CN117131534A - Secret document security management and control method based on blockchain - Google Patents
Secret document security management and control method based on blockchain Download PDFInfo
- Publication number
- CN117131534A CN117131534A CN202310623816.9A CN202310623816A CN117131534A CN 117131534 A CN117131534 A CN 117131534A CN 202310623816 A CN202310623816 A CN 202310623816A CN 117131534 A CN117131534 A CN 117131534A
- Authority
- CN
- China
- Prior art keywords
- secret
- document
- coefficient
- running environment
- abnormal
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 29
- 230000002159 abnormal effect Effects 0.000 claims abstract description 79
- 238000012544 monitoring process Methods 0.000 claims abstract description 37
- 238000012795 verification Methods 0.000 claims abstract description 8
- 238000012502 risk assessment Methods 0.000 claims abstract description 4
- 230000002265 prevention Effects 0.000 claims description 13
- 238000010606 normalization Methods 0.000 claims description 9
- 238000012545 processing Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000011156 evaluation Methods 0.000 claims description 4
- 241000700605 Viruses Species 0.000 claims description 3
- 230000005856 abnormality Effects 0.000 claims description 3
- 230000000694 effects Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000009792 diffusion process Methods 0.000 description 1
- 230000002349 favourable effect Effects 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D10/00—Energy efficient computing, e.g. low power processors, power management or thermal management
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application discloses a block chain-based security management and control method for a secret document, which particularly relates to the technical field of document management and comprises the following steps: the method comprises the steps of performing identity verification on access users of confidential documents, marking the access users passing the identity verification as authorized users, and obtaining access records in the period to form an access data table; counting access abnormal conditions of authorized users in the monitoring period, and confirming and marking abnormal factors; the method comprises the steps of carrying out risk analysis on a blockchain running environment where a secret related document is located, counting running environment risk factors, comparing the running environment risk factors with a preset running environment risk factor threshold, and judging whether the running environment risk factor threshold is exceeded.
Description
Technical Field
The application relates to the technical field of document management, in particular to a block chain-based security management and control method for a secret document.
Background
With the development of enterprise informatization, electronic documents become a special important asset as a medium for carrying information, but the easy propagation and diffusion of electronic documents determine the unsafe property of the electronic documents. Currently, electronic file-based internal disclosure is becoming one of the greatest threats to data security within enterprises. The current technology about document security is mainly realized by setting a document security server, an encryption authorization unit, an encryption document reader and other functional modules.
The prior art methods have a certain effect on the security of documents, but analyzing these technical methods has the following drawbacks:
1. the additional deployment server or module is required to be responsible for encryption and decryption of the confidential document, and is usually compiled by an algorithm, so that the confidential document is easy to intercept and crack in the key transmission process, and the anti-attack performance is not strong.
2. Related application software is required to be installed on each user terminal, and identification information in the confidential document is read, so that the purpose of copy control is achieved, the practical applicability is not strong, and the popularization and the use are not easy.
Disclosure of Invention
In order to overcome the above-mentioned drawbacks of the prior art, an embodiment of the present application provides a block chain-based security management and control method for a secret document, so as to solve the problems set forth in the above-mentioned background art.
In order to achieve the above purpose, the present application provides the following technical solutions: a block chain-based secret-related document safety control method comprises the following steps:
step 10, carrying out identity verification on the access user of the confidential document, marking the access user passing the identity verification as an authorized user, and obtaining an access record in the period to form an access data table;
step 20, counting access abnormal conditions of the authorized users in the monitoring period, and confirming and marking abnormal factors;
step 30, performing risk analysis on the blockchain running environment where the ciphertext file is located, counting running environment risk coefficients, comparing the running environment risk coefficients with a preset running environment risk coefficient threshold, judging whether the running environment risk coefficient threshold is exceeded, and if the running environment risk coefficient threshold is exceeded, marking abnormal factors;
step 40, performing operation analysis on authority users of the confidential document, counting safety operation coefficients, comparing the safety operation coefficients with a preset safety operation coefficient threshold value, judging whether the safety operation coefficient threshold value is exceeded, and marking abnormal factors if the safety operation coefficient threshold value is exceeded;
step 50, correlating the running environment risk coefficient with the safety operation coefficient to form a safety comprehensive control coefficient,
the comprehensive management and control index accords with the following expression:
wherein, lambda is more than or equal to 0 1 ≤1,0≤λ 2 Not more than 1 and lambda 1 2 +λ 2 2 =1,
Wherein lambda is 1 Lambda (lambda) 2 For the weight, the specific value is adjusted by a manager according to experience, and security evaluation is carried out on the secret related file through Zh (F, A).
And 60, determining abnormal factors which cause the generation of the confidential file through the safety comprehensive management and control coefficient result and managing and controlling the confidential file in a targeted manner.
Preferably, the step 10 includes the following:
s101, acquiring identity information of an access user of a secret related file and a corresponding access record, wherein the identity information of the access user comprises a user account number, an authorized user table, data which can be circulated and the like;
s102, recording the operation of accessing the confidential document by the authorized user to form an access log; wherein the operations include operation time, readable control, writable control, print control, etc.;
s103, acquiring an access log, forming an operation data table, and storing the operation data table into the cloud server.
Preferably, the step 20 includes the following:
s201, recording abnormal circulation of the confidential document by taking 4 hours or 8 hours as a monitoring period;
s202, corresponding the account number of the authorized user, the corresponding access record and the abnormal circulation time point according to the time for generating the abnormal circulation;
s203, determining whether the abnormal circulation generated in the monitoring period is a new circulation problem, and if the abnormal circulation is the new circulation problem, marking the abnormal circulation as a secret leakage mark to form a secret leakage mark library.
Preferably, the step 30 includes the following:
s301, before an authorized user accesses a confidential document, scanning a blockchain operation environment where the confidential document is located through an API HOOK technology of a bottom layer Windows, and determining the prevention and control degree Fc of the blockchain operation environment where the authorized user is located;
fc represents the prevention and control degree of the confidential document of the authority user in the monitoring period, and Fs represents the total prevention and control times of the confidential document; zq represents a monitoring period of the confidential document,
wherein zq=4h.
Preferably, the step 30 further includes the following:
s302, determining the abnormal attack degree Yc of the authority user of the secret document when the authority user accesses the secret document;
the abnormal attack degree refers to the number of times of external access attack when a right user accesses a confidential document in a monitoring period, wherein the external attack comprises virus attack, hardware attack and the like;
s303, when the authority user is in a state of accessing the secret-related document, checking the circulation times of the secret-related document, and determining the ratio Lz of the residual circulation times and the total circulation times;
s304, performing normalization comprehensive treatment on the prevention and control degree Fc, the abnormal attack degree Yc and the residual flow occupation ratio Lz to form a blockchain running environment risk degree Fx, wherein the running environment risk coefficient Fx meets the following expression:
wherein 0.ltoreq.alpha 1 ≤1,0≤α 2 ≤1,0≤α 3 Less than or equal to 1, and alpha 1 +α 2 +α 3 The specific values are adjusted empirically by the manager.
S305, comparing the running environment risk coefficient with a preset running environment risk coefficient threshold, if the running environment risk coefficient is higher than the preset running environment risk coefficient threshold, judging that the blockchain running environment of the confidential document has potential safety hazards, and analyzing whether the value of the abnormal sub-factor exceeds the threshold, namely, processing the result of judging the abnormal sub-factor by judging the value of the abnormal sub-factor.
Preferably, the step 40 includes the following:
s401, in the monitoring period, starting with the first time of starting to open the secret related document, calling an API interface between the time of finishing the document circulation, and counting the loss quantity Ls of the secret related document;
s402, periodically monitoring the secret document, determining the times of abnormal circulation of the secret document, and determining the successful proportion Jc of the secret document intercepted by secret disclosure;
s403, counting the effective content of the secret document along the direction of the monitoring time axis, and determining the secret disclosure number of times of the secret document to occupy the ratio Xz;
s404, carrying out normalization comprehensive treatment on the loss quantity Ls of the secret document, the successful secret disclosure interception proportion Jc and the secret disclosure times occupation ratio Xz to form a safe operation coefficient Ac, wherein the safe operation coefficient Ac has the following expression:
wherein 0.ltoreq.beta 1 ≤1,0≤β 2 Not more than 1 and beta 1 2 +β 2 2 The specific value is empirically set by the manager.
S405, comparing the safe operation coefficient with a preset safe operation coefficient threshold, if the safe operation coefficient is within the preset safe operation coefficient threshold, judging that the confidential document is temporarily abnormal, and if the safe operation coefficient exceeds the preset safe operation coefficient threshold, analyzing whether the abnormal sub-factor exists in the safe operation and exceeds the normal threshold.
Preferably, the step 60 includes the following:
s601, acquiring a comprehensive control index, comparing the comprehensive control index with a preset comprehensive control index threshold, judging whether the comprehensive control index is lower than the preset comprehensive control index threshold, and if so, indicating that the current authority user has no abnormality on the operation of the confidential document, and executing the self-subtracting operation according to the available circulation times value by the authority user.
S602, acquiring a comprehensive control index, comparing the comprehensive control index with a preset comprehensive control index threshold, judging whether the comprehensive control index is higher than the preset comprehensive control index threshold, and judging whether an operation environment risk coefficient or a safety operation coefficient is abnormal if the comprehensive control index is higher than the preset comprehensive control index threshold;
s603, judging a difference value between the running environment risk coefficient or the safety operation coefficient and a threshold value, if the running environment risk coefficient is higher than a preset running environment risk coefficient threshold value or the safety operation coefficient is lower than a preset safety operation coefficient threshold value, determining an abnormal sub-factor causing the running environment risk coefficient or the safety operation coefficient, and performing secret document self-locking according to the abnormal sub-factor, wherein an authorized user can not perform access operation until re-checking passes.
Preferably, the step 50 includes the following:
s501, equally dividing the safety monitoring period according to the direction of a time axis and marking the safety monitoring period as i=1, 2 and 3..k-1 and k, and respectively obtaining the running environment risk coefficient Fx k-1 、Fx k Safe operation coefficient Ac k-1 、Ac k ,
S502, running environment risk coefficient Fx k-1 、Fx k Safe operation coefficient Ac k-1 、Ac k Normalization processing is carried out to form the comprehensive control fingerA number.
The application has the technical effects and advantages that:
according to the method, the security management and control system and the device, the security management and control system are used for monitoring the security file in real time, collecting the original data of the authorized user, establishing the running environment risk coefficient, the security operation coefficient and the comprehensive management and control index, performing security assessment on the security management and control file through the comprehensive management and control index, judging whether the security management and control file is in a security state, if not, tracking according to the running environment risk coefficient and the security operation coefficient respectively, finding out abnormal sub-factors which cause the security document, performing targeted processing, reducing unsafe factors of the security document, and improving the security and stability of the security document.
Drawings
FIG. 1 is a flow chart of the method of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Example 1
Referring to fig. 1, the embodiment provides a block chain-based secret document security management and control method, which includes the following steps:
step 10, carrying out identity verification on the access user of the confidential document, marking the access user passing the identity verification as an authorized user, and obtaining an access record in the period to form an access data table;
in this embodiment, it should be specifically described that the step 10 includes the following:
s101, acquiring identity information of an access user of a secret related file and a corresponding access record, wherein the identity information of the access user comprises a user account number, an authorized user table, data which can be circulated and the like;
s102, recording the operation of accessing the confidential document by the authorized user to form an access log; wherein the operations include operation time, readable control, writable control, print control, etc.;
s103, acquiring an access log, forming an operation data table, and storing the operation data table into the cloud server.
In this embodiment, by storing the operation data table, when the secret related document is leaked, the authority user can be traced, so that the manager can trace the secret related document conveniently, and whether the document leakage accident occurs due to incorrect operation of the authority user is judged.
Step 20, counting access abnormal conditions of the authorized users in the monitoring period, and confirming and marking abnormal factors;
in this embodiment, it should be specifically described that the step 20 includes the following:
s201, recording abnormal circulation of the confidential document by taking 4 hours or 8 hours as a monitoring period;
s202, corresponding the account number of the authorized user, the corresponding access record and the abnormal circulation time point according to the time for generating the abnormal circulation;
s203, determining whether the abnormal circulation generated in the monitoring period is a new circulation problem, and if the abnormal circulation is the new circulation problem, marking the abnormal circulation as a secret leakage mark to form a secret leakage mark library.
In this embodiment, by associating and marking the account number of the authorized user, the corresponding access record and the abnormal circulation time point, the method is favorable for performing targeted inspection when abnormal circulation occurs in the confidential document, is convenient for determining the reason for generating abnormal circulation, and is determined to be a secret leakage if the generated circulation problem is a new circulation problem, so as to be used as a judgment factor for security management and control of the confidential document.
Step 30, performing risk analysis on the blockchain running environment where the ciphertext file is located, counting running environment risk coefficients, comparing the running environment risk coefficients with a preset running environment risk coefficient threshold, judging whether the running environment risk coefficient threshold is exceeded, and if the running environment risk coefficient threshold is exceeded, marking abnormal factors;
in this embodiment, it should be specifically described that the step 30 includes the following:
s301, before an authorized user accesses a confidential document, scanning a blockchain operation environment where the confidential document is located through an API HOOK technology of a bottom layer Windows, and determining the prevention and control degree Fc of the blockchain operation environment where the authorized user is located;
fc represents the prevention and control degree of the confidential document of the authority user in the monitoring period, and Fs represents the total prevention and control times of the confidential document; zq represents a monitoring period of the confidential document.
Wherein zq=4h.
S302, determining the abnormal attack degree Yc of the authority user of the secret document when the authority user accesses the secret document;
the abnormal attack degree refers to the number of times of external access attack when a right user accesses a confidential document in a monitoring period, wherein the external attack comprises virus attack, hardware attack and the like;
s303, when the authority user is in a state of accessing the secret-related document, checking the circulation times of the secret-related document, and determining the ratio Lz of the residual circulation times and the total circulation times;
s304, performing normalization comprehensive treatment on the prevention and control degree Fc, the abnormal attack degree Yc and the residual flow occupation ratio Lz to form a blockchain running environment risk degree Fx, wherein the running environment risk coefficient Fx meets the following expression:
wherein, alpha is more than or equal to 0 1 ≤1,0≤α 2 ≤1,0≤α 3 Less than or equal to 1, and alpha 1 +α 2 +α 3 The specific value is adjusted empirically by the user.
S305, comparing the running environment risk coefficient with a preset running environment risk coefficient threshold, if the running environment risk coefficient is higher than the preset running environment risk coefficient threshold, judging that the blockchain running environment of the confidential document has potential safety hazards, and analyzing whether the value of the abnormal sub-factor exceeds the threshold, namely, processing the result of judging the abnormal sub-factor by judging the value of the abnormal sub-factor.
In the embodiment, the running environment risk coefficient is obtained by comprehensively analyzing the prevention and control degree, the abnormal attack degree and the residual flow duty ratio, and judgment is carried out according to the result of the running environment risk coefficient, so that the security protection of the secret document is carried out without attack before the authorized user opens the secret document, and the security of the secret document is improved.
Step 40, performing operation analysis on authority users of the confidential document, counting safety operation coefficients, comparing the safety operation coefficients with a preset safety operation coefficient threshold value, judging whether the safety operation coefficient threshold value is exceeded, and marking abnormal factors if the safety operation coefficient threshold value is exceeded;
in this embodiment, it should be specifically described that the step 40 includes the following:
s401, in the monitoring period, starting with the first time of starting to open the secret related document, calling an API interface between the time of finishing the document circulation, and counting the loss quantity Ls of the secret related document;
s402, periodically monitoring the secret document, and illustratively, in a set period, monitoring the secret document in real time, determining the number of times of abnormal circulation of the secret document and determining the successful proportion Jc of secret document disclosure interception;
s403, counting the effective content of the secret document along the direction of the monitoring time axis, and determining the secret disclosure number of times of the secret document to occupy the ratio Xz;
s404, carrying out normalization comprehensive treatment on the loss quantity Ls of the secret document, the successful secret disclosure interception proportion Jc and the secret disclosure times occupation ratio Xz to form a safe operation coefficient Ac, wherein the safe operation coefficient Ac has the following expression:
wherein 0.ltoreq.beta 1 ≤1,0≤β 2 Not more than 1 and beta 1 2 +β 2 2 The specific value is empirically set by the manager.
S405, comparing the safe operation coefficient with a preset safe operation coefficient threshold, if the safe operation coefficient is within the preset safe operation coefficient threshold, judging that the confidential document is temporarily abnormal, and if the safe operation coefficient exceeds the preset safe operation coefficient threshold, analyzing whether the abnormal sub-factor exists in the safe operation and exceeds the normal threshold.
In the embodiment, when the authority user accesses the confidential document, an API interface is called, the authority user accesses the confidential document data, a safety operation coefficient for judging the confidential document is obtained through function fitting, whether the authority user has safety when accessing the confidential document is judged according to the result of the safety operation coefficient, and when the authority user accesses the confidential document abnormally, the authority user can trace according to the abnormal subfactor, so that management personnel can conveniently improve and process the confidential document.
And 50, correlating the running environment risk coefficient with the safety operation coefficient to form a safety comprehensive management and control coefficient.
In this embodiment, it should be specifically described that the step 50 includes the following:
s501, equally dividing the safety monitoring period according to the direction of a time axis and marking the safety monitoring period as i=1, 2 and 3..k-1 and k, and respectively obtaining the running environment risk coefficient Fx k-1 、Fx k Safe operation coefficient Ac k-1 、Ac k ,
S502, running environment risk coefficient Fx k-1 、Fx k Safe operation coefficient Ac k-1 、Ac k Carrying out normalization processing and correlating to form a comprehensive control index, wherein the comprehensive control index accords with the following expression:
wherein, lambda is more than or equal to 0 1 ≤1,0≤λ 2 Not more than 1 and lambda 1 2 +λ 2 2 =1,
Wherein lambda is 1 Lambda (lambda) 2 For the weight, the specific value is adjusted by a manager according to experience, and security evaluation is carried out on the secret related file through Zh (F, A).
And 60, determining abnormal factors which cause the generation of the confidential file through the safety comprehensive management and control coefficient result and managing and controlling the confidential file in a targeted manner.
In this embodiment, it should be specifically described that the step 60 includes the following:
s601, acquiring a comprehensive control index, comparing the comprehensive control index with a preset comprehensive control index threshold, judging whether the comprehensive control index is lower than the preset comprehensive control index threshold, and if so, indicating that the current authority user has no abnormality on the operation of the confidential document, and executing the self-subtracting operation according to the available circulation times value by the authority user.
S602, acquiring a comprehensive control index, comparing the comprehensive control index with a preset comprehensive control index threshold, judging whether the comprehensive control index is higher than the preset comprehensive control index threshold, and judging whether an operation environment risk coefficient or a safety operation coefficient is abnormal if the comprehensive control index is higher than the preset comprehensive control index threshold;
s603, judging a difference value between the running environment risk coefficient or the safety operation coefficient and a threshold value, if the running environment risk coefficient is higher than a preset running environment risk coefficient threshold value or the safety operation coefficient is lower than a preset safety operation coefficient threshold value, determining an abnormal sub-factor causing the running environment risk coefficient or the safety operation coefficient, and performing secret document self-locking according to the abnormal sub-factor, wherein an authorized user can not perform access operation until re-checking passes.
In this embodiment, by associating the running environment risk coefficient with the safe operation coefficient, a comprehensive management and control index is formed, the comprehensive management and control index is compared with a preset comprehensive management and control index, the blockchain running environment and the operation safety condition of the confidential document are judged from multiple aspects, the running environment risk coefficient and the safe operation coefficient are respectively associated based on the judging result, and the security of the confidential document is ensured by targeted management and control according to the traceable abnormal sub-factors.
In summary, through carrying out real-time monitoring on the secret document, collecting the original data of the authority user, establishing an operation environment risk coefficient, a safety operation coefficient and a comprehensive management and control index, carrying out safety evaluation on the secret document through the comprehensive management and control index, judging whether the secret document is in a safe state, if not, tracking according to the operation environment risk coefficient and the safety operation coefficient respectively, finding out abnormal sub-factors which lead to the secret document, carrying out targeted processing, reducing unsafe factors of the secret document, and improving the safety and stability of the secret document.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present application, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
Other embodiments or specific implementations of the block chain-based security management and control method for a secret document of the present application may refer to the above method embodiments, and are not described herein.
Finally: the foregoing description of the preferred embodiments of the application is not intended to limit the application to the precise form disclosed, and any such modifications, equivalents, and alternatives falling within the spirit and principles of the application are intended to be included within the scope of the application.
Claims (8)
1. A block chain-based secret-related document safety management and control method is characterized by comprising the following steps of: the method comprises the following steps:
step 10, carrying out identity verification on the access user of the confidential document, marking the access user passing the identity verification as an authorized user, and obtaining an access record in the period to form an access data table;
step 20, counting access abnormal conditions of the authorized users in the monitoring period, and confirming and marking abnormal factors;
step 30, performing risk analysis on the blockchain running environment where the ciphertext file is located, counting running environment risk coefficients, comparing the running environment risk coefficients with a preset running environment risk coefficient threshold, judging whether the running environment risk coefficient threshold is exceeded, and if the running environment risk coefficient threshold is exceeded, marking abnormal factors;
step 40, performing operation analysis on authority users of the confidential document, counting safety operation coefficients, comparing the safety operation coefficients with a preset safety operation coefficient threshold value, judging whether the safety operation coefficient threshold value is exceeded, and marking abnormal factors if the safety operation coefficient threshold value is exceeded;
step 50, correlating the running environment risk coefficient with the safety operation coefficient to form a safety comprehensive control coefficient,
the comprehensive management and control index accords with the following expression:
wherein, lambda is more than or equal to 0 1 ≤1,0≤λ 2 Not more than 1 and lambda 1 2 +λ 2 2 =1,
Wherein lambda is 1 Lambda (lambda) 2 For the weight, the specific value is adjusted by a manager according to experience, and security evaluation is carried out on the secret related file through Zh (F, A).
And 60, determining abnormal factors which cause the generation of the confidential file through the safety comprehensive management and control coefficient result and managing and controlling the confidential file in a targeted manner.
2. The blockchain-based security management and control method for the ciphertext documents, which is characterized in that: the step 10 includes the following:
s101, acquiring identity information of an access user of a secret related file and a corresponding access record, wherein the identity information of the access user comprises a user account number, an authorized user table, data which can be circulated and the like;
s102, recording the operation of accessing the confidential document by the authorized user to form an access log; wherein the operations include operation time, readable control, writable control, print control, etc.;
s103, acquiring an access log, forming an operation data table, and storing the operation data table into the cloud server.
3. The blockchain-based security management and control method for the ciphertext documents, which is characterized in that: the step 20 includes the following:
s201, recording abnormal circulation of the confidential document by taking 4 hours or 8 hours as a monitoring period;
s202, corresponding the account number of the authorized user, the corresponding access record and the abnormal circulation time point according to the time for generating the abnormal circulation;
s203, determining whether the abnormal circulation generated in the monitoring period is a new circulation problem, and if the abnormal circulation is the new circulation problem, marking the abnormal circulation as a secret leakage mark to form a secret leakage mark library.
4. The blockchain-based security management and control method for the ciphertext documents, which is characterized in that: the step 30 includes the following:
s301, before an authorized user accesses a confidential document, scanning a blockchain operation environment where the confidential document is located through an API HOOK technology of a bottom layer Windows, and determining the prevention and control degree Fc of the blockchain operation environment where the authorized user is located;
fc represents the prevention and control degree of the confidential document of the authority user in the monitoring period, and Fs represents the total prevention and control times of the confidential document; zq represents a monitoring period of the confidential document,
wherein zq=4h.
5. The blockchain-based security management and control method for the ciphertext documents, as claimed in claim 4, wherein the method is characterized by comprising the following steps: the step 30 further includes the following:
s302, determining the abnormal attack degree Yc of the authority user of the secret document when the authority user accesses the secret document;
the abnormal attack degree refers to the number of times of external access attack when a right user accesses a confidential document in a monitoring period, wherein the external attack comprises virus attack, hardware attack and the like;
s303, when the authority user is in a state of accessing the secret-related document, checking the circulation times of the secret-related document, and determining the ratio Lz of the residual circulation times and the total circulation times;
s304, performing normalization comprehensive treatment on the prevention and control degree Fc, the abnormal attack degree Yc and the residual flow occupation ratio Lz to form a blockchain running environment risk degree Fx, wherein the running environment risk coefficient Fx meets the following expression:
wherein 0.ltoreq.alpha 1 ≤1,0≤α 2 ≤1,0≤α 3 Less than or equal to 1, and alpha 1 +α 2 +α 3 The specific values are adjusted empirically by the manager.
S305, comparing the running environment risk coefficient with a preset running environment risk coefficient threshold, if the running environment risk coefficient is higher than the preset running environment risk coefficient threshold, judging that the blockchain running environment of the confidential document has potential safety hazards, and analyzing whether the value of the abnormal sub-factor exceeds the threshold, namely, processing the result of judging the abnormal sub-factor by judging the value of the abnormal sub-factor.
6. The blockchain-based security management and control method for the ciphertext documents, which is characterized in that: the step 40 includes the following:
s401, in the monitoring period, starting with the first time of starting to open the secret related document, calling an API interface between the time of finishing the document circulation, and counting the loss quantity Ls of the secret related document;
s402, periodically monitoring the secret document, determining the times of abnormal circulation of the secret document, and determining the successful proportion Jc of the secret document intercepted by secret disclosure;
s403, counting the effective content of the secret document along the direction of the monitoring time axis, and determining the secret disclosure number of times of the secret document to occupy the ratio Xz;
s404, carrying out normalization comprehensive treatment on the loss quantity Ls of the secret document, the successful secret disclosure interception proportion Jc and the secret disclosure times occupation ratio Xz to form a safe operation coefficient Ac, wherein the safe operation coefficient Ac has the following expression:
wherein 0.ltoreq.beta 1 ≤1,0≤β 2 Not more than 1 and beta 1 2 +β 2 2 The specific value is empirically set by the manager.
S405, comparing the safe operation coefficient with a preset safe operation coefficient threshold, if the safe operation coefficient is within the preset safe operation coefficient threshold, judging that the confidential document is temporarily abnormal, and if the safe operation coefficient exceeds the preset safe operation coefficient threshold, analyzing whether the abnormal sub-factor exists in the safe operation and exceeds the normal threshold.
7. The method of the block chain-based security management and control method for the ciphertext documents, which is characterized in that: the step 60 includes the following:
s601, acquiring a comprehensive control index, comparing the comprehensive control index with a preset comprehensive control index threshold, judging whether the comprehensive control index is lower than the preset comprehensive control index threshold, and if so, indicating that the current authority user has no abnormality on the operation of the confidential document, and executing the self-subtracting operation according to the available circulation times value by the authority user.
S602, acquiring a comprehensive control index, comparing the comprehensive control index with a preset comprehensive control index threshold, judging whether the comprehensive control index is higher than the preset comprehensive control index threshold, and judging whether an operation environment risk coefficient or a safety operation coefficient is abnormal if the comprehensive control index is higher than the preset comprehensive control index threshold;
s603, judging a difference value between the running environment risk coefficient or the safety operation coefficient and a threshold value, if the running environment risk coefficient is higher than a preset running environment risk coefficient threshold value or the safety operation coefficient is lower than a preset safety operation coefficient threshold value, determining an abnormal sub-factor causing the running environment risk coefficient or the safety operation coefficient, and performing secret document self-locking according to the abnormal sub-factor, wherein an authorized user can not perform access operation until re-checking passes.
8. The blockchain-based security management and control method for the ciphertext documents, which is characterized in that: the step 50 includes the following:
s501, equally dividing the safety monitoring period according to the direction of a time axis and marking the safety monitoring period as i=1, 2 and 3..k-1 and k, and respectively obtaining the running environment risk coefficient Fx k-1 、Fx k Safe operation coefficient Ac k-1 、Ac k ,
S502, running environment risk coefficient Fx k-1 、Fx k Safe operation coefficient Ac k-1 、Ac k And carrying out normalization treatment to form a comprehensive management and control index.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310623816.9A CN117131534B (en) | 2023-05-29 | 2023-05-29 | Secret document security management and control method based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310623816.9A CN117131534B (en) | 2023-05-29 | 2023-05-29 | Secret document security management and control method based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117131534A true CN117131534A (en) | 2023-11-28 |
| CN117131534B CN117131534B (en) | 2024-05-17 |
Family
ID=88853380
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310623816.9A Active CN117131534B (en) | 2023-05-29 | 2023-05-29 | Secret document security management and control method based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117131534B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117332453A (en) * | 2023-11-30 | 2024-01-02 | 山东街景智能制造科技股份有限公司 | Safety management system for product database |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888574A (en) * | 2017-10-27 | 2018-04-06 | 深信服科技股份有限公司 | Method, server and the storage medium of Test database risk |
| CN110955908A (en) * | 2018-09-26 | 2020-04-03 | 珠海格力电器股份有限公司 | Early warning evaluation method and system for confidential files and intelligent terminal |
| CN114880670A (en) * | 2022-03-28 | 2022-08-09 | 云南电网有限责任公司信息中心 | Terminal safety data index visualization system |
| CN115859345A (en) * | 2022-11-10 | 2023-03-28 | 广州益涛网络科技有限公司 | Data access management method and system based on block chain |
-
2023
- 2023-05-29 CN CN202310623816.9A patent/CN117131534B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107888574A (en) * | 2017-10-27 | 2018-04-06 | 深信服科技股份有限公司 | Method, server and the storage medium of Test database risk |
| CN110955908A (en) * | 2018-09-26 | 2020-04-03 | 珠海格力电器股份有限公司 | Early warning evaluation method and system for confidential files and intelligent terminal |
| CN114880670A (en) * | 2022-03-28 | 2022-08-09 | 云南电网有限责任公司信息中心 | Terminal safety data index visualization system |
| CN115859345A (en) * | 2022-11-10 | 2023-03-28 | 广州益涛网络科技有限公司 | Data access management method and system based on block chain |
Non-Patent Citations (2)
| Title |
|---|
| 王平 等: "区块链视角下文件档案管理可信生态的构建", 《档案学研究》, no. 04, 28 August 2020 (2020-08-28), pages 117 - 123 * |
| 黄洪 等: "基于信息流的数据安全风险识别模型研究", 《计算机工程与应用》, no. 04, 30 April 2014 (2014-04-30), pages 5 - 10 * |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117332453A (en) * | 2023-11-30 | 2024-01-02 | 山东街景智能制造科技股份有限公司 | Safety management system for product database |
| CN117332453B (en) * | 2023-11-30 | 2024-02-23 | 山东街景智能制造科技股份有限公司 | Safety management system for product database |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117131534B (en) | 2024-05-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8245042B2 (en) | Shielding a sensitive file | |
| KR101335133B1 (en) | Posture-based data protection | |
| CN103632080B (en) | A kind of mobile data applications method for security protection based on USBKey | |
| KR20000047643A (en) | System for electronic repository of data enforcing access control on data search and retrieval | |
| KR20000047640A (en) | System for electronic repository of data enforcing access control on data retrieval | |
| CN116545731A (en) | Zero-trust network access control method and system based on time window dynamic switching | |
| CN103413088A (en) | Computer document operational safety audit system | |
| CN117131534B (en) | Secret document security management and control method based on blockchain | |
| CN116708037B (en) | Cloud platform access right control method and system | |
| CN114844673B (en) | Data security management method | |
| CN111666591A (en) | Online underwriting data security processing method, system, equipment and storage medium | |
| CN116418568A (en) | Data security access control method, system and storage medium based on dynamic trust evaluation | |
| CN115189937A (en) | Security protection method and device for client data | |
| CN108600178A (en) | A kind of method for protecting and system, reference platform of collage-credit data | |
| US10021183B2 (en) | System for tracking external data transmissions via inventory and registration | |
| CN115174144A (en) | Zero-trust gateway self-security detection method and device | |
| CN116246745A (en) | High-security storage database system based on medical data | |
| CN107315963A (en) | A kind of financial management method with remote access function | |
| US20210111870A1 (en) | Authorizing and validating removable storage for use with critical infrastrcture computing systems | |
| CN117195297B (en) | ERP-based data security and privacy protection system and method | |
| CN117390608A (en) | Security authentication method and system for file management | |
| Longzhu et al. | Research and exploration of the data security compliance inspection technology based on the large-scale call platform of the customer service center | |
| CN118118269A (en) | Cross-terminal copy-paste network isolation method | |
| CN117852021A (en) | Behavior management system, method, computer device and storage medium for trusted space | |
| CN116527365A (en) | System and method for realizing air traffic control heterogeneous data sharing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |