201237667 六、發明說明: 【發明所屬之技術領域】 本發明有關於電子文件的權限管理方法與其裝 置,尤其是關於電子文件内容外洩事件之後,追縱電子χ 件外洩源頭之方法與其裝置。 【先前技術】 在保護電子檔案之版權權限管理(privileges management)方面,習知方式之一通常會採取的方式是 在客戶端(client)安裝加解密程式(AP)。使用者需要輸人 帳號(user account)、密碼(user password)存取該檐案, 而該加解密程式會以使用者輸入之帳號、密碼藉由與網 路連線向認證伺服器(authentication server)查詢,藉以 辨識該使用者身份。當身份認證通過後,認證伺服器 (Authentication,Authorization & Accounting Server)會 將使用者對應之權利(rights,組織之外的人所獲的授 權)、或權限(privileges,組織之内的人所獲的授權)傳 回客戶端應用程式。此時應用程式會依據所回傳的權利 或權限,決定使用者對此檔案可以執行的動作,如唯 讀、可寫入、可列印等等動作。 電子檔案(文件)在受到版權管理保護之後,有被授 權可以閱讀的使用者,開啟檔案閱讀之後,會受到權限 管理工具的限制。但是如果該使用者、或第三人於本地 (local site)以數位攝影機、影像工具、或者他人藉由遠 端工具(remote tool)於遠端(remote site)竊取正在開 啟、瀏覽的内容,就能將文件内容的影像節錄成另一檔 案。如果沒有一些手段,則文件資訊外洩之後,卻無法 找出外洩來源(使用的終端裝置、使用人、時間)。 201237667 習知技術的隱藏性浮水印方法,是用在靜鲅性胃 重新製作’並且利用頻譜轉換的$生= = Γ資料嵌入圖片之中,以便事後該圖片追‘ 在,讀進行中的文件,此類技術則不易施行。 塑;ίΐ若要轉為圖片’則在閱讀該文件時會受到麥 U者,文件若經常修改,則每修m要轉二 為圖=以嵌入隱藏性浮水印,實務上則非便利。、 方法ίίϊ針對上述缺失或需求,提供-終端裝置盥 方法仪事後可追蹤資訊外洩之源頭。 一 【發明内容】 端货主要精神是’在受保護的閱讀11、或是終 易辨識的透明浮乂。域上,嵌入肉眼不 工具辨識透明浮水印資料,推而二二』3用衫像 源頭。 貝枓進而/刀析、了解資料外洩的 依本毛明之一面向’該方法包含下列步驟: (a) 當一使用者使用一終端裝置、一閱讀器程式開 欠該電子文件時’取得該使用者的資訊以及該終端 的資訊; 、 (b) 產生一透明性視窗; ⑷以透明浮水印型式,將使用者的該資訊以及炊 端裝置的該資訊顯示在該透明性視窗上,其中該使用者 以肉ii ΐ辨識該透明浮水印型式資訊的存在。 像處ϋ5子ίϊΐ戴錄成一影像檔案後,可藉由-影 來,心透明浮水印型式資訊清楚地顯示出 201237667 或 任 該透明性視窗只涵蓋該閱讀器程式的顯示 該透明性視窗涵蓋該終端裝置的整個顯示區或是° 意區域。 該終端裝置係一資料處理裝置或一通訊裝 本發明之其他詳細特徵及特點,可由以下^ 端裝置的實施方式的說明以及中請專利範圍得知。或終 【實施方式】 ,創作以下所稱之電子文件,為 訊,其可能包含文字、方程式、聲旦的=枓或資 晝等等攜帶資訊的任何資料^件。&像、圖形、動 本創作以下所稱之終端裝置(terminal devi } t但不限於客戶端電腦(client),如桌上型 路連線的認證功能,而能接收或傳輸有與, iPod,iPad,iPhone或其他廠牌的個人電腦 二 等等皆屬於終端裝1。 卿關人仏或伺服器 步驟本發明供追蹤電子文件外茂源頭之方法包含下列 ⑷當-使用者使用—終端裝置、—閱讀器程式開 "亥電子文件時,取得該使用者的資訊以及該終端 的資訊; (b)產生一透明性視窗; ⑷以透明浮水印型式,將❹者的該資訊以及终 ^裝置的該資訊顯示在該透明性視窗上,其中該使用者 以肉=法辨識該透明浮水印型式f訊的存在。 田。亥電子文件被截錄成一影像檔案後,可藉由一影 201237667 =處理程式,將該透明浮水印型式資訊清楚地顯示出 ί意區域。—置係1以;:仏 該透明性視窗,是附 視窗具有以下特性: 在閱°貝為私式上,此透明性 1 ·不影響使用者閱讀; 2.不影響使用者操作; IP,又、^月性視窗上顯示可追溯的文*,例如姓名, A司名稱等等,但這此資 β 示,故間+ 0 貝疋非常透明的方式顯 讀者的肉眼不易查覺或辨識。 程式密文件時’具有權限保護的閱覽器 腦資訊,以、秀,明性的視窗,並且取得使用者與電 如圖1所示透月汙水印方式顯示在此視窗。詳細的流程 式浮目前狀態是否是需要顯示隱藏 取得+西卩,非,Μ續執行方塊1〇ι。若是,方塊1〇2 這!的浮水印内容(姓名’ΙΡ,公司名稱),加 明二顯示於浮水印視窗,但是這些資訊是以非常透 1〇3 閱ϊ者的肉眼不易查覺或辨識。方塊 算> ^、要.、、員不的靶圍是否有變動,若是,方塊104計 相印視窗的區域範圍,之後,方塊1〇5調整浮水印 大小與範圍,完成後,執行方塊1〇2。方塊 、J、、《果若為否,則至方塊1〇1。 閱許Ϊ 2揭露某一使用者將文件以Microsoft Word文件 =器=呈式開啟後顯示於顯示器上的情況。方塊1〇1 二曰二權限管理資料庫,判斷該使用者的權限後,若決 疋疋需要顯示隱藏式浮水印,就執行方塊1〇2。其結果 201237667 印^用者而言,並不影響_,但實際上有透 設若圖2的内容被該使用者、或第三人於本地以 影機、或者藉由遠端電腦工具於遠端竊取内容,而 容的影像節錄成另-檔案。圖3揭露圖2内容露 去的影像,被影像工具(jpg格式)程式開啟時的㈡ 爻。此時,肉眼無法辨識的隱藏式浮水 益^ ;二2=讀’但這些肉眼無法辨識的; 像突象讓處=可術:將 =:a印=mac°~^^ 圖3的影像内容經過影像處理技術處理 圖4的顯示結果。此時任何人的 炱 ^ 的顯示結果具有浮水印資料, =丨圖4201237667 VI. Description of the Invention: [Technical Field] The present invention relates to a method for managing rights of an electronic document and a device thereof, and more particularly to a method and apparatus for tracking the source of leakage of an electronic component after an event of leakage of an electronic file. [Prior Art] One of the conventional methods for protecting copyright management of electronic files is to install an encryption and decryption program (AP) on a client. The user needs to access the account by the user account and the user password, and the encryption and decryption program connects to the authentication server by using the account and password input by the user. ) query to identify the user. After the identity authentication is passed, the authentication server (Authentication, Authorization & Accounting Server) will assign the user's rights (rights, authorizations obtained by people outside the organization), or permissions (privileges, people within the organization). The obtained authorization) is passed back to the client application. At this time, the application determines the actions that the user can perform on the file, such as read-only, writable, printable, etc., depending on the rights or permissions returned. After the electronic file (file) is protected by copyright management, it is authorized to read. After opening the file, it will be restricted by the rights management tool. However, if the user or a third person steals the content being opened and browsed at a remote site by a digital camera, an imaging tool, or another person using a remote tool at a remote site, The image of the file content can be recorded as another file. If there is no means, after the file information is leaked, it is impossible to find out the source of the leak (the terminal device used, the user, the time). 201237667 The hidden watermarking method of the conventional technology is used in the re-production of the static stomach and uses the spectrum conversion of the $ raw == Γ data embedded in the image, so that the image is later chased after the file is being read. Such technology is not easy to implement. If you want to turn into a picture, you will be affected by the paper when you read the file. If you change the file frequently, you need to change the image to 2 for each fixed m. In order to embed the hidden watermark, it is not convenient in practice. , Method ίίϊ For the above-mentioned missing or demand, provide - terminal device 盥 Method to trace the source of information leakage afterwards. A [Summary of the Invention] The main spirit of the terminal goods is 'protective reading 11, or a transparent floating raft that is easily recognizable. On the domain, the naked eye does not recognize the transparent watermark data, and pushes the 22nd and 3rd shirts like the source. Beckham's further analysis of the data leakage is based on one of the following steps: (a) When a user uses a terminal device and a reader program to owe the electronic file, 'acquire the User's information and information about the terminal; (b) generating a transparency window; (4) displaying the information of the user and the information of the terminal device on the transparency window in a transparent watermark type, wherein The user recognizes the existence of the transparent watermark type information by using meat ii 。. After being recorded as an image file, the transparent transparent watermark type information can be clearly displayed by the image-shadowing 201237667 or the transparency window only covers the display of the reader program. The entire display area of the terminal device or the ambience area. The terminal device is a data processing device or other detailed features and features of a communication device, which can be understood from the description of the embodiments of the device and the scope of the patent application. Or the end [Embodiment], the following electronic documents are created, which may include any information such as words, equations, sounds, or assets, etc. & image, graphic, dynamic creation of the following terminal device (terminal devi } t but not limited to the client computer (client), such as the desktop connection authentication function, can receive or transmit with, iPod , iPad, iPhone or other brands of personal computers, etc. are all terminal devices. 1. Qing Guanren or server steps The method of the present invention for tracking electronic files is as follows: (4) When - user use - terminal device , when the reader program opens "Hai electronic file, obtain the information of the user and the information of the terminal; (b) generate a transparency window; (4) use the transparent watermark type to display the information of the latter and the final ^ The information of the device is displayed on the transparency window, wherein the user recognizes the existence of the transparent watermark type f-message by the meat= method. After the electronic file is intercepted into an image file, the image can be obtained by a shadow 201237667 = processing program, the transparent watermark type information clearly shows the ambiguous area. - Set the system to;; 仏 the transparency window, the attached window has the following characteristics: In the reading of the shell is private, Transparency 1 · Does not affect the user's reading; 2. Does not affect the user's operation; IP, and ^ month window display traceable text *, such as name, A name, etc., but this capital shows that In the meantime, the 0 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋 疋The translucent smear printing method shown in Figure 1 is displayed in this window. The detailed flow type of floating state is required to display the hidden acquisition + 卩, non, and continue to execute the block 1 〇 ι. If yes, block 1 〇 2 this! The watermark content (name 'ΙΡ, company name), plus Ming 2 is displayed in the watermark window, but the information is not easy to detect or recognize by the naked eye of the reader. The square counts > ^, want. If there is any change in the target range, if the block 104 counts the area of the window, then the block 1〇5 adjusts the size and range of the watermark. After completion, block 1〇2. Block, J, If the fruit is no, then go to box 1 1. Read Xu 2 reveals the situation in which a user displays the file on the display after opening it as Microsoft Word file = device = format. Block 1〇2 2 2 permission management database, after judging the user's permission If the decision needs to display a hidden watermark, execute block 1〇2. The result is that 201237667 does not affect _, but actually has the content of Figure 2 being used by the user, or The third person steals the content locally by a video camera or remote computer tool, and the video is recorded as another file. Figure 3 reveals the image of the image shown in Figure 2, and the image tool (jpg format) (2) when the program is open. At this time, the hidden floating water is unrecognizable to the naked eye; 2 2 = read 'but these are unrecognizable by the naked eye; like the image of the elephant = can be used: will =: a print = mac ° ~ ^ ^ image content of Figure 3 The display result of FIG. 4 is processed by image processing technology. At this time, the display result of any person's 炱 ^ has watermark data, =丨 Figure 4
Company,姓名為J〇hn邙卿,日期 „為T 此能二,,追縱到文件内容外茂的裝置、使用人、日。因 端裝ΐ 的ί Γ : ^含如第5圖中的終 處理器5〇1與一 m中所;;,終端裳置5〇包含 的方法、閱讀器程^/儲存本創作 501 執程序“其中含1本二專述方處法理。器 (a) 丁本創作的方法時,執行: 啟該電子;件時,in ί、-閱讀器程式開 的資訊; 取㈣使用者的資訊以及該終端裳置 (b)產生 透明性視窗 201237667 (c)以透明浮水印型式 端裝置的該資賴示在該㈣m者訊以及終 式,將該透明浮水印型式資 J猎由一杉像處理程 且該透明性視窗只涵蓋該"閱不出來’如上述。 意區域。 ^襄置的整個顯示區或是一任 趙及二於軟體,, t! ; i :^ 驛。f枓處理系統可包含一妒 义乃次之步 特殊的處理器,例如數位訊利用 或客製化指令序列。 心心⑽P)、控制器、 應了解的是,先前之說明是用 於限制本發明之範圍,本發 、夕月,用,而非用 範圍所界定。其他實施^ 申請專利 範圍内。 疋*盈於後附申凊專利範圍之 【圖式簡單說明】 第1圖揭滅實施例的流程; 第2圖揭露文件顯示後的情況; 2 =露汽露出去的影像,被影像處理工具開啟時的 =像處理卫具將浮水印突顯出來的情、、兄. 弟5圖為本創作的裝置的實施例。 閒况, 【主要元件符號說明】 201237667 101方塊 102方塊 103方塊 104方塊 105方塊 50終端裝置 501處理器 503記憶體 505網路Company, the name is J〇hn邙卿, the date „ is T, the second, the device, the user, the day that traces the contents of the file. The ΐ 因 ^ : ^ contains the picture as shown in Figure 5 The final processor 5〇1 and a m are included;;, the terminal is set to 5〇, the method included, the reader program ^/storage creation 501 execution program "which contains 1 second statement method. (a) When Dingben's method of creation, execute: Start the electronic; when the piece, in ί, - the reader opens the information; take (4) the user's information and the terminal is placed (b) produces transparency window 201237667 (c) the information of the transparent watermark type end device is shown in the (4) m message and the final form, and the transparent watermark type J is hunted by a fir image processing process and the transparency window only covers the "read Do not come out 'as above. Italian area. ^ The entire display area of the device is either a Zhao and a second software, t!; i :^ 驿. The f枓 processing system can include a special step, such as a digital message or a customized instruction sequence. The present invention is intended to limit the scope of the invention, which is defined by the scope of the present invention. Other implementations ^ Within the scope of patent application.疋* surplus in the attached patent scope [simplified description of the drawings] Figure 1 shows the flow of the embodiment; Figure 2 reveals the situation after the file is displayed; 2 = the exposed image of the exposed image When it is turned on = like the processing aid, the watermark is highlighted, and the brother 5 is an embodiment of the device of the creation. Leisure, [Main component symbol description] 201237667 101 block 102 block 103 block 104 block 105 block 50 terminal device 501 processor 503 memory 505 network