TW201723915A - Information management method and server for data protection in communication process - Google Patents

Information management method and server for data protection in communication process Download PDF

Info

Publication number
TW201723915A
TW201723915A TW104144748A TW104144748A TW201723915A TW 201723915 A TW201723915 A TW 201723915A TW 104144748 A TW104144748 A TW 104144748A TW 104144748 A TW104144748 A TW 104144748A TW 201723915 A TW201723915 A TW 201723915A
Authority
TW
Taiwan
Prior art keywords
electronic communication
communication content
sent
management server
contact object
Prior art date
Application number
TW104144748A
Other languages
Chinese (zh)
Inventor
詹前峰
陳思良
Original Assignee
玉山商業銀行股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 玉山商業銀行股份有限公司 filed Critical 玉山商業銀行股份有限公司
Priority to TW104144748A priority Critical patent/TW201723915A/en
Publication of TW201723915A publication Critical patent/TW201723915A/en

Links

Landscapes

  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The present invention is an information management method for data protection in communication process. The method comprises the following steps: using default rules to check a electronic data which is going to be sent to a external contact object; generating an interface for inputting an apply data; and determining whether to send the electronic data by the apply data.

Description

通訊過程中的資訊管控方法及管理伺服器 Information management method and management server in communication process

本發明是有關於一種通訊過程中的資訊管控方法及管理伺服器,特別是指一種防止資料經由通訊過程外洩的資訊管控方法及管理伺服器。 The invention relates to an information management method and a management server in a communication process, in particular to an information management method and a management server for preventing data leakage through a communication process.

防止資料外洩(Data Loss Prevention,簡稱DLP)的技術方案是應用在避免重要資訊在包括端點操作過程、網路通訊傳輸過程或儲存過程被洩漏。重要資訊包括公司的智慧財產權、財務或個人資料等。 The technical solution for preventing Data Loss Prevention (DLP) is to prevent important information from being leaked during the process including endpoint operation, network communication transmission process or storage process. Important information includes the company's intellectual property rights, financial or personal information.

以金融業為例,依循金管會公布金融業個資安全維護辦法,該辦法金管會用來規範金融業者個資維護措施的「指定非公務機關個人資料檔案安全維護辦法」,適用產業別包括了金融控股公司、銀行業、證券業、期貨業、保險業、電子票證業、其他經金管會公告的金融服務業,以及金管會主管的財團法人,第三方支付也因屬於電子票證業而適用。 Taking the financial industry as an example, in accordance with the Financial Management Association, the Financial Industry Security Maintenance Measures are promulgated. This method is used to regulate the financial institution’s personal maintenance measures, “Specified non-public service personal data file security maintenance methods”, and the applicable industries include Financial holding companies, banking, securities, futures, insurance, e-ticketing, other financial services announced by the FSC, and consortium corporations headed by the FSC, third-party payments are also applicable to the electronic ticket industry.

為了能符合上述個資法規規範,精進資訊安全,消弭電子郵件資料外洩疑慮,強化郵件傳送安全,及有效管控流量及資源使用,需要一套符合個資法規、不影響正常業務流程提昇工作效率及降低機密資料外洩的風險的資訊管控方法。 In order to meet the above-mentioned rules and regulations, improve information security, eliminate e-mail data leakage concerns, strengthen mail transmission security, and effectively control traffic and resource usage, it is necessary to comply with individual regulations and not affect normal business processes to improve work efficiency. And information management methods to reduce the risk of leakage of confidential information.

本發明之目的,即在提供一種解決先前技術缺失的通訊過程中的資訊管控方法及管理伺服器。 It is an object of the present invention to provide an information management method and a management server for solving a communication process in which the prior art is absent.

在一些實施態樣中,本發明通訊過程中的資訊管控方法配合一用戶終端、一管理終端、一管理伺服器,及一設定為一外部聯絡對象以供下載該電子通訊內容之通訊裝置運作,當該用戶終端傳送一電子通訊內容至該外部聯絡對象時,該管理伺服器管控該用戶終端於通訊過程中的相關資訊發送與否,且該方法係包括下述步驟:(a)該管理伺服器依據一預定規則核對該電子資料而判斷為禁止發送時,則發出一待審核通知訊息予該用戶終端,並禁止發送該電子通訊內容;(b)該管理伺服器產生一操作介面供接收該用戶終端依據該待審核通知訊息發出的一申請資料,而發出對應該申請資料的一申請通知訊息予該管理終端;(c)該管理伺服器回應該管理終端對於該申請資料發出的一審核訊息,而依據該審核訊息的一否准資料允許發送禁止發送或允許發送該電子通訊內容至該外部聯絡對象;及(d)該管理伺服器若判斷允許發送該電子通訊內容至 該外部聯絡對象,將該電子通訊內容以一預定密碼加密成一加密文件,並發送該電子通訊內容。 In some implementations, the information management method in the communication process of the present invention cooperates with a user terminal, a management terminal, a management server, and a communication device configured as an external contact object for downloading the electronic communication content. When the user terminal transmits an electronic communication content to the external contact object, the management server controls whether the related information of the user terminal during the communication process is sent or not, and the method includes the following steps: (a) the management servo When it is determined that the electronic data is prohibited from being sent according to a predetermined rule, a pending notification message is sent to the user terminal, and the electronic communication content is prohibited from being sent; (b) the management server generates an operation interface for receiving the The user terminal sends an application notification message corresponding to the application information to the management terminal according to the application information sent by the pending notification message; (c) the management server returns an audit message sent by the management terminal to the application data. And according to the approval information of the audit message, permission to send or prohibit the transmission of the electronic communication is allowed. The external contacts to the object; and (d) if it is determined to allow the management server transmits the content to the electronic communications The external contact object encrypts the electronic communication content into an encrypted file with a predetermined password, and transmits the electronic communication content.

在一些實施態樣中,所述的防止電子通訊內容外洩的資訊方法還包括下述步驟:(e)回應該外部聯絡對象的一要求,而產生一含有該預定密碼的訊息傳送給該外部聯絡對象。 In some implementations, the information method for preventing leakage of the electronic communication content further includes the following steps: (e) responding to a request of the external contact object, and generating a message containing the predetermined password and transmitting the message to the external Contact person.

在一些實施態樣中,該電子通訊內容是一電子郵件服務之通訊內容,該外部聯絡對象是至少一外部郵件信箱地址。 In some implementations, the electronic communication content is a communication content of an email service, and the external contact object is at least one external mail address.

本發明至少具有以下功效:管理伺服器依據審核訊息的否准資料禁止發送或允許發送該電子通訊內容至該外部聯絡對象,且若為允許發送該電子通訊內容至該外部聯絡對象,將該電子通訊內容以預定密碼加密成加密文件,並發送該電子通訊內容,可有效避免通訊過程中的資料外洩問題。 The present invention has at least the following effects: the management server prohibits sending or allowing the electronic communication content to be sent to the external contact object according to the approval information of the audit message, and if the electronic communication content is allowed to be sent to the external contact object, the electronic device The communication content is encrypted into a encrypted file by a predetermined password, and the electronic communication content is sent, which can effectively avoid the leakage of data during the communication process.

1‧‧‧管理伺服器 1‧‧‧Management Server

10‧‧‧處理單元 10‧‧‧Processing unit

100‧‧‧資訊管理系統 100‧‧‧Information Management System

11‧‧‧用戶資料庫 11‧‧‧User database

12‧‧‧預定規則資料庫 12‧‧‧ Scheduled Rules Database

13‧‧‧審核記錄資料庫 13‧‧‧ audit record database

14‧‧‧外部聯絡對象資料庫 14‧‧‧External contact database

200‧‧‧內部網路 200‧‧‧Internal network

21‧‧‧用戶終端 21‧‧‧User terminal

22‧‧‧管理終端 22‧‧‧Management terminal

300‧‧‧外部網路 300‧‧‧External network

31‧‧‧通訊伺服設備 31‧‧‧Communication servo equipment

32‧‧‧通訊裝置 32‧‧‧Communication device

S100~S105‧‧‧步驟 S100~S105‧‧‧Steps

S201~S204‧‧‧步驟 S201~S204‧‧‧Steps

S301~S303‧‧‧步驟 S301~S303‧‧‧Steps

S111~S112‧‧‧步驟 S111~S112‧‧‧Steps

S401~S403‧‧‧步驟 S401~S403‧‧‧Steps

本發明之其他的特徵及功效,將於參照圖式的實施方式中清楚地呈現,其中:圖1是本發明通訊過程中的資訊管控方法應用在一資訊管理系統的一實施例的一示意圖;圖2是該實施例的一管理伺服器的一系統方塊圖;圖3是該實施例的一流程圖; 圖4是該實施例接續圖3的一流程圖;圖5為用戶的一操作流程圖;圖6至8為用戶的操作畫面範例的示意圖 Other features and effects of the present invention will be apparent from the embodiments of the present invention. FIG. 1 is a schematic diagram of an embodiment of an information management system applied to an information management system in the communication process of the present invention; 2 is a system block diagram of a management server of the embodiment; FIG. 3 is a flowchart of the embodiment; 4 is a flow chart of the embodiment of FIG. 3; FIG. 5 is a flow chart of the operation of the user; and FIGS. 6 to 8 are schematic diagrams of an example of the operation screen of the user.

圖9為主管的一操作流程圖;圖10至15為主管的操作畫面範例的示意圖 Figure 9 is a flow chart of an operation of the supervisor; Figures 10 to 15 are schematic views of an example of the operation screen of the supervisor

圖16為外部收件者的一操作流程圖;圖17及18為外部收件者的一種操作畫面範例的示意圖;圖19及20為外部收件者的另一種操作畫面範例的示意圖。 16 is a flow chart of an operation of an external recipient; FIGS. 17 and 18 are schematic diagrams showing an example of an operation screen of an external recipient; and FIGS. 19 and 20 are diagrams showing another example of an operation screen of an external recipient.

參閱圖1,本發明通訊過程中的資訊管控方法之一實施例係應用於一資訊管理系統100,該資訊管理系統100具有一用戶終端21、一管理終端22、一管理伺服器1、一通訊伺服設備31及一通訊裝置32。其中,當該用戶終端21傳送一電子通訊內容至一外部聯絡對象時,需透過管理伺服器1發送該電子通訊內容至該外部聯絡對象。通訊裝置32是設定為該外部聯絡對象以供下載該電子通訊內容。該管理伺服器1與該用戶終端21及該管理終端22經由一內部網路200彼此傳遞資料,內部網路200是相對於一外部網路300而言,即一種無法發送訊息至外部網路300的封閉式網路架構,需透過管理伺服器1之管控而決定是否可發送訊息至外部網路300。 Referring to FIG. 1, an embodiment of the information management method in the communication process of the present invention is applied to an information management system 100. The information management system 100 has a user terminal 21, a management terminal 22, a management server 1, and a communication. The servo device 31 and a communication device 32. When the user terminal 21 transmits an electronic communication content to an external contact object, the electronic communication content needs to be sent to the external contact object through the management server 1. The communication device 32 is set as the external contact object for downloading the electronic communication content. The management server 1 and the user terminal 21 and the management terminal 22 transfer data to each other via an internal network 200. The internal network 200 is relative to an external network 300, that is, a message cannot be sent to the external network 300. The closed network architecture needs to be controlled by the management server 1 to determine whether or not to send a message to the external network 300.

參閱圖2,管理伺服器1具有一處理單元10、一用戶資料庫11、一預定規則資料庫12、一審核記錄資料庫13及一外部聯絡對象資料庫14。處理單元10用以執行本發明通訊過程中的資訊管控方法。用戶資料庫11是記錄用戶終端21及管理終端22的用戶識別符及密碼,以供不同用戶登入後由處理單元10依據用戶識別符先前設定而賦予不同權限。預定規則資料庫12是儲存相關於禁止發送傳送資料至外部的預定規則資料。審核記錄資料庫13是記錄管理終端22相關於禁止發送的電子通訊內容的否准資料。外部聯絡對象資料庫14則是記錄發送對象的相關資料。以下配合圖1說明本發明方法的流程。 Referring to FIG. 2, the management server 1 has a processing unit 10, a user database 11, a predetermined rule database 12, an audit record database 13, and an external contact object database 14. The processing unit 10 is configured to perform an information management method in the communication process of the present invention. The user database 11 records the user identifiers and passwords of the user terminal 21 and the management terminal 22 for different users to log in, and the processing unit 10 assigns different rights according to the previous setting of the user identifier. The predetermined rule database 12 stores predetermined rule data related to the prohibition of transmitting the transmission data to the outside. The audit record database 13 is a record of the misregistration of the electronic communication content that the management terminal 22 is prohibited from transmitting. The external contact object database 14 is related information for recording the object to be transmitted. The flow of the method of the present invention will be described below with reference to FIG.

參閱圖3,用戶終端21傳送一電子通訊內容至一外部聯絡對象(步驟S201),本實施例中,用戶終端21及管理終端22已分別以用戶識別符及密碼登入一郵件管理程式,電子通訊內容是經由郵件管理程式發送的一電子郵件,外部聯絡對象是一電子郵件地址,該電子郵件需經過管理伺服器1通知管理伺服器1並申請審核通過才能發送至該電子郵件地址。然後,用戶終端21接收待審核通知訊息(步驟S202)。用戶終端21產生一操作介面,供用戶終端21於操作介面輸入並發出一申請資料(步驟S203)。用戶終端21以操作介面接收審核訊息的否准資料(步驟S204),藉此確認是否確實已發送郵件。 Referring to FIG. 3, the user terminal 21 transmits an electronic communication content to an external contact object (step S201). In this embodiment, the user terminal 21 and the management terminal 22 respectively log in to a mail management program by using a user identifier and a password, and electronic communication is performed. The content is an email sent by the mail management program, and the external contact object is an email address, which is sent to the management server 1 via the management server 1 and submitted for review and approval to be sent to the email address. Then, the user terminal 21 receives the pending notification message (step S202). The user terminal 21 generates an operation interface for the user terminal 21 to input and issue an application data in the operation interface (step S203). The user terminal 21 receives the approval information of the audit message by the operation interface (step S204), thereby confirming whether or not the mail has been actually sent.

管理終端22接收對應該申請資料的一申請通知訊息(步驟S301)。管理終端22輸入對應該審核訊息的一否准資料(步驟S302)。管理終端22對於該申請資料發出的一審核訊息(步驟S303)。 The management terminal 22 receives an application notification message corresponding to the application material (step S301). The management terminal 22 inputs a non-registration material corresponding to the audit message (step S302). The management terminal 22 issues an audit message for the application data (step S303).

當用戶終端21傳送電子通訊內容至外部聯絡對象時,管理伺服器1接收電子通訊內容(步驟S100),而依據一預定規則(例如:機密技術用字、個人資料保護法所規範保護的個人資料項目或其他自定規則)核對該電子資料,若檢核出該電子通訊內容的資料內容判斷為禁止發送,則發出一待審核通知訊息予該用戶終端21,並禁止發送電子通訊內容(步驟S101)。管理伺服器1接收用戶終端21之申請資料,而發出對應該申請資料的一申請通知訊息予該管理終端22(步驟S102)。管理伺服器1依據管理終端22回傳的該否准資料以禁止發送或允許發送該電子通訊內容至該外部聯絡對象(步驟S103)。若為允許發送,管理伺服器1將該電子通訊內容以一預定密碼加密成一加密文件(步驟104)。然後,管理伺服器1發送該加密文件(步驟S105)。 When the user terminal 21 transmits the electronic communication content to the external contact object, the management server 1 receives the electronic communication content (step S100), and according to a predetermined rule (for example, the confidential technical word, the personal data protected by the personal data protection law) If the data content of the electronic communication content is determined to be prohibited from being sent, the electronic data is verified to be sent to the user terminal 21, and the electronic communication content is prohibited from being transmitted (step S101). ). The management server 1 receives the application information of the user terminal 21, and issues an application notification message corresponding to the application information to the management terminal 22 (step S102). The management server 1 prohibits transmission or permission to transmit the electronic communication content to the external contact object according to the non-reported data returned by the management terminal 22 (step S103). If the transmission is permitted, the management server 1 encrypts the electronic communication content into an encrypted file with a predetermined password (step 104). Then, the management server 1 transmits the encrypted file (step S105).

參閱圖4,本發明方法的流程接續圖3還包括下述步驟。 Referring to Figure 4, the flow of the method of the present invention continues with Figure 3 which further includes the following steps.

管理伺服器1接收索取該預定密碼的要求(步驟S111)。管理伺服器1產生一含有該預定密碼的訊息。管理伺服器1傳送給該外部聯絡對象(步驟S112)。 The management server 1 receives a request for the predetermined password (step S111). The management server 1 generates a message containing the predetermined password. The management server 1 transmits to the external contact object (step S112).

通訊裝置32接收附加該加密文件的電子通訊內容(步驟S401)。通訊裝置32發送索取該預定密碼的一要求(步驟S402)。通訊裝置32接收含有該預定密碼的訊息(步驟S403)。 The communication device 32 receives the electronic communication content to which the encrypted file is attached (step S401). The communication device 32 transmits a request for the predetermined password (step S402). The communication device 32 receives the message containing the predetermined password (step S403).

補充說明的是,本發明方法所稱「通訊過程」不以如圖1的內部網路200或外部網路300為限制,只要是用於各種公知的通訊工具或有線/無線網路的通訊過程中關於防止機關/企業之內部資料洩漏至外部之應用,皆屬於本發明技術涵蓋範疇。 It should be noted that the "communication process" referred to in the method of the present invention is not limited to the internal network 200 or the external network 300 of FIG. 1, as long as it is used for communication processes of various known communication tools or wired/wireless networks. The application for preventing leakage of internal information of an institution/enterprise to the outside is within the scope of the technology of the present invention.

本發明方法之具體應用,以金融業為例,用戶在執行業務過程,外寄個資或機敏資料時,若都被阻擋下來,勢必影響生產力。為解決上述的問題,本發明之技術原理係當個資或機敏資料外寄時,用戶可以向單位主管提出電子郵件可否外寄的需求申請,經過主管簽核(核准/駁回)的過程,以明確的權責區分、縮短管制放行時間及降低事後管理成本等優點,才能將電子郵件外寄,同時透過郵件加密後寄出,而可一併保護電子郵件傳輸過程的安全。 The specific application of the method of the present invention takes the financial industry as an example. When a user performs a business process and sends foreign capital or smart information, if it is blocked, it will inevitably affect productivity. In order to solve the above problems, the technical principle of the present invention is that when the personal information or the smart information is sent out, the user can submit an application request for the e-mail to the unit supervisor, and after the supervisor's signing (approval/rejection) process, Clearly distinguishing between powers and responsibilities, shortening the release time and reducing the cost of post-mortem management, the e-mail can be sent out and encrypted by mail, which can protect the security of the e-mail transmission process.

本發明方法之操作流程及操作介面說明如下。 The operational flow and operation interface of the method of the present invention are described below.

一、用戶終端21操作流程如圖5所示。當用戶終端21寄發電子郵件至外部收件者之通訊裝置32,若電子郵件內含一個資或機敏資料,系統會自動進行偵測,操作畫面範例如圖6及圖7所示。 First, the operation flow of the user terminal 21 is as shown in FIG. 5. When the user terminal 21 sends an email to the external recipient's communication device 32, if the email contains a resource or smart data, the system will automatically detect it. The operation screen example is shown in FIG. 6 and FIG. 7.

二、若觸發防止個資或機敏資料外洩的規則,系統自動通知電子郵件給用戶終端21,提醒用戶終端21傳送簽核需求, 給主管審核;當然用戶終端21也能放棄傳送簽核需求,操作畫面範例如圖8所示。 2. If the rule for preventing the leakage of the personal capital or the smart data is triggered, the system automatically notifies the user terminal 21 of the email, and prompts the user terminal 21 to transmit the signing requirement. The supervisor is audited; of course, the user terminal 21 can also abandon the transfer signing requirement, and an example of the operation screen is shown in FIG.

三、管理終端22之操作流程如圖9所示。審核主管通過管理終端22開啟電子郵件,依據附件內容決定是否為禁止發送或允許發送,若是允許發送,可[核准]同意(限一次);反之則為[駁回],需輸入駁回理由,讓用戶知道駁回的原因,操作畫面範例如圖10至15所示。 3. The operation flow of the management terminal 22 is as shown in FIG. 9. The auditing supervisor opens the email through the management terminal 22, and determines whether it is forbidden to send or allow to send according to the content of the attachment. If the transmission is allowed, the [approval] consent (limited once); otherwise, the [refusal], the reason for the rejection is required to allow the user Knowing the reasons for the rejection, examples of the operation screen are shown in Figures 10-15.

四、一旦用戶終端21收到簽核結果通知後,若為[核准],系統自動將電子郵件加密後,送給收件者,若為[駁回],系統將不會送出該封電子郵件,避免資料外洩。 4. Once the user terminal 21 receives the notification of the signing result, if it is [approved], the system automatically encrypts the email and sends it to the recipient. If it is [refusal], the system will not send the email. Avoid data leakage.

五、電子郵件核准放行後,管理伺服器1會自動將電子郵件內的該個資或機敏資料進行加密,並產生具有另外一封密碼函之電子郵件,這兩封電子郵件都會送出給外部收件者。 5. After the e-mail is approved for release, the management server 1 will automatically encrypt the information or the sensitive information in the e-mail, and generate an e-mail with another password letter, and the two e-mails will be sent to the external collection. The person.

六、外部收件者的兩種操作流程如圖16所示。一種是收件者會收到一封具有一加密網頁(html)的郵件,收件者需在加密網頁中輸入密碼後,才能觀看網頁內容,操作畫面範例如圖17及18所示。另一種是外部收件者會收到兩封郵件,一封為具有一加密的PDF檔的電子郵件,另外一封為密碼函,收件者需利用該密碼函取得解開PDF檔的密碼後,才能觀看PDF檔,操作畫面範例如圖19及20所示。 6. The two operating procedures of the external recipient are shown in Figure 16. One is that the recipient will receive an email with an encrypted web page (html), and the recipient needs to enter the password in the encrypted webpage before viewing the webpage content. Examples of the operation screen are shown in FIGS. 17 and 18. The other is that the external recipient will receive two emails, one is an email with an encrypted PDF file, and the other is a password letter. The recipient needs to use the password to obtain the password for unlocking the PDF file. In order to view the PDF file, examples of the operation screen are shown in Figures 19 and 20.

七、若外部收件者之通訊裝置32無法取得密碼時,管理伺服器1另外發送一具有密碼之通知訊息給用戶終端21,用戶終端21可藉由該通知訊息自行取得密碼後,將該密碼以其他方式(Email、簡訊、電話),通知外部收件者。 7. If the communication device 32 of the external recipient cannot obtain the password, the management server 1 additionally sends a notification message with a password to the user terminal 21. After the user terminal 21 obtains the password by itself, the password is obtained. Notify external recipients in other ways (Email, SMS, Phone).

綜上所述,本發明方法係管理伺服器1依據審核訊息的否准資料禁止發送或允許發送該電子通訊內容至該外部聯絡對象,且若為允許發送該電子通訊內容至該外部聯絡對象,將該電子通訊內容以預定密碼加密成加密文件,可有效避免通訊過程中的資料外洩問題,故確實能達成本發明之目的。 In summary, the method of the present invention is that the management server 1 prohibits sending or allowing the electronic communication content to be sent to the external contact object according to the data of the audit message, and if the electronic communication content is allowed to be sent to the external contact object, By encrypting the electronic communication content into an encrypted file with a predetermined password, the problem of data leakage during the communication process can be effectively avoided, and the object of the present invention can be achieved.

惟以上所述者,僅為本發明之實施例而已,當不能以此限定本發明實施之範圍,凡是依本發明申請專利範圍及專利說明書內容所作之簡單的等效變化與修飾,皆仍屬本發明專利涵蓋之範圍內。 However, the above is only the embodiment of the present invention, and the scope of the invention is not limited thereto, and all the equivalent equivalent changes and modifications according to the scope of the patent application and the patent specification of the present invention are still The scope of the invention is covered.

S100~S105‧‧‧步驟 S100~S105‧‧‧Steps

S201~S204‧‧‧步驟 S201~S204‧‧‧Steps

S301~S303‧‧‧步驟 S301~S303‧‧‧Steps

Claims (6)

一種通訊過程中的資訊管控方法,配合一用戶終端、一管理終端、一管理伺服器、一通訊伺服設備,及一設定為該外部聯絡對象以供下載該電子通訊內容之通訊裝置運作,當該用戶終端傳送一電子通訊內容至一外部聯絡對象時,該管理伺服器管控該用戶終端於通訊過程中的相關資訊發送與否,且該方法包括下述步驟:(a)該管理伺服器依據一預定規則核對該電子資料而判斷為禁止發送時,則發出一待審核通知訊息予該用戶終端,並禁止發送該電子通訊內容;(b)該管理伺服器產生一操作介面供接收該用戶終端依據該待審核通知訊息發出的一申請資料,而發出對應該申請資料的一申請通知訊息予該管理終端;(c)該管理伺服器回應該管理終端對於該申請資料發出的一審核訊息,而依據該審核訊息的一否准資料禁止發送或允許發送該電子通訊內容至該外部聯絡對象;及(d)該管理伺服器判斷若為允許發送該電子通訊內容至該外部聯絡對象,將該電子通訊內容以一預定密碼加密成一加密文件,並發送該加密文件。 An information management and control method in a communication process, cooperates with a user terminal, a management terminal, a management server, a communication servo device, and a communication device configured as the external contact object for downloading the electronic communication content, when When the user terminal transmits an electronic communication content to an external contact object, the management server controls whether the related information of the user terminal during the communication process is sent or not, and the method includes the following steps: (a) the management server is based on one When the predetermined rule verifies the electronic data and determines that the transmission is prohibited, a pending notification message is sent to the user terminal, and the electronic communication content is prohibited from being sent; (b) the management server generates an operation interface for receiving the user terminal. An application information sent by the pending notification message, and an application notification message corresponding to the application information is sent to the management terminal; (c) the management server responds to an audit message sent by the management terminal for the application data, and The approval information of the audit message prohibits sending or allowing the electronic communication content to be sent to the external link. Objects; and (d) determining if the management server transmits the content to allow electronic communication to the external contacts the object, the electronic communications with a predetermined contents encrypted into an encrypted password file, and transmits the encrypted file. 如請求項1所述的防止電子通訊內容外洩的資訊方法,還包括下述步驟:(e)該管理伺服器回應該外部聯絡對象的一要求,而產生一含有該預定密碼的訊息傳送給該外部聯絡對象。 The information method for preventing leakage of electronic communication content according to claim 1, further comprising the steps of: (e) the management server responding to a request of the external contact object, and generating a message containing the predetermined password to transmit The external contact object. 如請求項2所述的防止電子通訊內容外洩的資訊方法,其 中,該電子通訊內容是一電子郵件服務之通訊內容,該外部聯絡對象是至少一外部郵件信箱地址。 An information method for preventing leakage of electronic communication content as described in claim 2, The electronic communication content is a communication content of an email service, and the external contact object is at least one external mail address. 一種防止電子通訊內容外洩的管理伺服器,該管理伺服器配合一用戶終端、一管理終端、一傳送一電子通訊內容至一外部聯絡對象之通訊伺服設備及一設定為該外部聯絡對象以供下載該電子通訊內容之通訊裝置以偕同運作,該管理伺服器用以對該用戶終端於通訊過程中的相關資訊進行管控,且該管理伺服器包括:一預定規則資料庫,儲存相關於禁止發送傳送資料至外部的一預定規則資料;及一審核記錄資料庫,儲存該管理終端傳來相關於申請不符合預定規則的電子通訊內容的否准資料;一處理單元,依據該預定規則資料庫的預定規則資料檢核出屬於禁止發送的一電子通訊內容,則發出一待審核通知訊息予該用戶終端,並禁止發送該電子通訊內容;接收該用戶終端依據該待審核通知訊息發出的一申請資料,而發出對應該申請資料的一申請通知訊息予該管理終端;依據該審核記錄資料庫的否准資料禁止發送或允許發送該電子通訊內容至該外部聯絡對象;若為允許發送該電子通訊內容至該外部聯絡對象,將該電子通訊內容以一預定密碼加密成一加密文件,並發送該加密文件。 A management server for preventing leakage of electronic communication content, the management server cooperates with a user terminal, a management terminal, a communication servo device for transmitting an electronic communication content to an external contact object, and a setting for the external contact object The communication device for downloading the electronic communication content is operated in cooperation, and the management server is configured to control related information of the user terminal in the communication process, and the management server comprises: a predetermined rule database, and the storage is related to prohibiting sending Transmitting data to an external predetermined rule data; and an audit record database storing non-registration data related to the electronic communication content of the application that does not meet the predetermined rule; a processing unit according to the predetermined rule database The predetermined rule data is checked for an electronic communication content that is prohibited from being sent, and a pending notification message is sent to the user terminal, and the electronic communication content is prohibited from being sent; and an application data sent by the user terminal according to the pending notification message is received. And issue an application notification message corresponding to the application materials. The management terminal prohibits sending or allowing the electronic communication content to be sent to the external contact object according to the data of the audit record database; if the electronic communication content is allowed to be sent to the external contact object, the electronic communication content is reserved The password is encrypted into an encrypted file and the encrypted file is sent. 如請求項4所述的防止電子通訊內容外洩的資訊方法,其中,該處理單元還回應該外部聯絡對象的一要求,而產生一含有該預定密碼的訊息傳送給該外部聯絡對象。 The information method for preventing leakage of electronic communication content according to claim 4, wherein the processing unit further responds to a request of the external contact object, and generates a message containing the predetermined password to be transmitted to the external contact object. 如請求項5所述的防止電子通訊內容外洩的資訊方法,其中,該電子通訊內容是一電子郵件服務之通訊內容,該外部聯絡對象是至少一外部郵件信箱地址。 The information method for preventing leakage of electronic communication content according to claim 5, wherein the electronic communication content is a communication content of an email service, and the external contact object is at least one external mail address.
TW104144748A 2015-12-31 2015-12-31 Information management method and server for data protection in communication process TW201723915A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
TW104144748A TW201723915A (en) 2015-12-31 2015-12-31 Information management method and server for data protection in communication process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
TW104144748A TW201723915A (en) 2015-12-31 2015-12-31 Information management method and server for data protection in communication process

Publications (1)

Publication Number Publication Date
TW201723915A true TW201723915A (en) 2017-07-01

Family

ID=60048081

Family Applications (1)

Application Number Title Priority Date Filing Date
TW104144748A TW201723915A (en) 2015-12-31 2015-12-31 Information management method and server for data protection in communication process

Country Status (1)

Country Link
TW (1) TW201723915A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI720606B (en) * 2018-11-28 2021-03-01 開曼群島商創新先進技術有限公司 Data processing method, device, computing equipment and storage medium
US12026273B2 (en) * 2020-08-20 2024-07-02 Saudi Arabian Oil Company System and method to extend data loss prevention (DLP) to leverage sensitive outbound emails investigations—(antileaks)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI720606B (en) * 2018-11-28 2021-03-01 開曼群島商創新先進技術有限公司 Data processing method, device, computing equipment and storage medium
US12026273B2 (en) * 2020-08-20 2024-07-02 Saudi Arabian Oil Company System and method to extend data loss prevention (DLP) to leverage sensitive outbound emails investigations—(antileaks)

Similar Documents

Publication Publication Date Title
US9043874B2 (en) System and method for protecting data in an enterprise environment
US9917817B1 (en) Selective encryption of outgoing data
CN102984115B (en) A kind of network security method and client-server
Industry Data security standard
US10540637B2 (en) Intelligent, context-based delivery of sensitive email content to mobile devices
US20200076588A1 (en) Security authentication system for generating secure key by combining multi-user authentication elements and security authentication method therefor
CN105577639A (en) Trusted device control messages
US20160197935A1 (en) System for authorizing electronic communication of confidential or proprietary data to external entities
CN103561091A (en) Document outgoing control system and method
CN118410505A (en) Enterprise-level data encryption and access control method and system
TW201723915A (en) Information management method and server for data protection in communication process
CN104394064A (en) Novel method and system for limiting forwarding in email transfer
CN103069767B (en) Consigning authentication method
Weil Taking compliance to the cloud—Using ISO standards (tools and techniques)
KR101349762B1 (en) Method for protecting and menaging a personal information
US20200285768A1 (en) Method for determining and displaying the security state of data
CN106604241B (en) Method and system for transmitting information between devices and source terminal
CN101730100B (en) Supervisory method and supervisory entity of authorization service of identify providing entity
CN103971200B (en) Computer operation management method and system
JP5730735B2 (en) Security management system, method and program
KR102055888B1 (en) Encryption and decryption method for protecting information
CN107315963A (en) A kind of financial management method with remote access function
TWI608379B (en) Information management method, host device and system for data protection in accessing process
CN111800382B (en) Cooperative system docking method, apparatus, system and computer readable storage medium
US12028323B1 (en) Layered authentication and priority access systems and methods