CN1530792A - Method and system for preventing electronic data object from unauthorized access - Google Patents
Method and system for preventing electronic data object from unauthorized access Download PDFInfo
- Publication number
- CN1530792A CN1530792A CNA2004100397120A CN200410039712A CN1530792A CN 1530792 A CN1530792 A CN 1530792A CN A2004100397120 A CNA2004100397120 A CN A2004100397120A CN 200410039712 A CN200410039712 A CN 200410039712A CN 1530792 A CN1530792 A CN 1530792A
- Authority
- CN
- China
- Prior art keywords
- data object
- access rights
- data
- user
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6236—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database between heterogeneous systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
Abstract
The invention concerns a method and a data processing system to protect an electronic data object from unauthorized access. Via a method, a) in a first step, an electronic data object identifier is generated dependent on the content of the data object, b) in a further step, an access right is determined dependent on the data object identifier, and c) in a last step, an access to the data object is allowed dependent of the access right. The data processing system comprises a data processing device and an access control module. Via the access control module, an electronic data object identifier can be generated dependent on the content of a data object, and an access right can be determined dependent on the data object identifier. The access right can comprises standard rights such as 'Read' or 'Write' and an 'Execute' right to execute specific functionalities.
Description
Technical field
The present invention relates to the data handling system of a kind of method that is used to protect the electronic data object to avoid unauthorized access and this method of enforcement, and a kind ofly store the storage medium that is used for implementing the information of this method on it at data processing equipment.
Background technology
The growing application requirements of electronic data object more and more is used to protect the electronic data object to avoid the intelligent mechanism of unauthorized access.At this, data object for example can be the single file that is used to store or place information, the file system or the file structure of comprehensive one-tenth.Protection to the data object is even more important in and workplace that can call security information from it that use by many people.Except other, this information appears at the curative activity environment, at environment such as testing laboratory, research, exploitations or carry out demographic working environment.Basically, especially about the special safeguard measure of individual's informational needs.
Known protection mechanism is based on the encryption to the data object.But, especially to spend many time when the sweeping data object to the encryption and decryption of data object, therefore must be working method rationalize and economic working environment in be unpractical.In addition, the enough corresponding operatings of reliable password for encryption system have also constituted a kind of noticeable cost.Especially for the change of encryption system only directly data storage itself being carried out, and be not enough for other copy of data object (for example data carrier or mobile workstation).
In addition, do not provide protection based on the protection to the data object of encrypting, and do not allow distinguishing allocation of access rights, for example to the differentiation of reading and writing or deletion visit the deleted data object.Especially, in asymmet-ric encryption method, when encrypting, just must know whole recipients, because must consider each recipient's PKI.
The known protection that also has on operating system layer the data object, wherein, according to the user's who on operating system, logins the authority scope to the data visit given in advance.The scope of data access authority determines by so-called access control list (ACL), and this tabulation is distributed to each data object in the file system by operating system.In the ACL of each data object, list the access rights that depend on the user to each operating system special use.
But ACL is the ingredient of operating system or file system up to now, rather than together copies the data object of (succession) when only copying with data object in file system, and it is unavailable outside being copied into each file system the time.This point is because the mode of action at operating system of ACL is impossible.In addition, the change for the data object access rights that occurs when repeatedly copying in file system can not be carried out in the concentrated area equally, because it can not automatically transfer to the copy to the data object.
In addition, the medical system in the outpatient service environment or in personnel or financial management system, preferably specific function is not only limited to specific user for example, but also relevant with data to be processed.Like this can be for example will be in the outpatient service environment to whole access rights of patients ' privacy data only for the doctor in charge sets up the special case that can read, and allow all doctor's visits for all other patient's data.In addition, the data type of for example laboratory report can be treated with a certain discrimination, on this principle of re-porting only lab assistant processing authority should be arranged, and other hospital personnel only needs the authority of reading.It equally also is significant for example similarly distinguishing in the working environment of bank or manpower management at other.
Usually, to the user according to depending on the combination that user and current system or territory (domain) obtain " establishment ", " reading ", " renewal " and " deletion " authority (promptly corresponding to standard rights).The functional authority that is referred to as " execution " authority is only provided by application program itself in application program according to data type or data content." execution " authority determines whether to allow to carry out a kind of specific function, for example Flame Image Process measure, to the evaluation of a data set, to diagnosis of electronic patient medical records etc.To the distribution of user's standard rights is what to be independent of the relevant distribution of the data of functional " execution " authority.Therefore the distribution relevant to the data of functional " execution " authority depends on application again, and may be in undesirable mode by being treated with a certain discrimination in the different application in different territories.
A conventional specific question that is used for access rights control is the copy to the data object, for example send or the transmission of portability storer carrier by Email, this copy out now quantitatively with scope on all in uncontrollable scope.Thus, making can not be to changes access rights in the concentrated area with relevance or the consistent copy or the copy of modification afterwards.Conventional controlling mechanism can not be carried out all data objects thus, because the place of the number of data object and appearance is ignorant.
Summary of the invention
The technical problem to be solved in the present invention is, a kind of method and a kind of data handling system are provided, be used to give the access rights of the electronic data object of depositing for canned data, giving of these access rights makes and can change from the center to the access rights that comprise the data object that all copy.
The present invention solves the problems of the technologies described above by a kind of method, a kind of data handling system and a kind of storage medium.
Basic ideas of the present invention are; a kind of method that is used to protect the electronic data object of depositing for canned data to avoid unauthorized access is provided; wherein; content according to described electronic data object in first step produces an electronic data object identity; in next procedure, determine access rights, and in the end allow visit according to described access rights in step the electronic data object according to described data object tag.At this, data object is understood that file or the object or a file structure or the bibliographic structure that are made of a file or a plurality of file.At this, access rights not only can be understood as standard rights but also can be understood as functional " execution " authority.Just replenish standard rights by the access rights that can freely define.
The fundamental of this thinking is, uses the electronic data object identity that depends on this data object content.Thus, can be from the definite access rights of data object self., promptly obtain inheriting because itself also belonging to content therefore is replicated when copy equally for the content of determining the data object that access rights are important, make each copy to the data object comprise equally thus and be used for determining the required information of access rights.Access rights and allow distribution between the data object tag of access rights according to this for example can leave the center with the form of form in and can change, and make automatically effective to the copy of all data objects to the change of this distribution.Thus, access rights are independent of or even under the condition of quantity of not knowing to copy and position, change by the center at any time.At this, access rights comprise that all are for the effective standard rights of data object and " execution " authority.
Another basic ideas of the present invention are, a kind of data handling system is provided, it has a data processing equipment and the access control module that can visit the electronic data object, can produce the electronic data object identity according to the content of described data object by described access control module, can determine access rights according to described data object tag by described access control module, and can be according to the visit of described access rights permission to described electronic data object by described access control module.Described access control module makes and can provide access rights for data object according to the information that comprises in data object.Because the content of data object is replicated when producing copy together, so providing of access rights is consistent for this data object thus, and sets out and be independent of the storage place that may copy by the center for all copies of this data object and carry out.At this, access rights are interpreted as that all are for the effective standard rights of data object and " execution " authority.
In a kind of preferred structure of the present invention, data object tag is the automatic generation that utilizes the information in this data object that is stored in.For example, data object tag is to utilize name, birthday and the content type (as image or text) of storage to combine.This allow to produce the data object tag that wherein has about the information of data object content, makes systematically to classify to the data object and sort out according to this data object tag.If for example should give same access rights for all data objects (for example for all laboratory reports, result of study, diagnosis discovery or computational data) of certain content association, then this Data Identification also can successfully be applied in for the type systematic of data object give access rights.
In another kind of preferred structure of the present invention, a kind of electronic mark is stored in the data object as this data object tag.Like this, produce just enough as the copy in data object this data object tag.In other words, promptly only need from data object, to read this sign.Data object tag is produced the same possibility of being distorted that reduced as the direct copy for the sign that comprises in data object, because can not use the step that can distort to produce data object tag according to the content indirection ground of data object, for example name and the birthday from storage comprehensively goes out data object tag.
Another kind of preferred structure of the present invention is, this method is implemented on the data handling system that comprises an access rights module, can store about user ID and the mutual distribution of access rights by this module, wherein, the access control module of this data handling system can be according to access rights are determined in the visit of described access rights module.At this, module is understood that various forms of electronic services, for example server, library automation or the process of operation on computers.Thus, formed the modularization setting of the access rights module in data handling system, this set makes can be in centralized positioning on the position flexibly.Can change from the center to the access rights of giving thus.Access rights module by this so-called central marks memory module has defined the access rights classification, has distributed certain access rights for certain user ID in these classifications, for example reads, writes, deletes, copy or functional authority.At this, user ID had both comprised the independent user ID that also comprises grouping.
Another kind of preferred structure of the present invention is, described data handling system comprises a data object class module, can store about data object tag and the mutual distribution of access rights classification by this module, and access control module can be visited this module, wherein, can be by described access control module according to described access rights are determined in the visit of this data-object classifications module.Also, be understood that various forms of electronic services, for example server, library automation or the process of operation on computers in this module with top the same.The data-object classifications module allows to determine and change data object tag and the mutual distribution of access rights classification.Can be from the center data object tag be distributed to other access rights classification by the change in the data-object classifications module, and change this data access authority thus.
The present invention has such advantage, promptly protects all data objects and its all copy in the mode of unanimity.That is to say that as long as the user is in this data handling system, then the user has the access rights that are equal to for each data object and its copy, and with the location independent that place and this data object of this data object visit are deposited.This data handling system can be to have many networks with flexible visit possibility machine.Can guarantee that by the proper device access rights data object does not break away from this security domain.
The present invention also has such advantage, promptly can be independent of data object itself and determine the access rights of user to the data object.However, know that data object tag is just enough.If data object tag is systematically produced from the content of data object or other the information relevant with this data object, then this point can be realized simply.Like this, just enough for the access rights understanding system informations (for example, patient's four item numbers reach current lesion according to this in a definite workflow) of determining relevant data object.Thus, the position that can be independent of its place is determined distributing to the access rights of definite other data object of system class.
Additional benefit of the present invention is that the transmission of data object can be independent of data transfer protocol in security domain or operating system is carried out.The integrality that only guarantees data object during the transmission is just enough, thereby also can will determine that the needed data object tag of access rights generates from the copy of data object.
The information that assurance is used to produce data object tag also is preferably such that and data object can be controlled is sent to another security domain from a security domain.Can realize thus automatically changing access rights, and needn't the content of data object be changed.The application of this different security domains can be applied in the Workflow system especially, wherein data object is sent to another department from a department.Like this, making can be in medical environment, by the step of each workflow is represented with a specific security domain, and is that reception patient, dept. of radiology give different access rights with prescribing.For this purpose, at different security domains different access rights and data-object classifications are set.Thus, produce the different access rights that depend on the territory in the intended manner.In addition, different user's groups also can be set in case of necessity, so that can constitute different group attributes especially.
A special advantage of the present invention is to produce data object tag according to the content of storing in data object.Thus, also can access rights be set according to content.If the data object has for example been carried out issuable change when processing and task and the corresponding information of storer, then can in the end produce altered access rights.For example, can be after data object adds about individual's security information automatically specific people's disable access to a class.
Description of drawings
Below in conjunction with accompanying drawing embodiment is described further.Wherein,
Fig. 1 shows and is used to implement data handling system of the present invention,
Fig. 2 shows the schematic construction of the interior logical layer of this data handling system, and
Fig. 3 shows method step of the present invention.
Embodiment
Figure 1 illustrates and be used to implement data handling system of the present invention.This system comprises data processing equipment 1, and it has display 3 and keyboard 5, can visit the electronic data object by this data processing equipment.Can be arranged in application memory 9 by accessed data object.Visit to the data object in application memory 9 is controlled by access control module 7.
Access control module 7 is independent of access control mechanisms (for example, depending on the ACL of user's the file special use) work of operating system.In a kind of preferred construction,, and can be used as modular hardware component and be connected on the data bus of data processing equipment 1 its program layer that is designed to add (data access layer).But its realization also can only be carried out on software layer in data processing equipment 1.7 controls of this access control module are to all data accesses of the data object of its control, for example delete, copy, produce, the execution of editor or function, that is to say that all are to the data access of data object in security domain.In addition, also can be independent of access control module 7 naturally, promptly outside security domain, in data-carrier store 9 and by data processing equipment 1 storage other data object, for example application program or disclosed unclassified data object.
When the operating system of log-on data treating apparatus 1, require the user to login usually, wherein must discern the user and also verify for data access.This checking had not only comprised the identification user but also had been included as the user authorizes the visit of data.Be provided with a kind of safety inquiry in order to discern the user, for example must be for this inquiry by keyboard 5 input user ID and passwords.Under this meaning, every kind of input media all can be used as recognition device 6.Recognition device 6 in a kind of particularly preferred embodiment (for example chip card) automatically perform to can be unique the identification user, to the inquiry of fingerprint or eyeball iris structure.Although the user that the access control of being undertaken by access control module 7 is independent of on operating system logins, also can indicate this user's identification.For this reason, the user can use identical recognition methods by keyboard 5 or recognition device 6.
Fundamental of the present invention is, can produce a unique data object tag for the electronic data object of each storage under access control module 7 visits.This data object tag can be stored in this data object, perhaps automatically produces from the content of this data object.For example, it can be DICOM-UID common in the DICOM data object.This access control module 7 had both played the effect that produces this sign, and this sign is stored in again in the data object, played from the content of data object the effect that produces (become in other words is to extract) data object tag again.
Data object tag can systematically constitute, so that can describe the structural association of access rights, for example working group, research team, personnel's level, about personnel's content or for the distribution on the content of affairs field or research in the access rights systematics.For example, for electronic patient medical records, data object tag is four of identification patient that comprise patient's name, sex, birthday and hospital's sign.This patient's four item numbers certificate is general to be enough for discerning a patient uniquely.In addition, data object tag can reflect the case history attribute, is used for medical research, diagnosis is found or long period or for the sequence of specific diagnostic image type (as X-ray photograph or ultrasound wave photo).This structural information can take in giving access rights in this wise, makes different separately access rights indicate for example for treatment doctor, the tutor of research, the professional or the calculating department of dept. of radiology.For each electronic data object a unique data object tag is set making full use of the working environment that can be independent of separately under the condition of this system information.
In order to distribute making full use of under the condition of described systematic data object tag, access control module 7 need be about the attribute information of the user that conducts interviews, its group with about data object type being distributed to the information of certain access rights classification.These information are deposited separately respectively and can be at data handling system internal mold blocking accessings.
Of the present invention a kind of preferred embodiment in, system have one can access authority storer 13 access rights module 11, for example server, library automation or the process of operation on computers, and one can calling party group storer 17 user's pack module 15, it can for example be server, library automation or one process of operation on computers equally.In access rights storer 13, deposited the information that is used for user ID is distributed to the access rights classification.The access rights classification has been described which user of permission respectively or which kind of access rights scale the user organizes.For example, can be as the access rights classification of giving a definition:
-user A does not have access rights
-user B has only the read access authority
-user organizes C and has all access rights
-user organizes D can carry out function 1 and 2
-user organizes E can carry out function 2
Possible access rights for example comprise the generation data object, produce copy or from the data object inherited information, read, change and delete the information that is stored in the data object, in access rights classification separately to the change of access rights and the execution of specific function, as long as they can be for carrying out in the workplace.
Organize the user and to have stored such information in the storer 17, this information makes can be according to the previous information distribution user ID or the user's group of determining that are used to discern and verify the user.This user ID or user group is characterized by independent, electronic user sign, and this user ID makes and can discern uniquely in data handling system.The attribute of group for example can reflect institute's attribute for working group, for as the attribute of higher level doctor's on duty function, for the attribute as clinic director's classification of layering, for as the attribute of the major setting of dept. of radiology or for department's attribute as the manpower department or the department of clearing.
The attribute of User Recognition and group allows intactly to describe important working environment structure for determining access rights.Can organize in the storer 17 concentrated area the user to the distribution of user's identification and group and change, and work for each data access of user separately in total system thus, no matter the user when or where conducts interviews to data.
Access control module 7 is assigned to the electronic data object in the access rights storer 13 according to the electronic data object identity.Be similarly the user's collocating accessing authority classification on the basis that access rights module 11 is visited that conducts interviews according to the electronic user sign.Be provided with and determine by these two kinds, when the specific data object of visit, allow which user to use which kind of access rights.
By in access rights module 11 or the change in user's pack module 15 can be from the center, be independent of the site of data object, for all data objects that therefrom produce the certain data objects sign change permission to access rights.The change of this set also automatically has influence on each copy of this data object, because its part that therefrom produces the content of certain data objects sign remains unchanged in copy.
Another preferred embodiment in, this system has an access rights module 11, a user's pack module 15 and an additional data-object classifications module 12, and it can for example be server, library automation or one process of operation on computers equally.Data-object classifications module 12 can visit data object class storer 14, wherein stores to be used for data object tag and the corresponding information of access rights classification, and can change this information.
To compare the modular degree of present embodiment stronger with top description content.As mentioned above, user's pack module 15 is provided for determining the information of electronic user sign, and access rights module 11 provides and how as above is used for information that user ID and access rights are distributed.Data-object classifications module 12 provides making the additional of the information that user ID and access rights can be distributed.Can be scheduled to and change each data object by data-object classifications module 12, which kind of access rights classification they belong to.
Like this, the user who distributes in this access rights classification in each access rights classification and user's group have wherein predetermined access rights.By making different users or the user group can the visit data object successively, and change the distribution in data-object classifications module 12, can be for example corresponding to the operation change of predetermined work stream access rights for a data object.In the curative activity environment, this state can for example be: receive patient, admission examination, subsequently the inspection, treatment and the last diagnosis that produce the method for image by means of radiology in the clinic, wherein, different separately user's groups, for example medical technician, the personnel of dept. of radiology and treatment personnel handle the patient data object.
When will be always in data handling system, when promptly in security domain, data being conducted interviews, then at first produce the data object tag of data object to be visited by access control module 7.By the visit to user's pack module 15, access control module 7 is determined a user ID, and classifies by the visit of access rights module 11 being determined access rights according to this user ID.According to the data object tag that produces previously, determine which access rights classification belongs to this data object by visit data object class module 12.Thus, by all information are determined in the distribution of data object identity and user ID, so that can allow the certain access rights of this user to this data object.
The also data access that carries out of the workstation that the mode of action of access control module 7 can be used for being provided with from afar.For example, mobile data treating apparatus 21 (as a PDA or notebook computer) can conduct interviews by the data object of the remote connection 19 of data (connecting as a modulation connection or mobile wireless) to system.In for example family workplace or in working environment, can be this situation as the mobile device of clinic.
The structure of above-described data handling system can change its modularity under the condition that mode of action of access control module 7 is not changed.For example, the user can be organized storer 17 and access rights storer 13 and be combined on the common storage medium, perhaps access rights module 11 and user's pack module 15 can be integrated in the single data processing equipment.Neither be necessary with the setting that access control module 7 separates for working method, but can be integrated in wherein.Modular structure make can be especially neatly corresponding to all structural requirements of working environment separately using system especially neatly.
In Fig. 2, schematically show the logical layer of data handling system inside (being in the security domain).The electronic data object that its visit is controlled is on the lowermost layer 31.These data objects have for the important content 33 of sign, can produce data object tag from this content 33.Must will be somebody's turn to do up to now for the important content 33 of sign and be arranged on the higher layer, accessed because this data object tag must be able to be independent of user's access rights, so that can determine the scale of this access rights.
On data Layer, be provided with an ACL 35, this ACL on the operating system layer and the user who in operating system separately, is independent of on operating system login the visit of control to data.ACL 35 is not the part of data objects layer 31,33 so far, because it is leaving file system separately or can not be maintained after operating system is changed.It can not obtain inheriting together with data, but is lost.Therefore, ACL 35 schematically is being expressed as independent layer in the expression.
Operating system layer 37 is arranged on the ACL 35, and its control ACL 35 also passes through ACL 35 control data object layers 31,33.
MAC layer 39 is positioned on the operating system layer 37, and portion carries out the function of access control module 7 within it.Except when outside the preceding existing operating system access control, it also controls the visit to all data.
Having separately, the application layer 41 of the application program of working environment is positioned on the MAC layer 39.
The right-hand component example of accompanying drawing show such logical layer, it can carry out file being sent to another operating system according to what represent by arrow.This another operating system does not have ACL in selected example.Particularly data object tag 33 is together transmitted, then data objects layer 31,33 remains unchanged.But, do not control by the access rights of operating system layer 37 owing to lack ACL.
But, locate only to be undertaken according to it by MAC layer 39 for the visit of data objects layer 31,33.That is, to data access in the scope of setting be controlled at data importing after remain unchanged, and be independent of the conversion of operating system.Application layer 41 can only conduct interviews by 39 pairs of data of MAC layer.
Figure 3 illustrates the method step that in security domain, the data object is conducted interviews.Begin visit in step 51 from user or application program one side to the data object.
Be identified for discerning user's user ID in step 53.As mentioned above, according to the data acquisition on keyboard input or the biometry required information is gathered.Conduct interviews and determine user ID by organize storer 17 through 15 couples of users of user's pack module according to the data of such collection.
In step 55, test, see that can data object to be visited produce a data object identity.This data object tag or be stored in the data object of self, or comprise the information that can determine sign automatically.
If proof can not produce data object tag, then distribute a default data object identity in step 56, according to this default designation an access authority range according to standard can be set subsequently.Thus, for example in system, do not introducing under the condition of data object tag, can and need not carry out the method step that other determines access authority range in spended time ground according to standard, and realize access control for data object.
If possible, step 57 with data object tag as automatically producing to the copy of the sign of in data object, storing or from the content of data object, storing.
In step 59, access rights module 11 is conducted interviews, so that determine an access rights classification according to the information in the access rights storer 15.At this, call the distribution between the classification of a user ID and access rights, this distribution can be deposited by the form of form or as figure.
Conduct interviews in step 61 pair data object class module 12, so as from data-object classifications storer 14 acquired information, can determine an access rights classification of distributing for previous established data object identity according to these information.
Be useful on obtaining after User Recognition, group identification and the data-object classifications information, determine the access rights that this user is allowed in step 63.This determine otherwise the data basis of in step 59 and step 61, calling on carry out, or on the basis of the standard value that step 56 is distributed, carry out.At this, the distribution of standard value can be carried out without the further visit to module, so that avoid unnecessary visit and save the access time.
The access rights of determining according to the front in step 65 are carried out the visit to data.
In step 67, finish visit to data.For example, the user can nullify from system, also can carry out overtime stopping automatically by system, perhaps determines that to being used for the classification of access rights changes in system.
For the aspect of program technic of the present invention is described, several application of extremely simplifying have semantically been reproduced below for realization the inventive method step.Simplify and comprise for example reading for variable-definition and fault processing.
User's pack module allows adding, modification, deletion and invoke user and group identification.In addition, it comprises the measure that is used to discern each user.Its realization can be found application in following distribution:
bool createUser(wchar_t*theUserName,wchar_t*thepassword,wchar_t*&heSID); bool deleteUser(wchar_t*theUserName); bool querySID(wchar_t*theUserName,wchar_t*&theSID); bool createGroup(wchar_t*theGroupName,wchar_t*&heGID); bool deleteGroup(wchar_t*theGroupName); bool queryGID(wchar_t*theGroupName,wchar_t*&theGID); bool addUserToGroup(wchar_t*theSID,wchar_t*theGID); bool removeUserFromGrouP(wchar_t*theSID,wchar_t*theGID); bool authenticateUser(wchar_t*theUserName,wchar_t*theUserPassword, wchar_t*theUID); bool releaseUID(wchar_t*theUID); bool analyzeUID(wchar_t*thetUID,wchar_t*&theSID,wchar_t*&theGID)
Wherein, " bool " is the C++ key word that can get Boolean TRUE or FALSE, and this key word is positioned at before variable-definition, method definition or the method explanation.A kind of Microsoft of " wchar_t " definition data type." enum " is a C++ key word that can define enumeration (Enumerations)." struct " is a C++ key word that can define new data splitting type.
SID and GID are the unique identifications for User Recognition and group identification, and obtain using in a security domain.They play the effect of representative of consumer and group in this security domain, and need not use actual sign or title for this reason.
Other is the so-called directive of createGroup or deleteGroup for example, be select separately and can obtain from the meaning of a word of himself explaining.
To produce the UID of a unique sign user and working environment along with each good authentication to the user.In case the user nullifies from system or since overtime this working environment from the safety zone, finish, then that this UID is deleted.
The access rights module can be accomplished by the following instruction of use:
Enum TokenRights{ Create, // new subobject Read is created in permission in the file of laminated tissue, // allow to read file content Update, // permission revised file content Delete, the whole file of // permission deletion, promptly carry out the destruction Execute of physics, // allow to upgrade special function is carried out in the current protection ExecuteSpecmcFunction // permission of this document on the content of file; Bool createToken (WChar_t*meTokenName); B00l assignmght (WChar_t*t11eTokenName, WChar_t*theSID, TokenRights theGrantedRights); Bool assignlRight (WChar_t*theTokenName, WChar_t*theGID, TokenRights theGrantedRights); B001 removeToken (WChar_t*meTokenName); TokenRights authorize (WChar_t*theTokenName, wchar_t*theSID WChar_t * theGID);
In order to determine user's access rights, access rights module 11 is used its SID and GID.Can be that group identification and User Recognition dispose different access rights, and a user can obtain a plurality of signs, thereby must assess, so that can determine each user's access authority range all sID and GID.
In the instruction in front for example as " Token " expression, with the distribution of data object tag to classification, allow to add, delete, search for and revise single distribution.It can be accomplished by the following instruction of use:
Sampling definition { the WChar_t * thePatiemQuadmple of struct SecurityID//be used for DICOM configuration file; WChar_t * theStudyInstanceUID:}; Bool setDefaultProtection (wchar_t*theTokenNames);<!--SIPO<DP n=" 13 "〉--〉<dp n=" d13 "/bool addProtection (SecurityID ﹠amp; Amp; TheDocumentSecurityID, wchar_t*theTokenNames); Bool quetyProtection (SecurityID ﹠amp; Amp; TheDocumentServiceID, wchar_t*﹠amp; Amp; TheTokenNames); Bool removeProtection (SecurityID ﹠amp; Amp; TheDocumentServiceID, wchar_t*theTokenNames);
A data object identity can be distributed to a plurality of classifications.The data object tag of not distributing to classification obtains the scope of the default access authority of standard.
Claims (15)
1. method of protecting the electronic data object to avoid unauthorized access; described data object is provided for canned data; wherein; a) in first step (56,57), according to electronic data object identity of content generation of described electronic data object; b) in next procedure (63); determine access rights according to this data object tag, and c) in the end in the step (65), allow visit to the electronic data object according to these access rights.
2. method according to claim 1, wherein, described data object tag is to produce as a copy that is included in the sign in the described data object.
3. method according to claim 1, wherein, described data object tag is to produce under utilization is stored in the condition of the information in the described data object.
4. each described method in requiring according to aforesaid right wherein, identifies for the operator determines an electronic user in another step (53), and determines described access rights according to described user ID.
5. method according to claim 4 wherein, determines described user ID to be distributed to the information of access rights classification in another step (59), and determines described access rights according to the distribution of described user ID and access rights classification.
6. each described method in requiring according to aforesaid right, wherein, in another step (61), determine described data object tag to be distributed to the information of access rights classification, and determine described access rights according to the distribution of described data object tag and access rights classification.
7. each described method in requiring according to aforesaid right, wherein, described access rights comprise a standard rights and a functional authority.
8. each described method in requiring according to aforesaid right wherein, stores the medical data about the individual in described data object.
9. data handling system, it has a data processing equipment (1) and the access control module (7) that can visit the electronic data object, by this access control module (7) electronic data object identity of content generation according to described data object, and determine access rights according to described data object tag, and allow visit according to described access rights to described electronic data object by described access control module (7) by described access control module (7).
10. data handling system according to claim 9, wherein, described data handling system comprises a recognition device (6), can determine operating personnel's electronic user sign by this recognition device.
11. data handling system according to claim 10, described data handling system comprises an access rights module (13), store about electronic user sign and the mutual distribution of access rights classification by this module (13), and described access control module (7) can be visited this module (13), wherein, can be by described access control module (7) according to described access rights are determined in the visit of described access rights module (13).
12. according to each described data handling system in the claim 9 to 11, described data handling system comprises a data object class module (12), store about electronic data object identity and the mutual distribution of access rights classification by this module (12), and described access control module (7) can be visited this module (12), wherein, can be by described access control module (7) according to described access rights are determined in the visit of described data-object classifications module (12).
13. according to each described data handling system in the claim 9 to 12, wherein, described data handling system is determined a standard rights and a functional authority as access rights.
14. according to each described data handling system in the claim 9 to 13, wherein, described data handling system is designed as medical workstation.
15. a storage medium that stores information on it, these information be in order to implement according to each described method in the claim 1 to 8, can with the data handling system reciprocation.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| DE10311648.6 | 2003-03-14 | ||
| DE10311648 | 2003-03-14 |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1530792A true CN1530792A (en) | 2004-09-22 |
| CN100449450C CN100449450C (en) | 2009-01-07 |
Family
ID=32920851
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB2004100397120A Expired - Fee Related CN100449450C (en) | 2003-03-14 | 2004-03-15 | Method and system for preventing electronic data object from unauthorized access |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN100449450C (en) |
| DE (1) | DE102004004101A1 (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100412743C (en) * | 2004-12-17 | 2008-08-20 | 摩托罗拉公司 | Method and apparatus for digital right management |
| CN101903910A (en) * | 2007-10-19 | 2010-12-01 | 瓦斯科普斯公司 | The automatic geometric and mechanical analyzing method and the system that are used for tubular structure |
| CN101399695B (en) * | 2007-09-26 | 2011-06-01 | 阿里巴巴集团控股有限公司 | Method and device for operating shared resource |
| CN105117582A (en) * | 2015-07-29 | 2015-12-02 | 苏州麦迪斯顿医疗科技股份有限公司 | Medical data platform information processing method |
| CN105872108A (en) * | 2016-06-15 | 2016-08-17 | 深圳市清时捷科技有限公司 | Data screening-transmitting method and device for plurality of receiving terminals |
| CN106664636A (en) * | 2014-10-29 | 2017-05-10 | 华为技术有限公司 | Data frame transmission method and apparatus |
| CN107103245A (en) * | 2016-02-23 | 2017-08-29 | 中兴通讯股份有限公司 | The right management method and device of file |
| CN107944297A (en) * | 2017-12-11 | 2018-04-20 | 北京奇虎科技有限公司 | A kind of control method and device for accessing file |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| DE102018127949A1 (en) * | 2018-11-08 | 2020-05-14 | Samson Aktiengesellschaft | Control of access rights in a networked system with data processing |
Family Cites Families (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| FI103543B1 (en) * | 1996-09-30 | 1999-07-15 | Nokia Telecommunications Oy | Marking of electronic documents |
| ID28829A (en) * | 1999-04-14 | 2001-07-05 | Matsushita Electric Ind Co Ltd | DATA SETUP APARATUS, DATA SETTING METHOD AND RECORDING MEDIUM RECORDING DATA PROGRAM |
| US6671696B1 (en) * | 2001-08-20 | 2003-12-30 | Pardalis Software, Inc. | Informational object authoring and distribution system |
-
2004
- 2004-01-27 DE DE200410004101 patent/DE102004004101A1/en not_active Ceased
- 2004-03-15 CN CNB2004100397120A patent/CN100449450C/en not_active Expired - Fee Related
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100412743C (en) * | 2004-12-17 | 2008-08-20 | 摩托罗拉公司 | Method and apparatus for digital right management |
| CN101399695B (en) * | 2007-09-26 | 2011-06-01 | 阿里巴巴集团控股有限公司 | Method and device for operating shared resource |
| CN101903910A (en) * | 2007-10-19 | 2010-12-01 | 瓦斯科普斯公司 | The automatic geometric and mechanical analyzing method and the system that are used for tubular structure |
| CN101903910B (en) * | 2007-10-19 | 2013-06-12 | 瓦斯科普斯公司 | Automatic geometrical and mechanical analyzing method and system for tubular structures |
| CN106664636A (en) * | 2014-10-29 | 2017-05-10 | 华为技术有限公司 | Data frame transmission method and apparatus |
| CN106664636B (en) * | 2014-10-29 | 2020-06-16 | 华为技术有限公司 | Data frame transmission method and device |
| US10925015B2 (en) | 2014-10-29 | 2021-02-16 | Huawei Technologies Co., Ltd. | Method and apparatus for transmitting data frame in a long term evolution unlicensed (LTE-U)system |
| CN105117582A (en) * | 2015-07-29 | 2015-12-02 | 苏州麦迪斯顿医疗科技股份有限公司 | Medical data platform information processing method |
| CN107103245A (en) * | 2016-02-23 | 2017-08-29 | 中兴通讯股份有限公司 | The right management method and device of file |
| CN107103245B (en) * | 2016-02-23 | 2022-08-02 | 中兴通讯股份有限公司 | File authority management method and device |
| CN105872108A (en) * | 2016-06-15 | 2016-08-17 | 深圳市清时捷科技有限公司 | Data screening-transmitting method and device for plurality of receiving terminals |
| CN105872108B (en) * | 2016-06-15 | 2019-02-22 | 深圳市清时捷科技有限公司 | A kind of multiple data screening, transmission method and its devices for receiving terminal |
| CN107944297A (en) * | 2017-12-11 | 2018-04-20 | 北京奇虎科技有限公司 | A kind of control method and device for accessing file |
| CN107944297B (en) * | 2017-12-11 | 2020-11-24 | 北京奇虎科技有限公司 | Control method and device for accessing file |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100449450C (en) | 2009-01-07 |
| DE102004004101A1 (en) | 2004-09-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8185411B2 (en) | Method, system, and apparatus for patient controlled access of medical records | |
| Alhaqbani et al. | Access control requirements for processing electronic health records | |
| WO2018136956A1 (en) | Trust based access to records via encrypted protocol communications with authentication system | |
| US20100082371A1 (en) | Patient Document Privacy And Disclosure Engine | |
| RU2510968C2 (en) | Method of accessing personal data, such as personal medical file, using local generating component | |
| JP2007531124A (en) | System and method for controlling access and use of patient medical data records | |
| Keen et al. | Big data+ politics= open data: The case of health care data in England | |
| Zhao et al. | Research on electronic medical record access control based on blockchain | |
| Dias et al. | A blockchain-based scheme for access control in e-health scenarios | |
| Xiao et al. | A knowledgeable security model for distributed health information systems | |
| US7761382B2 (en) | Method and system to protect electronic data objects from unauthorized access | |
| CN1530792A (en) | Method and system for preventing electronic data object from unauthorized access | |
| Li et al. | Leveraging standards based ontological concepts in distributed ledgers: a healthcare smart contract example | |
| Turgay | Blockchain management and federated learning adaptation on healthcare management system | |
| Longstaff et al. | The tees confidentiality model: an authorisation model for identities and roles | |
| Braghin et al. | Introducing privacy in a hospital information system | |
| Habibi | Consent based privacy for eHealth systems | |
| Liu et al. | A Blockchain-Based Personal Health Record System for Emergency Situation | |
| Deborah et al. | Blockchain: a possible alternative to achieving health information exchange (hie) | |
| Thantilage et al. | Towards a privacy, secured and distributed clinical data warehouse architecture | |
| Chen et al. | Identity management to support access control in e-health systems | |
| Simpson et al. | On tracker attacks in health grids | |
| Yue et al. | Blockchain Enabled Privacy Security Module for Sharing Electronic Health Records (EHRs) | |
| Senese | A study of access control for electronic health records | |
| Chinaei et al. | User-managed access control for health care systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20090107 Termination date: 20180315 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |