protection method, device and computer readable medium Active CN113098899B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110472039.3A CN113098899B (en) 2021-04-29 2021-04-29 Intangible asset protection method, device and computer readable medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110472039.3A CN113098899B (en) 2021-04-29 2021-04-29 Intangible asset protection method, device and computer readable medium

Publications (2)

Publication Number Publication Date
CN113098899A CN113098899A (en) 2021-07-09
CN113098899B true CN113098899B (en) 2023-04-18

Family

ID=76681421

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110472039.3A Active CN113098899B (en) 2021-04-29 2021-04-29 Intangible asset protection method, device and computer readable medium

Country Status (1)

Country Link
CN (1) CN113098899B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113704067B (en) * 2021-09-09 2023-10-24 合肥新青罗数字技术有限公司 Intangible asset management system monitoring method

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040026A (en) * 2018-07-11 2018-12-18 深圳市网心科技有限公司 A kind of authorization method of digital asset, device, equipment and medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10609042B2 (en) * 2016-02-15 2020-03-31 Cisco Technology, Inc. Digital data asset protection policy using dynamic network attributes
CN109587101B (en) * 2017-09-29 2021-04-13 腾讯科技(深圳)有限公司 Digital certificate management method, device and storage medium
US11621974B2 (en) * 2019-05-14 2023-04-04 Tenable, Inc. Managing supersedence of solutions for security issues among assets of an enterprise network
CN111800397A (en) * 2020-06-23 2020-10-20 四川虹美智能科技有限公司 Login method, device and system of intangible asset management platform

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109040026A (en) * 2018-07-11 2018-12-18 深圳市网心科技有限公司 A kind of authorization method of digital asset, device, equipment and medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
数字学术资源云存储安全保障研究;许祎蕾;《中国优秀硕士学位论文全文数据库(电子期刊)》;20200615;全文 *

Also Published As

Publication number Publication date
CN113098899A (en) 2021-07-09

Similar Documents

Publication Publication Date Title
US11784823B2 (en) Object signing within a cloud-based architecture
JP5860815B2 (en) System and method for enforcing computer policy
JP6009083B2 (en) Method for providing secure app ecosystem with key and data exchange according to corporate information management policy, non-transitory computer readable medium, and mobile computing device
US7797545B2 (en) System and method for registering entities for code signing services
US8245042B2 (en) Shielding a sensitive file
US8340289B2 (en) System and method for providing an indication of randomness quality of random number data generated by a random data service
US20070074033A1 (en) Account management in a system and method for providing code signing services
US20060048227A1 (en) Client apparatus, server apparatus and authority control method
US8407481B2 (en) Secure apparatus and method for protecting integrity of software system and system thereof
KR20060060664A (en) Remote access system, gateway, client device, program, and storage medium
KR20030036787A (en) System for establishing an audit trail to protect objects distributed over a network
JP2011507414A (en) System and method for protecting data safety
JP2003330365A (en) Method for distributing/receiving contents
JP2008251021A (en) Application authentication system
US20070074032A1 (en) Remote hash generation in a system and method for providing code signing services
EP2958039B1 (en) Device for decrypting and providing content of a provider and method for operating the device
CN111914293A (en) Data access authority verification method and device, computer equipment and storage medium
US20080184028A1 (en) Methods, Apparatus and Products for Establishing a Trusted Information Handling System
US8312431B1 (en) System and computer readable medium for verifying access to signed ELF objects
US20110154436A1 (en) Provider Management Methods and Systems for a Portable Device Running Android Platform
US11838282B2 (en) Information recording apparatus with server-based user authentication for accessing a locked operating system storage
KR102131976B1 (en) User terminal apparatus and method for providing personal information thereby
CN113098899B (en) Intangible asset protection method, device and computer readable medium
WO2012120313A1 (en) A cryptographic system and method
JP2009033402A (en) Id based cryptographic system, transmission terminal device, distribution server device, and reception terminal device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant