CN117216809A - Secret-related mapping result offline distribution approval authorization system and method - Google Patents
Secret-related mapping result offline distribution approval authorization system and method Download PDFInfo
- Publication number
- CN117216809A CN117216809A CN202311482002.4A CN202311482002A CN117216809A CN 117216809 A CN117216809 A CN 117216809A CN 202311482002 A CN202311482002 A CN 202311482002A CN 117216809 A CN117216809 A CN 117216809A
- Authority
- CN
- China
- Prior art keywords
- secret
- authorization
- file
- related network
- confidential
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000013475 authorization Methods 0.000 title claims abstract description 167
- 238000013507 mapping Methods 0.000 title claims abstract description 63
- 238000000034 method Methods 0.000 title claims abstract description 21
- 238000001914 filtration Methods 0.000 claims description 12
- 238000010008 shearing Methods 0.000 claims description 5
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 1
- 235000013399 edible fruits Nutrition 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000012216 screening Methods 0.000 description 1
- 201000009032 substance abuse Diseases 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a system and a method for off-line distribution approval authorization of confidential mapping achievements, which relate to the technical field of confidential internal control management of mapping, wherein the system comprises the following components: the secret-related network management end is used for pre-configuring the authorization password, performing secret-related network login configuration on staff and performing secret-related network file operation configuration on the secret-related network file; the secret-related network user side is used for generating operation authorization application information aiming at a target secret-related network file, sending the operation authorization application information to the mobile internet approval side, changing the operation configuration of the secret-related network file based on the authorization approval information, the operation authorization application information and a preset authorization password, then executing the changed secret-related network file operation, and generating a file operation record; the mobile internet approving terminal is used for determining corresponding authorization approval information based on the operation authorization application information, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result. The invention improves the timeliness of file operation of the secret-related network and ensures the safety of file information.
Description
Technical Field
The invention relates to the technical field of secret internal control management of mapping, in particular to an offline distribution approval authorization system and method for secret mapping achievements.
Background
Secret mapping results are not only important fundamental and strategic information resources of the country, but also relate to confidentiality, and once revealed or lost, the secret mapping results have a great influence. The current laws and regulations require strict secret-related mapping result registration management system, and registration accounts are established in the links of secret-related result storage, acquisition, copying and copying, and are checked regularly. In actual operation, secret-related mapping achievements can be copied outwards only by links such as application of internal staff, leading approval of a supervisor and the like in a maintenance unit. However, the application and approval operations are realized in the form of written signature confirmation, and the effectiveness of the personal protection measures is limited by the privacy awareness, insight and capability of internal staff. Once the internal staff has personal careless operations, abuses the authority or deliberately steals, etc., the written and approved file content of the leader is inconsistent with the file content actually copied by the staff, and the leader cannot actually grasp the file content actually copied by the staff in the process, so that confidential information can be leaked.
Disclosure of Invention
The invention aims to provide an offline distribution approval authorization system and method for confidential mapping achievements, which can improve timeliness of confidential network file operation and ensure file information security.
In order to achieve the above object, the present invention provides the following solutions:
in a first aspect, the present invention provides an offline distribution approval authorization system for confidential mapping achievements, including:
the secret-related network management end is deployed in a secret-related network of a secret-related mapping result keeping unit and is used for pre-configuring an authorized password, performing secret-related network login configuration on staff in the secret-related mapping result keeping unit and performing secret-related network file operation configuration on secret-related files; the type of the secret related network login configuration comprises login permission and login non-permission; the file operation configuration of the secret-related network comprises file operation permission and file operation limitation;
the secret-related network user end is deployed in the secret-related network of the secret-related mapping result keeping unit and is used for:
generating operation authorization application information aiming at a target secret-related network file, and sending the operation authorization application information to a mobile internet approval end; receiving authorization approval information sent by the mobile internet approval end, changing the operation configuration of the confidential network file corresponding to the target confidential network file based on the authorization approval information, the operation authorization application information and a pre-configured authorization password, then executing the changed confidential network file operation, and generating a file operation record;
the mobile internet approval end is deployed at the mobile terminal and is used for:
receiving the operation authorization application information sent by the secret-related network user side, and determining corresponding authorization approval information based on the operation authorization application information; receiving the file operation record sent by the secret-related network user terminal, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result; the check result includes a file operation correct and a file operation error.
In a second aspect, the invention provides a method for offline distribution approval authorization of confidential mapping achievements, which comprises the following steps:
pre-configuring an authorization password through a secret-related network management end, performing secret-related network login configuration on staff in a secret-related mapping result keeping unit, and performing secret-related network file operation configuration on a secret-related network file; the type of the secret related network login configuration comprises login permission and login non-permission; the file operation configuration of the secret-related network comprises file operation permission and file operation limitation;
generating operation authorization application information aiming at a target secret-related network file through a secret-related network user terminal, and sending the operation authorization application information to a mobile internet examination and approval terminal;
receiving the operation authorization application information sent by the confidential network user terminal through the mobile internet approval terminal, and determining corresponding authorization approval information based on the operation authorization application information;
receiving authorization approval information sent by the mobile internet approval end through the confidential network user end, changing the confidential network file operation configuration corresponding to the target confidential network file based on the authorization approval information, the operation authorization application information and a pre-configured authorization password, then executing the changed confidential network file operation, and generating a file operation record;
receiving the file operation record sent by the confidential network user terminal through a mobile internet approval terminal, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result; the check result includes a file operation correct and a file operation error.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention discloses an offline distribution approval authorization system and method for confidential mapping achievements, wherein a confidential network management end and a confidential network user end are deployed in a confidential network of a confidential mapping achievements custody unit; the mobile internet examination and approval terminal is deployed on the mobile terminal, so that an examination and approval person can timely receive information to be examined and approved and timely reply, and timeliness of operation of the confidential network file is improved. The security-related management terminal is used for pre-configuring the authorization password, performing security-related network login configuration and security-related network file operation configuration on staff in security-related mapping result keeping units, and screening the staff logged in the security-related network through the configuration, so that information in the security-related network is protected. Generating operation authorization application information aiming at a target secret-related network file through a secret-related network user terminal, and sending the operation authorization application information to a mobile Internet approval terminal; determining corresponding authorization approval information based on the operation authorization application information through a mobile internet approval end; the method comprises the steps that through a secret-related network user terminal, based on authorization approval information, operation authorization application information and a preset authorization password, the secret-related network file operation configuration corresponding to a target secret-related network file is changed, then the changed secret-related network file operation is executed, and a file operation record is generated. And receiving a file operation record sent by the confidential network user terminal through the mobile internet approval terminal, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result.
According to the invention, through the functions of operation restriction, access control, cross-network cross-terminal approval authorization, operation information recording and the like of the confidential mapping result file, copying and copying of the confidential result file in an environment where a leader is in charge of knowing and controlling the whole course is ensured, so that informationized management of confidential internal control is realized, and the confidential information security is further maintained.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic diagram of a system for offline distribution approval authorization of confidential mapping achievements;
fig. 2 is a schematic diagram of an offline distribution approval authorization method for confidential mapping achievements.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention provides an offline distribution approval authorization system and method for confidential mapping achievements, wherein a master leader can check file contents which need to be copied in confidential internal networks through a mobile terminal in real time, and authorizes staff to execute file copying operation; after generating an authorized file, the leader sends the authorized file to a worker executing file copying operation in real time, the worker can copy the designated file only after obtaining the authorization, and the authorized file has only one copy authority; authorized files or folders cannot be copied, cut, copied and renamed after being copied once; meanwhile, the file information for executing the duplicate copy can be recorded in real time and sent to the leader check. The aim of maintaining security information security is achieved through the integral steps.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
Example 1
As shown in FIG. 1, the invention provides an offline distribution approval authorization system for confidential mapping results, which comprises a confidential network management end, a confidential network user end and a mobile Internet approval end.
And (I) a secret network management end.
The secret-related network management end is deployed in a secret-related network of a secret-related mapping result keeping unit, and is used for pre-configuring an authorized password, performing secret-related network login configuration on staff in the secret-related mapping result keeping unit and performing secret-related network file operation configuration on secret-related network files; the type of the secret related network login configuration comprises login permission and login non-permission; the secret-involved network file operation configuration comprises file permission operation and file restriction operation. When the confidential network file is operated to be copied, the corresponding confidential network file operation configuration comprises copying permission and copying non-permission; when the secret-related net file is operated to be sheared, the corresponding secret-related net file operation configuration comprises permission and non-permission of shearing; when the confidential network file is operated to be copied, the corresponding confidential network file operation configuration comprises permission and non-permission of copying; when the secret-involved network file operation is renamed, the corresponding secret-involved network file operation configuration includes permission and non-permission of renaming.
The confidential management end comprises an authorization management module, a user management module, a list generation module and an authority control module.
The authorization management module is used for pre-configuring the authorization password. Specifically, the manager leader of the confidential survey and drawing result custody unit uses the authorization management module to set an authorization password, wherein the authorization password is a combination of case letters, numbers and punctuation marks.
The user management module is used for performing secret-related network login configuration on staff in the secret-related mapping result keeping unit; the configuration information of the secret related network login configuration comprises a user name and a corresponding password. Specifically, a manager leader of the confidential mapping result keeping unit uses a user management module to set a user name and a corresponding password of the system login for a worker in the unit, and distributes the user name and the corresponding password to the corresponding worker. These user name information are used to later correlate and record the worker information with their duplicate copy operation.
The permission control module is used for carrying out secret-related network file operation configuration on the secret-related network files in the secret-related mapping result keeping unit. Specifically, after the confidential result file or folder is copied to the storage equipment of the unit for the first time, the authority control module is used for selecting the file or folder needing to be limited to be copied, cut, copied and renamed, namely, performing confidential network file operation configuration on the confidential network file so as to perform authority control on file processing operation. Furthermore, a Windows MiniFilter framework is arranged in the secret-related network management end so as to carry out file filtering and file operation driving on a plurality of secret-related network files based on the secret-related network file operation configuration.
The list generation module is used for recording all the confidential network files with the confidential network file operation configured to limit the file operation so as to obtain a list of the limited operation files. I.e. a blacklisted configuration file is generated in which files or folder information that need to be restricted from copying, cutting, copying and renaming is recorded. When the files are copied, cut, copied, renamed and the like, the file driver reads the configuration files, and according to the file configuration information, the copying, cutting, copying and renaming operations of the files are forbidden.
File filtering driving basic principle: the Windows operating system file operation is divided into a user mode and a kernel mode, wherein the user mode is mainly of various application software exe types. When the user mode software needs to operate the file, a file operation request is sent to the I/O manager of the system in a unified way, the I/O manager sends the operation request downwards, and the kernel realizes the real operation of the file. The file filtering mainly uses the drive of Windows system kernel, adds file filtering drive in I/O stack to make real-time monitoring and interception of file operation request on local machine, after finishing processing, returns the result to I/O manager, and according to the result the manager can decide that the operation request is downward sent or not. The file filtering driver adopts a Microsoft Minifilter filtering driver framework, registers the operation needing filtering with the filtering manager driver, provides a callback function of Pre (before processing), and calls the callback function of Pre when a file operation request occurs. In the Pre callback function, analyzing the data structure, acquiring file information, judging the name of the file and the operation type of the file, and if the file filtering condition is met, realizing the file work operation limiting function and prohibiting the copying, shearing, copying and renaming operations of the file. If the file is prohibited from being copied, cut, copied and renamed, the operation result is the execution result of the final I/O operation, and the request is not required to be sent to the I/O manager for processing. And if the filtering condition is not met, sending the operation request of the file to the I/O manager for continuous processing.
And (II) the secret network client.
The secret-related network user end is deployed in the secret-related network of the secret-related mapping result keeping unit, and is used for: generating operation authorization application information aiming at a target secret-related network file, and sending the operation authorization application information to a mobile internet approval end; and receiving authorization approval information sent by the mobile internet approval end, changing the operation configuration of the confidential network file corresponding to the target confidential network file based on the authorization approval information, the operation authorization application information and the pre-configured authorization password, then executing the changed confidential network file operation, and generating a file operation record. The operation authorization application information is an application two-dimensional code picture; the authorization approval information is an authorization two-dimension code picture; and the file operation record is to record a two-dimensional code picture.
The secret related network user comprises an application authorization module, an authorization operation module and an operation recording module.
An application authorization module for: selecting a target secret-related network file, generating an application two-dimensional code picture based on the target secret-related network file, and then sending the application two-dimensional code picture to a mobile internet approval terminal; the application two-dimensional code picture is used for recording the number of the target secret-related network files and the operation application of the secret-related network files corresponding to each target secret-related network file; the file operation application of the secret-related network is to change the file operation restriction into file operation permission; file operations corresponding to the file operation application of the secret-related network comprise copying, shearing, copying and renaming.
Specifically, when staff of a secret-related mapping result keeping unit needs to copy secret-related mapping into a fruit file or a folder, an application authorization module is used for selecting a corresponding target secret-related network file or folder, a configuration file for recording a white list is generated, and file or folder information needing to be copied is recorded in the configuration file; and then generating an application two-dimension code picture, and recording the application order information, the files or folders needing copying and the data volume information in the application two-dimension code picture. The configuration file is stored in a system database for subsequent calling, and the application two-dimensional code picture is sent to a director by a staff through the mobile office system of the unit or instant messaging software (such as QQ, weChat and the like).
An authorization operation module for: receiving an authorization two-dimensional code picture sent by the mobile internet approval end, and obtaining an authorization password, an authorization secret-related network file and corresponding secret-related network file authorization operation by reading and decrypting the authorization two-dimensional code picture; when the authorized secret-related network file is consistent with the target secret-related network file in the application two-dimensional code picture and the authorized password is consistent with the preset authorized password, changing the operation configuration of the secret-related network file corresponding to the target secret-related network file based on the secret-related network file authorization operation, and then executing the changed secret-related network file operation.
Specifically, after a worker of a secret-related mapping result keeping unit obtains an authorized two-dimension code picture sent by a master leader through a mobile office system or instant messaging software (such as QQ, weChat and the like), a two-dimension code scanning gun in a secret-related network is used for reading an authorized two-dimension code, an authorized operation module decrypts the authorized two-dimension code picture to obtain application order information and an authorized password, the application order information and the password preset by a management end are compared with each other, if the information is consistent, the operation authority of a file or a folder determined in the application authorization module is relieved, and the file or the folder which is relieved from limitation can be subjected to operations such as copy once. If the information is inconsistent, the file operation is refused.
The operation recording module is used for recording the number and the total data of the secret-related network files for executing the changed secret-related network file operation and generating a recorded two-dimensional code picture. Specifically, the operation recording module records all file names and data total amounts of copying/cutting/renaming, and records all file names and data total amount information into the two-dimension code to obtain a recorded two-dimension code picture. The staff needs to send the recorded two-dimension code pictures to the leader of the director through a mobile office system or instant messaging software (such as QQ, weChat and the like).
In a specific example, the operation recording module and the authorization operation module can be arranged in the same module, and the operation authority of the authorization file or the folder is released by reading and decrypting the authorization two-dimension code picture sent by the leader. After the operation is executed, a two-dimensional code containing the file or folder information and the data amount information of the operation is generated.
The authority release function of the authorized operation module is also realized through a file filtering driver, and the Windows MiniFilter framework is adopted to release the authority before the file processing operation. When the files are copied, cut, copied, renamed and the like, the file driver reads the white list configuration file, and deletes the corresponding file or folder information in the black list configuration file according to the white list configuration file information. At this time, the files or folders after the restriction is removed can be correspondingly operated, after one-time operation of file driving processing, the blacklist configuration file is restored to the original state, and all the files or folders related to the blacklist configuration file are prohibited from being copied, cut and renamed.
And thirdly, a mobile internet approval terminal.
The mobile internet approval end is deployed at the mobile terminal and is used for: receiving the operation authorization application information sent by the secret-related network user side, and determining corresponding authorization approval information based on the operation authorization application information; receiving the file operation record sent by the secret-related network user terminal, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result; the check result includes a file operation correct and a file operation error.
The mobile internet approval terminal comprises an approval authorization module and an information checking module.
An approval authorization module for: receiving application two-dimensional code pictures sent by the secret-related network user terminal, and reading and decrypting the application two-dimensional code pictures to obtain the number of corresponding target secret-related network files and the operation application of the secret-related network files corresponding to each target secret-related network file; generating an authorized two-dimension code picture based on the number of the target secret-related network files and the secret-related network file operation application corresponding to each target secret-related network file, and sending the authorized two-dimension code picture to the secret-related network user side.
Specifically, after obtaining a two-dimension code application picture sent by a worker through a mobile office system or instant messaging software (such as QQ, weChat and the like), a supervisor lead of a confidential mapping result keeping unit uses a mobile internet approval end to identify the two-dimension code application picture and reads the current application order information of the worker and files or folders and data volume information of which the copy is required. If the director agrees to operate, a corresponding authorization two-dimension code picture is generated, the application order information and the authorization password are recorded in the authorization two-dimension code picture, and then the authorization two-dimension code picture is sent to staff through a mobile office system or instant messaging software (such as QQ, weChat and the like).
An information checking module for: receiving the recorded two-dimensional code picture sent by the confidential network user terminal, and reading and decrypting the recorded two-dimensional code picture to obtain the number of confidential network files for executing the modified confidential network file operation; performing file operation checking based on the number of the secret-related network files for executing the changed secret-related network file operation, the number of the target secret-related network files and the secret-related network file operation application corresponding to each target secret-related network file, and generating a checking result; the check result includes a file operation correct and a file operation error.
Specifically, after receiving a recorded two-dimensional code picture generated after a worker performs copying operation and sent by a mobile office system or instant messaging software (such as QQ, weChat and the like), an information checking module is used for identifying the recorded two-dimensional code picture, reading the file name and the data total amount of the copying operation of the worker, comparing the file name and the data total amount with the file name and the data total amount of the previous application authorization, if the file name and the data total amount are consistent, indicating that the worker operates correctly, and if the file name and the data total amount are inconsistent, the situation that information is copied more or less, and indicating that the worker operates incorrectly.
In summary, the invention comprises a secret related network management end, a secret related network user end and a mobile internet approval end. The secret related network management end comprises an authority control module, an authorization management module, a user management module and a list generation module; the secret-related network user comprises an application authorization module, an authorization operation module and an operation recording module; the mobile internet approval terminal comprises an approval authorization module and an information checking module. The management end is deployed in a secret-related network of a secret-related mapping result keeping unit and is operated by a main pipe of the unit; the user side is deployed in a secret-related network of a secret-related mapping result keeping unit and operated by staff of the unit; the approval end is deployed in a mobile phone of the leader of the director and operated by the leader of the director. The master leader of the confidential mapping result keeping unit can control the copying operation of confidential mapping result files or folders in the confidential intranet through the mobile terminal, and master the file information and operation information for executing copying, so that the confidential result files are ensured to operate in an environment that the master leader knows and controls in the whole process, the informationized management of confidential internal control of results is realized, and the security of confidential information is further maintained.
Example two
In order to achieve the technical solution in the first embodiment to achieve the corresponding functions and technical effects, the embodiment further provides an offline distribution approval authorization method for confidential mapping results, including:
the method comprises the steps that firstly, an authorized password is preconfigured through a secret-related network management end, secret-related network login configuration is conducted on staff in a secret-related mapping result keeping unit, and secret-related network file operation configuration is conducted on secret-related network files; the type of the secret related network login configuration comprises login permission and login non-permission; the secret-involved network file operation configuration comprises file permission operation and file restriction operation. Wherein the authorization password includes case letters, numbers and punctuation marks.
Generating operation authorization application information aiming at a target secret-related network file through a secret-related network user terminal, and sending the operation authorization application information to a mobile internet approval terminal.
And thirdly, receiving the operation authorization application information sent by the confidential network user terminal through the mobile internet approval terminal, and determining corresponding authorization approval information based on the operation authorization application information.
And step four, receiving authorization approval information sent by the mobile internet approval end through the confidential network user end, changing the confidential network file operation configuration corresponding to the target confidential network file based on the authorization approval information, the operation authorization application information and a pre-configured authorization password, then executing the changed confidential network file operation, and generating a file operation record.
Step five, receiving the file operation record sent by the confidential network user terminal through a mobile internet approval terminal, carrying out file operation check based on the file operation record and the operation authorization application information, and generating a check result; the check result includes a file operation correct and a file operation error.
As shown in fig. 2, in a specific example, the flow of the method for offline distribution approval authorization of the confidential mapping result is as follows:
(1) And initializing a system. The method comprises the steps of creating a system user name and a corresponding password for staff of a unit by using a user management module and distributing the system user name and the corresponding password to the corresponding staff. The authorization management module is used for presetting an authorization password of the copy, and the authorization password is generally composed of case letters, numbers and punctuations.
(2) The director enforces rights control. After the confidential result file or folder is copied to the storage equipment of the unit for the first time, a leader of the confidential and mapping result keeping unit uses a permission control module to select files or folders needing to be limited to be copied, cut, copied and renamed to execute permission control. After rights control, the selected file or folder will not be able to perform copying, cutting, copying, renaming, etc., and a blacklist may be constructed based on the selected file or folder that is not able to perform copying, cutting, copying, renaming, etc., to facilitate subsequent operations.
(3) The staff member applies for authorization. When workers of the confidential mapping result keeping unit need to copy the confidential mapping result files or folders, an application authorization module is used for selecting the corresponding files or folders to generate an authorization application two-dimensional code picture. And then the two-dimension code application picture is sent to a leader of a director through the mobile office system of the unit or instant messaging software (such as QQ, weChat and the like).
(4) The director leads the approval authority. After obtaining the application two-dimension code picture sent by the staff, the supervisor leader of the confidential mapping result keeping unit uses the approving terminal to identify the two-dimension code picture and reads the application order information of the staff and the file or folder and data volume information of which the application needs to be copied. If the director agrees to copy, the approval authorization module generates an authorization two-dimension code picture, and then the authorization two-dimension code picture is sent to staff through a mobile office system or instant messaging software (such as QQ, weChat and the like).
(5) The worker performs a duplicate copy operation. After staff of the secret-related mapping result keeping unit obtains the authorized two-dimensional code picture sent by the leader of the supervisor, the two-dimensional code scanning gun in the secret-related network is used for reading the authorized two-dimensional code. At this time, the corresponding file or folder can release the copy right once. After the worker executes the copy operation once, the authority is closed, and a recorded two-dimensional code picture is generated. The staff needs to send the recorded two-dimension code picture to the leader of the director through a mobile office system or instant messaging software (such as QQ, weChat, etc.).
(6) The director checks the worker operation information. After receiving recorded two-dimension code pictures sent by staff, the supervisor leader of the confidential mapping result keeping unit uses an information checking module to identify the two-dimension code pictures, reads the file name and the data total amount of copying by the staff, compares the file name and the data total amount with the file name and the data total amount of the previous application authorization, and if the file name and the data total amount are consistent, the operator is correctly operated, and if the file name and the data total amount are inconsistent, the situation that the information is copied more or less, and the operator is incorrectly operated is indicated.
In the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different point from other embodiments, and identical and similar parts between the embodiments are all enough to refer to each other. For the system disclosed in the embodiment, since it corresponds to the method disclosed in the embodiment, the description is relatively simple, and the relevant points refer to the description of the method section.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.
Claims (9)
1. An offline distribution approval authorization system for confidential mapping achievements, which is characterized by comprising:
the secret-related network management end is deployed in a secret-related network of a secret-related mapping result keeping unit and is used for pre-configuring an authorized password, performing secret-related network login configuration on staff in the secret-related mapping result keeping unit and performing secret-related network file operation configuration on secret-related files; the type of the secret related network login configuration comprises login permission and login non-permission; the file operation configuration of the secret-related network comprises file operation permission and file operation limitation;
the secret-related network user end is deployed in the secret-related network of the secret-related mapping result keeping unit and is used for:
generating operation authorization application information aiming at a target secret-related network file, and sending the operation authorization application information to a mobile internet approval end; receiving authorization approval information sent by the mobile internet approval end, changing the operation configuration of the confidential network file corresponding to the target confidential network file based on the authorization approval information, the operation authorization application information and a pre-configured authorization password, then executing the changed confidential network file operation, and generating a file operation record;
the mobile internet approval end is deployed at the mobile terminal and is used for:
receiving the operation authorization application information sent by the secret-related network user side, and determining corresponding authorization approval information based on the operation authorization application information; receiving the file operation record sent by the secret-related network user terminal, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result; the check result includes a file operation correct and a file operation error.
2. The system for offline distribution approval authorization of confidential mapping achievements according to claim 1, wherein the confidential management terminal comprises an authorization management module, a user management module and an authority control module;
the authorization management module is used for pre-configuring an authorization password;
the user management module is used for performing secret-related network login configuration on staff in the secret-related mapping result keeping unit; the configuration information of the secret-related network login configuration comprises a user name and a corresponding password;
the permission control module is used for performing secret-related network file operation configuration on the secret-related network files in the secret-related mapping result keeping unit; when the confidential network file is operated to be copied, the corresponding confidential network file operation configuration comprises copying permission and copying non-permission; when the secret-related net file is operated to be sheared, the corresponding secret-related net file operation configuration comprises permission and non-permission of shearing; when the confidential network file is operated to be copied, the corresponding confidential network file operation configuration comprises permission and non-permission of copying; when the secret-involved network file operation is renamed, the corresponding secret-involved network file operation configuration includes permission and non-permission of renaming.
3. The system for offline distribution approval of confidential mapping achievements according to claim 1, wherein a Windows MiniFilter framework is arranged in the confidential network management end so as to perform file filtering and file operation driving on a plurality of confidential network files based on the confidential network file operation configuration.
4. The system for offline distribution approval of confidential mapping achievements according to claim 3, wherein the confidential management terminal further comprises a list generation module;
the list generation module is used for recording all the confidential network files with the confidential network file operation configured to limit the file operation so as to obtain a list of the limited operation files.
5. The system for offline distribution approval authorization of confidential mapping achievements according to claim 1, wherein the operation authorization application information is an application two-dimensional code picture; the authorization approval information is an authorization two-dimension code picture; the file operation records are recorded two-dimensional code pictures;
the secret-related network user terminal comprises:
an application authorization module for: selecting a target secret-related network file, generating an application two-dimensional code picture based on the target secret-related network file, and then sending the application two-dimensional code picture to a mobile internet approval terminal; the application two-dimensional code picture is used for recording the number of the target secret-related network files and the operation application of the secret-related network files corresponding to each target secret-related network file; the file operation application of the secret-related network is to change the file operation restriction into file operation permission; file operations corresponding to the file operation application of the secret-related network comprise copying, shearing, copying and renaming;
an authorization operation module for: receiving an authorization two-dimensional code picture sent by the mobile internet approval end, and obtaining an authorization password, an authorization secret-related network file and corresponding secret-related network file authorization operation by reading and decrypting the authorization two-dimensional code picture; when the authorized secret-related network file is consistent with the target secret-related network file in the application two-dimensional code picture and the authorized password is consistent with the preset authorized password, changing the operation configuration of the secret-related network file corresponding to the target secret-related network file based on the secret-related network file authorization operation, and then executing the changed secret-related network file operation;
the operation recording module is used for recording the number and the total data of the secret-related network files for executing the changed secret-related network file operation and generating a recorded two-dimensional code picture.
6. The system for offline distribution approval of confidential mapping achievements according to claim 5, wherein the recorded two-dimensional code pictures are sent to the mobile internet approval terminal through a mobile office system or instant messaging software.
7. The system for offline distribution approval authorization of confidential mapping achievements according to claim 1, wherein the operation authorization application information is an application two-dimensional code picture; the authorization approval information is an authorization two-dimension code picture; the file operation records are recorded two-dimensional code pictures;
the mobile internet approval terminal comprises:
an approval authorization module for: receiving application two-dimensional code pictures sent by the secret-related network user terminal, and reading and decrypting the application two-dimensional code pictures to obtain the number of corresponding target secret-related network files and the operation application of the secret-related network files corresponding to each target secret-related network file; generating an authorized two-dimensional code picture based on the number of the target secret-related network files and the secret-related network file operation application corresponding to each target secret-related network file, and sending the authorized two-dimensional code picture to the secret-related network user side;
an information checking module for: receiving the recorded two-dimensional code picture sent by the confidential network user terminal, and reading and decrypting the recorded two-dimensional code picture to obtain the number of confidential network files for executing the modified confidential network file operation; performing file operation checking based on the number of the secret-related network files for executing the changed secret-related network file operation, the number of the target secret-related network files and the secret-related network file operation application corresponding to each target secret-related network file, and generating a checking result; the check result includes a file operation correct and a file operation error.
8. An offline distribution approval authorization method for confidential mapping achievements is characterized by comprising the following steps:
pre-configuring an authorization password through a secret-related network management end, performing secret-related network login configuration on staff in a secret-related mapping result keeping unit, and performing secret-related network file operation configuration on a secret-related network file; the type of the secret related network login configuration comprises login permission and login non-permission; the file operation configuration of the secret-related network comprises file operation permission and file operation limitation;
generating operation authorization application information aiming at a target secret-related network file through a secret-related network user terminal, and sending the operation authorization application information to a mobile internet examination and approval terminal;
receiving the operation authorization application information sent by the confidential network user terminal through the mobile internet approval terminal, and determining corresponding authorization approval information based on the operation authorization application information;
receiving authorization approval information sent by the mobile internet approval end through the confidential network user end, changing the confidential network file operation configuration corresponding to the target confidential network file based on the authorization approval information, the operation authorization application information and a pre-configured authorization password, then executing the changed confidential network file operation, and generating a file operation record;
receiving the file operation record sent by the confidential network user terminal through a mobile internet approval terminal, performing file operation check based on the file operation record and the operation authorization application information, and generating a check result; the check result includes a file operation correct and a file operation error.
9. The method for offline distribution approval authorization of confidential mapping achievements according to claim 8, wherein the authorization password includes case letters, numbers and punctuation marks.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311482002.4A CN117216809B (en) | 2023-11-09 | 2023-11-09 | Secret-related mapping result offline distribution approval authorization system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311482002.4A CN117216809B (en) | 2023-11-09 | 2023-11-09 | Secret-related mapping result offline distribution approval authorization system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117216809A true CN117216809A (en) | 2023-12-12 |
| CN117216809B CN117216809B (en) | 2024-03-08 |
Family
ID=89046624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311482002.4A Active CN117216809B (en) | 2023-11-09 | 2023-11-09 | Secret-related mapping result offline distribution approval authorization system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117216809B (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002259590A (en) * | 2001-03-06 | 2002-09-13 | Ricoh Co Ltd | System and program for managing document and recording medium |
| CN1822014A (en) * | 2006-03-23 | 2006-08-23 | 沈明峰 | Protecting method for security files under cooperative working environment |
| CN101110097A (en) * | 2007-08-17 | 2008-01-23 | 南京新模式软件集成有限公司 | Method for safely dispensing electronic document |
| CN101944168A (en) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | Electronic file authority control and management system |
| CN102073917A (en) * | 2009-11-19 | 2011-05-25 | 北京明朝万达科技有限公司 | Document approval process method with document authorization management capability |
| CN102710633A (en) * | 2012-05-29 | 2012-10-03 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN110489994A (en) * | 2019-07-11 | 2019-11-22 | 岭澳核电有限公司 | The file permission management method, apparatus and terminal device of nuclear power station |
| CN113127841A (en) * | 2021-04-23 | 2021-07-16 | 上海科华实验系统有限公司 | Method, device, equipment and storage medium for remotely managing software user |
| WO2022078222A1 (en) * | 2020-10-14 | 2022-04-21 | 杭州来布科技有限公司 | File security management terminal and system |
| CN115935424A (en) * | 2022-12-27 | 2023-04-07 | 北京鼎普科技股份有限公司 | File unified storage management method and device based on file security and personnel permission |
-
2023
- 2023-11-09 CN CN202311482002.4A patent/CN117216809B/en active Active
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2002259590A (en) * | 2001-03-06 | 2002-09-13 | Ricoh Co Ltd | System and program for managing document and recording medium |
| CN1822014A (en) * | 2006-03-23 | 2006-08-23 | 沈明峰 | Protecting method for security files under cooperative working environment |
| CN101110097A (en) * | 2007-08-17 | 2008-01-23 | 南京新模式软件集成有限公司 | Method for safely dispensing electronic document |
| CN101944168A (en) * | 2009-07-09 | 2011-01-12 | 精品科技股份有限公司 | Electronic file authority control and management system |
| CN102073917A (en) * | 2009-11-19 | 2011-05-25 | 北京明朝万达科技有限公司 | Document approval process method with document authorization management capability |
| CN102710633A (en) * | 2012-05-29 | 2012-10-03 | 大连佳姆信息安全软件技术有限公司 | Cloud security management system of security electronic documents and method |
| CN110489994A (en) * | 2019-07-11 | 2019-11-22 | 岭澳核电有限公司 | The file permission management method, apparatus and terminal device of nuclear power station |
| WO2022078222A1 (en) * | 2020-10-14 | 2022-04-21 | 杭州来布科技有限公司 | File security management terminal and system |
| CN113127841A (en) * | 2021-04-23 | 2021-07-16 | 上海科华实验系统有限公司 | Method, device, equipment and storage medium for remotely managing software user |
| CN115935424A (en) * | 2022-12-27 | 2023-04-07 | 北京鼎普科技股份有限公司 | File unified storage management method and device based on file security and personnel permission |
Non-Patent Citations (3)
| Title |
|---|
| 张磊等: ""江苏省测绘地理信息档案管理系统的设计与实现"", 现代测绘, vol. 42, no. 03, pages 52 - 54 * |
| 梁兴;: "西藏测绘成果目录服务与审批系统建设研究", 地理空间信息, no. 06, pages 132 - 134 * |
| 王文宇;陈尚义;: "电子文件密级管理系统的关键技术与设计", 信息安全与通信保密, no. 10, pages 113 - 117 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117216809B (en) | 2024-03-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11138475B2 (en) | Systems and methods for data protection | |
| Viega | Building security requirements with CLASP | |
| US8122517B2 (en) | Mediated access of software dumped data through specialized analysis modules | |
| CN110889130B (en) | Database-based fine-grained data encryption method, system and device | |
| Shore et al. | Zero trust: the what, how, why, and when | |
| US20070044151A1 (en) | System integrity manager | |
| CN111064718A (en) | Dynamic authorization method and system based on user context and policy | |
| CN113468576B (en) | Role-based data security access method and device | |
| CN114218194A (en) | Data bank safety system | |
| Lou et al. | Cybersecurity threats, vulnerability and analysis in safety critical industrial control system (ICS) | |
| CN113922975B (en) | Security control method, server, terminal, system and storage medium | |
| Grance et al. | Security guide for interconnecting information technology systems | |
| CN117216809B (en) | Secret-related mapping result offline distribution approval authorization system and method | |
| Ahmed et al. | A Method for Eliciting Security Requirements from the Business Process Models. | |
| KR102192232B1 (en) | System for providing verification and guide line of cyber security based on block chain | |
| Kavakli et al. | Privacy as an integral part of the implementation of cloud solutions | |
| Morris et al. | Cybersecurity as a Service | |
| Ang | A Case Study for Cyber Incident Report in Industrial Control Systems | |
| Gandini | Development of Incident Response Playbooks and Runbooks for Amazon Web Services Ransomware Scenarios | |
| CN114139127A (en) | Authority management method of computer system | |
| Fabro | Study on cyber security and threat evaluation in SCADA systems | |
| Bays et al. | FIC Vulnerability Profile | |
| Borràs et al. | D1. 6–Ethics & Privacy, Information Security | |
| Haber et al. | Privileged Access Management (PAM) | |
| Carruthers | Account Security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |