RU2790938C1 - Method and system for protecting information from leakage when printing documents with implementation of digital marks - Google Patents

Abstract

FIELD: information security.

SUBSTANCE: effect is achieved by a method of encoding information to protect it from leaks when printing documents, in which information is received on the user's computer device about printing a digital document containing text, while the computer device is associated with a unique identifier (UID) of the user; the letters contained in the digital document are recognized before the digital document is sent to print; the user’s UID is encoded into a set of digital marks located in the appropriate neighbourhoods on the contours of the letters and/or near the contours of the letters, the UID is encoded on each page of the document; transmitting the digital document to print with the encoded UID of the user.

EFFECT: increased efficiency of data protection against leakage due to the introduction of digital labels into the document, encoding a unique user identifier for its subsequent identification when analysing printed documents, increasing the reliability of information protection.

9 cl, 7 dwg, 10 tbl

Description

FIELD OF TECHNOLOGY

[0001] The claimed solution relates to the field of information security, in particular to solutions for preventing information leakage when printing documents.

BACKGROUND OF THE INVENTION

[0002] Data Leak Prevention (DLP) technologies are technologies for preventing leaks of confidential information from an information system outside, as well as technical devices (software or firmware) for such leak prevention.

[0003] From patent application US 20080091954 A1 (Morris et al., 04/17/2008) a solution is known for checking the integrity of data presented on printed documents. The solution is based on the use of a unique identifier, which is used to analyze the content of the document. Each document segment is assigned a digit or group of digits, and each page or document segment can be assigned one digit in a common identifier. The set of digits associated with the document is combined into an authentication string. Upon receipt of a request for post-processing of the document, the authentication and integrity of the document is performed by reading the submitted document to obtain an authentication string, and then comparing the new string with the previously stored string. After a successful match, the document is considered valid, authenticated, and unchanged.

[0004] The disadvantage of this solution is the impossibility of using it to prevent leaks in order to identify the employee who made the leak when printing documents. Also, another disadvantage is the insufficient efficiency of document protection, which is due to the use of a code to compare the authenticity of the document, which only allows you to establish the fact of the immutability and authenticity of the document, but not to prevent information leakage.

SUMMARY OF THE INVENTION

[0005] The claimed invention is directed to solving the technical problem of creating an effective means for protecting digital information from leakage during its printing.

[0006] The technical result consists in increasing the efficiency of data leakage protection by introducing digital labels into the document encoding a unique user identifier for its subsequent identification when analyzing printed documents.

[0007] The claimed result is achieved due to the method of encoding information to protect it from leaks when printing documents, performed using the processor of a computer device, while the method includes the steps of:

receive on the user's computer device information about printing at least one digital document containing at least text, while the computer device is associated with a unique identifier (UID) of the user;

carry out processing until the transfer of a digital document for printing, during which

recognize the letters contained in the digital document;

encoding the UID of the user into a set of digital labels, which are located on the contours of the letters and/or near the contours of the letters of the digital document;

transmitting the digital document to be printed with the encoded UID of the user.

[0008] In one of the particular examples of the implementation of the method, the recognition of a digital document is performed using optical character recognition (OCR).

[0009] In another particular example of the implementation of the method, all characters on each page of a digital document are recognized.

[0010] In another particular example of the implementation of the method, each symbol of the UID of the user is encoded in binary code.

[0011] In another particular example of the implementation of the method, based on the digit of the binary code, the area for placing digital marks is determined.

[0012] The claimed technical result is also achieved through the implementation of a method for protecting information from leaks on printed documents, performed using the processor of a computer device, while the method includes the steps of:

obtaining at least a portion of an image of a printed document encoded by the UID of the user in the above manner;

perform recognition of the received image;

determine letters containing digital marks in their neighborhood;

performing the determination and extraction of the encoded UID.

[0013] In one of the particular examples of the implementation of the method, the recognition of a digital document is performed using OCR.

[0014] The claimed solution is also implemented using appropriate systems containing a processor and memory that store machine-readable instructions for implementing each of the above methods.

BRIEF DESCRIPTION OF THE DRAWINGS

[0015] FIG. 1 illustrates a flowchart of a digital label encoding method.

[0016] FIG. 2A-2B illustrate examples of placement of digital labels in a digital document.

[0017] FIG. 3 illustrates a block diagram of digital label decoding.

[0018] FIG. 4 illustrates a diagram of the opening hours of UID positions.

[0019] FIG. 5 illustrates a general view of the computing device.

IMPLEMENTATION OF THE INVENTION

[0020] In FIG. 1 shows a method (100) for protecting information in digital documents from leakage by encoding a user's UID as digital labels into the document. In the first step (101), printing information of the digital document is obtained. The method (100) is executed on the computer device of the user, for example, an employee, while the user's UID is attached to the device, allowing him to be identified. The execution of step (101) is animated by software logic executed by a computer device and can be implemented, for example, in the form of a software agent or module that receives signals from the processor indicating that a digital document has been sent for printing. A digital document is usually a file and may contain text, graphics, or combinations thereof.

[0021] After receiving a command on the device to intercept and analyze the document before sending it to the printer, at step (102) recognition of the said digital document is performed. Document processing is performed using OCR technology to provide recognition of letters and characters in a digital document.

[0022] After the digital document recognition step, in step (103), the UID encoding process is performed. UID is, for example, a numerical personnel number of an employee - a TAB digital code, consisting, for example, of 8 digits. This code can be represented as an array of numbers TAB ₈ ={n ₁ , n ₂ , …n _m }, TAB ₈ ∈ [0…9], m=8. A schematic view of the code is presented in the table.

[0023] Each element of the personnel number is a number from 0 to 9, respectively, each element of the personnel number can be displayed in binary form with a dimension of 4 bits, i.e. it will be a binary number from 1 to 1100, which is the shifted homomorphism shown in Table 2.

i=8, необходимо 4 разряда b_i={с₁, с₂, с₃, с₄}, пример которых представлен в Таблице 3.[0024] The mapping of 0 to 0001 is necessary in order to capture the presence of 0 in the personnel number. To encode a personnel number element in binary code

i=8, 4 digits are needed b _i ={с ₁ , с ₂ , с ₃ , с ₄ }, an example of which is presented in Table 3.

[0025] Thus, it is possible to encode any number into a letter by binary encoding. An example of such a split for subsequent encoding is shown in FIG. 2A - Fig. 2B. Each recognized letter (20) is divided into 4 quarters in a clockwise plane, starting from the lower left corner.

[0026] If there are 1s in the I digit of the binary representation of the personnel number digit from ₁ , the label is placed in the I quarter. Similar operations are carried out with all digits of the binary representation of a digit.

[0027] The method of marking the space around the letter is that, as shown in FIG. 2B-2C, a digital mark is applied in the form of a line (21) on the surface of the letter or a dot (22) in the vicinity of the letter in a given quarter.

[0028] An example of encoding labels into letters is shown in Table 4.

страниц, тогда документ D - есть массив страниц,

[0029] The above table 4 means that each position of the number in the personnel number can be encoded to any of the 4 letters. The choice of letters for labeling is carried out page by page. Let document D contain

pages, then document D is an array of pages,

считывается посимвольно текст и записывается в массив символов

где

- количество символов на странице p_i, из них выявляются русские буквы

[0030] On each page p _i ,

read text character by character and write to character array

Where

- the number of characters on the page p _i , Russian letters are detected from them

которые соответствуют позиции из таблицы 4. Например, Pos₁, заполняется всеми символами из

которые имеют значения {а, з, п, ч}, вне зависимости от регистра.[0031] Next, 8 arrays Pos ₁ , Pos ₂ ...Pos ₈ are created, each of which corresponds to each position of the personnel number. Each Pos array is filled with those characters from

which correspond to the position from table 4. For example, Pos ₁ is filled with all characters from

which have the values {a, z, n, h}, case-insensitive.

- размерности полученных массивов, Р - процент символов на внедрение метки Р∈[0,3…0,7], тогда каждый массив из Pos₁, Pos₂…Pos₈ обрезается с конца до размерности

[0032] The arrays Pos ₁ , Pos ₂ ...Pos ₈ are shuffled, for example, by Knuth's shuffle. Let

- the dimensions of the received arrays, P - the percentage of characters for the introduction of the label Р∈[0.3…0.7], then each array from Pos ₁ , Pos ₂ ... Pos ₈ is cut off from the end to the dimension

используются для нанесения цифровых меток вышеописанным способом. Внесение цифровых меток осуществляется с помощью вырезания букв с помощью OCR, внесения меток в пиксельные координаты и внесение букв с цифровыми метками обратно в документ, направляемый на печать. После внедрения всех меток (21, 22) на искомой странице p_i тоже самое выполняется для следующей страницы p_i+1 и так далее до конца документа

[0033] Received Arrays

are used to apply digital labels in the manner described above. Digital labeling is done by cutting out the letters using OCR, labeling in pixel coordinates, and embedding the digitally labeled letters back into the document to be printed. After all labels (21, 22) have been embedded on the desired page p _i, the same is done for the next page p _i+1 and so on until the end of the document

[0034] Table 5 shows an example label encoding for user UID 00013400.

[0035] After entering the digital labels encoding the UID into the document to be printed, at step (104) it is sent for printing. The printed document will contain an encoded UID that is indistinguishable to the human eye. The size of digital labels can be chosen arbitrarily (for example, labels with a radius of 1-2 pixels).

[0036] In FIG. 3 shows the sequence of steps performed when performing the method (300) for recognizing UIDs on printed documents. At step (301), the computing device used to determine the UID in the printed document receives an image of such a document. The image may contain all or part of UID-encoded text obtained, for example, by taking a photo with an external device (smartphone, camera, etc.) or by scanning a printed document with OCR.

[0037] Next, at step (302), also using OCR technology, letter recognition is performed in the document, and if there are several pages in the document, then each page of the document is recognized. In step (303), the digital marks in the vicinity of the recognized letters are read. An example of parsing digital labels may be as shown in Table 5, which may be used as a table to map labels to the corresponding digit of the user's UID.

[0038] After that, the UID is decoded at step (304) and the personnel number of the employee and the corresponding user is established from it, from whose computer device the document was printed.

[0039] Mathematical justification of the method

[0040] To do this, we will make sure that the frequencies of disclosure of positions TAB ₈ ={n ₁ , n ₂ , ... n _m }, m=8 are evenly distributed for all m, which allows us to show the probability of extracting a personnel number (UID) from the text of the page.

[0041] For mathematical justification, a study was conducted on the frequency of occurring letters in a text with different content, for example, consider such a distribution characteristic of literary works. List of literary works participating in the experiment: The Silmarillion. J.R.R. Tolkien, Twenty Thousand Leagues Under the Sea. Jules G. Verne, Twenty years later. Alexandre Dumas, Three Musketeers. Alexandre Dumas, Gone with the Wind. Margaret Mitchell, Ivanhoe. Walter Scott, Hero of Our Time. N.V. Gogol, War and Peace. L.N. Tolstoy, Inhabited Island. Boris and Arkady Strugatsky, Crime and Punishment. F.M. Dostoevsky, The Living and the Dead. K.M. Simonov, total 8366594 characters, 3919 pages. Mathematical linguistics has shown the following probabilities of the frequency of meeting letters of the Russian alphabet in texts (Table 6).

[0042] To obtain the value of the frequency of disclosure of positions TAB ₈ ={n ₁ , n ₂ , ... n _m } the following steps are performed. From tables 4 and 5, the letters in which the digits are encoded are known. To obtain the bit expansion frequency for the labeling algorithm in the space near the letter, the frequencies of the letters into which the labels are encoded are added, because the position is opened when a label is found in at least one of them. As a result of the above actions, table 7 is obtained.

[0043] Based on Table 7, the diagram shown in FIG. 4. The diagram shows that the opening frequency of all positions is distributed relatively evenly.

[0044] Calculate the number of each letter of the Russian alphabet of the experimental sample:

[0045] For the method of drawing a dot in the space near the letter, the following assumption is made: the percentage P of symbols for the insertion of the label P=0.3, when transmitted through messengers, a certain percentage M=0.7 labels is lost. Based on the above, you can calculate the probability of recognizing a text if there is available for decryption:

whole page;

страницы;

pages;

страницы.

pages.

[0046] Experimental Application Example.

[0047] During testing, about 500 pages of various content were printed and analyzed:

text, sparse text, text with tables, text with graphs, text with formulas;

with different font types: Arial, Calibri, Times New Roman;

different text design: regular, italic, bold, underlined;

different dimensions: 12px, 14px;

different line spacing: 0.5,1.15,1.5;

different character intervals: normal, sparse, compacted;

[0048] In each case, the possibility of extracting the label with:

printouts directly;

from a photo printout;

a photo printout sent via messenger.

[0049] Printing was carried out on a Lexmark MX711de office black and white laser printer on Snegurochka office paper with whiteness CIE 146 according to ISO 11475.

[0050] Photographing was made on a Samsung A51 phone in office lighting, the paper lies horizontally on the table, photographing is random at different, insignificant angles, on the order of 2-4% in 3 dimensions.

[0051] When transferring photos, the Telegram messenger was used with image compression upon sending.

[0052] During the experiment, parameters were selected, such as the size of the marks, their optimal places and methods of application. The results of the last phase of the experiment are shown in Table 10.

[0053] The above table shows good results in the analysis of sent photos of printouts sent via messenger on an office black and white printer. As a result of the experiment, the optimal parameters for the introduction of the label were selected, which, on the one hand, would be visible on the printouts as printer defects, on the other hand, were well extracted from the transferred photos via instant messengers.

[0054] In FIG. 5 is a perspective view of a computing device (500) suitable for performing the above methods. Device (500) may be, for example, a computer, server, or other type of suitable computing device.

[0055] In general, the computing device (500) contains one or more processors (501) connected by a common information exchange bus, memory means such as RAM (502) and ROM (503), input/output interfaces (504), input devices / output (505), and a device for networking (506).

[0056] The processor (501) (or multiple processors, multi-core processor) may be selected from a variety of devices currently widely used, such as Intel™, AMD™, Apple™, Samsung Exynos™, MediaTEK™, Qualcomm Snapdragon™, and etc. The processor (501) can also be a graphics processor such as Nvidia, AMD, Graphcore, etc.

[0057] RAM (502) is a random access memory and is designed to store machine-readable instructions executable by the processor (501) to perform the necessary data logical processing operations. The RAM (502) typically contains the executable instructions of the operating system and associated software components (applications, program modules, and the like).

[0058] A ROM (503) is one or more persistent storage devices such as a hard disk drive (HDD), a solid state drive (SSD), flash memory (EEPROM, NAND, etc.), optical storage media ( CD-R/RW, DVD-R/RW, BlueRay Disc, MD), etc.

[0059] Various types of I/O interfaces (504) are used to organize the operation of device components (500) and organize the operation of external connected devices.

The choice of appropriate interfaces depends on the particular design of the computing device, which can be, but not limited to: PCI, AGP, PS/2, IrDa, FireWire, LPT, COM, SATA, IDE, Lightning, USB (2.0, 3.0, 3.1, micro, mini, type C), TRS/Audio jack (2.5, 3.5, 6.35), HDMI, DVI, VGA, Display Port, RJ45, RS232, etc.

[0060] To ensure user interaction with the computing device (500), various means (505) of I / O information are used, for example, a keyboard, a display (monitor), a touch screen, a touch pad, a joystick, a mouse, a light pen, a stylus, touch panel, trackball, speakers, microphone, augmented reality, optical sensors, tablet, indicator lights, projector, camera, biometric identification tools (retinal scanner, fingerprint scanner, voice recognition module), etc.

[0061] The networking means (506) enables data communication by the device (500) via an internal or external computer network, such as an Intranet, Internet, LAN, and the like. As one or more means (506) can be used, but not limited to: Ethernet card, GSM modem, GPRS modem, LTE modem, 5G modem, satellite communication module, NFC module, Bluetooth and / or BLE module, Wi-Fi module and others

[0062] Additionally, satellite navigation tools in the device (500) can also be used, for example, GPS, GLONASS, BeiDou, Galileo.

[0063] The submitted application materials disclose preferred examples of the implementation of the technical solution and should not be construed as limiting other, particular examples of its implementation that do not go beyond the scope of the requested legal protection, which are obvious to specialists in the relevant field of technology.

Claims (20)

1. A method for encoding information to protect it from leaks when printing documents, performed using a processor of a computer device, the method comprising the steps of: receive on the user's computer device information about printing at least one digital document containing at least text, while the computer device is associated with a unique identifier (UID) of the user; carry out processing until the transfer of a digital document for printing, during which recognize the letters contained in the digital document; encoding the UID of the user into a set of digital labels, in which the UID is converted to binary form; the letters are divided into four quarters, where each quarter contains part of the contour of the letter and the space near the contour; make digital marks in the form of dots in the appropriate neighborhood near the contours of the letters, while encoding UID is performed on each page of the document; transmitting the digital document to be printed with the encoded UID of the user. 2. The method according to claim. 1, characterized in that the recognition of the digital document is performed using optical character recognition (OCR). 3. The method according to claim 2, characterized in that all characters on each page of the digital document are recognized. 4. The method of claim. 1, characterized in that each character UID of the user is encoded in binary code. 5. The method according to claim 4, characterized in that, based on the bit of the binary code, the area for placing digital marks is determined. 6. A method for protecting information from leaks on printed documents, performed using a processor of a computer device, the method comprising the steps of: obtaining at least a portion of an image of a printed document encoded by the UID of the user by the method according to any one of paragraphs. 1-5; perform recognition of the received image; determine letters containing digital marks in their neighborhood; performing the determination and extraction of the encoded UID. 7. The method according to claim 6, characterized in that the recognition of the digital document is performed using OCR. 8. An information encoding system to protect against information leakage when printing documents, comprising at least one processor, at least one memory associated with the processor and containing machine-readable instructions that, when executed by the processor, carry out the method according to any one of paragraphs. 1-5. 9. A system for protecting information from leaks on printed documents, comprising at least one processor, at least one memory associated with the processor and containing machine-readable instructions that, when executed by the processor, carry out the method according to any one of paragraphs. 6, 7.

Images