TW529282B - Anti-theft method for digital data and anti-theft digital data processing system - Google Patents
Anti-theft method for digital data and anti-theft digital data processing system Download PDFInfo
- Publication number
- TW529282B TW529282B TW90121556A TW90121556A TW529282B TW 529282 B TW529282 B TW 529282B TW 90121556 A TW90121556 A TW 90121556A TW 90121556 A TW90121556 A TW 90121556A TW 529282 B TW529282 B TW 529282B
- Authority
- TW
- Taiwan
- Prior art keywords
- digital data
- data processing
- processing device
- password
- user
- Prior art date
Links
Abstract
Description
529282 五、發明說明α) 發明領域 本案係為一種數位資料防盜用方法及防盜用數位資料 處理系統,尤指應用於公司内部網路之數位資料防盜用方 法及防盜用數位資料處理系統。 發明背景 隨著資訊產業之快速發展,許多無形的知識與資訊皆 已經被數碼化而以數位資料的方式存在,例如企業内部員 工在工作上所接觸到甚或生產出之各式數位資料檔案,此4 等皆應屬於企業之私有資產而受到使用上的限制。因此, 企業皆盡可能地防止此類屬於公司資產之數位資料檔案遭 到員工本身或外人之盜用,於是如何對於數位資料檔案進 行保護,是現今知識經濟方興未艾之時代中,一個越來越 受到重視之課題。 而目前防止數位資料檔案被盜用之措施通常遇到下列 困難: 1. 一般文件加密功能係由員工本身手動進行加密,但此方 式無法防範員工本身進行盜用之行為。 2. 由警衛檢查攜出公司之物品時,因數位資料檔案之儲存| 媒介種類繁多,使得一般警衛並無法確實執行檢查之工 ^ 作。 3. 數位資料檔案可輕易經由電子郵件送至公司允許範圍以529282 V. Description of invention α) Field of invention This case is a method for preventing theft of digital data and a digital data processing system for preventing theft, especially a method for preventing theft of digital data and a system for preventing theft of digital data used in a company's internal network. Background of the Invention With the rapid development of the information industry, many intangible knowledge and information have been digitized and existed as digital data, such as various types of digital data files that employees within the enterprise have come into contact with or even produced during work. 4 etc. should belong to the private assets of the enterprise and be subject to restrictions on use. Therefore, companies try to prevent such digital data files belonging to company assets from being misappropriated by employees themselves or outsiders. Therefore, how to protect digital data files is an increasingly important issue in the era of the knowledge economy. Subject. The current measures to prevent the theft of digital data files usually encounter the following difficulties: 1. The general file encryption function is manually encrypted by the employees themselves, but this method cannot prevent the employees' misappropriation. 2. When the security guards inspect the items brought out of the company, due to the storage of digital data files | the variety of media makes it impossible for general security guards to perform the inspections. 3. Digital data files can be easily emailed to the company to allow
第5頁 529282Page 5 529282
因此,如何有兮、杳 進而改善上计i ί到數位資料檔案不被任意盜用之目的 的。。上迷習用手段之缺失,係為發展本案之主:: 發明概述 本案係 連接之一第 裝置,該方 置對該第一 數位資料處 對密碼及一 公用密碼, 二數位資料 對一數位資 資料處理裝 一具加密步 檔案;因應 案所執行之 過該用戶識 數位資料處 公用密碼對 讀取動作。 為一種數位 一數位資料 法包含下列 數位資料處 理裝置相對 用戶識別碼 而將該用戶 處理裝置之 料檔案所執 置自動利用 驟之資料儲 該第二數位 一資料讀取 別码確認身 理裝置;以 該加密數位 資料防盜用 處理裝置以 步驟:因應 理裝置所進 應該第二數 ,該對密碼 識別碼以及 中;因應該 行之一資料 該私人密碼 存動作,進 資料處理裝 動作,該第 份後自動傳 及該第二數 資料檔案進 方法,應用 及一第二數 該第二數位 行一註冊程 位資料處理 包含一私人 該私人密碼 苐二數位資 儲存動作, 對該數位資 而形成一加 置對該加密 一數位資料 送該公用密 位資料處理 行一具解密 於 信 號 相 互 位 資 料 處 理 資 料 處 理 裝 序 J 該 第 — 裝 置 產 生 '— 密 碼 以 及 一 儲 存 於 該 第 料 處 理 裝 置 該 第 — 數 位 料 檔 案 進 行 密 數 位 資 料 數 位 資 料 檔 處 理 裝 置 透 碼 至 該 第 二 裝 置 利 用 該 步 驟 之 資 料Therefore, how can we improve the purpose of digital data files not being arbitrarily misappropriated? . The lack of customary means for the fans is to develop the case :: Summary of the Invention This case is a first device connected to the first digital data, a password and a public password, two digital data to one digital data Handle an encrypted step file; read the public password pair of the user's digital data in response to the case. A digital-to-digital data method includes the following digital data processing device relative to a user identification code, and automatically uses the data stored in the material file of the user processing device to store the second digital-data reading code to confirm the physical device; The encrypted digital data anti-theft processing device has the following steps: according to the device, it should be the second number, the pair of password identification codes and medium; according to one of the rows, the private password is stored, and the data processing is installed. The method of automatically transmitting the second data file after copying, the application and the processing of a second data line and the registration process of the second data line include a private operation of the private password and the storage of the second data to form the second data. A plus set sends the encrypted digital data to the public confidential data processing line. A decryption is performed on the signal. The data processing data processing sequence is the J-number generated by the device and the password is stored in the data processing device. — Digital material file for dense digital data Owned bit shift processing means material permeable to the second code means for utilizing the resource materials of step
第6頁 529282 五、發明說明(3) 根據上 步驟 一資 人密 資料 步驟 一資 取權 包含 供讀 步驟 數位 料處 置, 處理 資料 處理 識別 理裝 傳送 :於該 料儲存 碼,進 儲存動 根據上 :於該 料儲存 限表並 根據上 有下列 取之次 根據上 :於該 資料檔 理裝置 該請求 裝置之 檔案上 裝置對 碼、時 置之一 該公用 根據上 述構 第二 指令 而自 作。 述構 第二 指令 自動 述構 資訊 數; 述構 第二 案所 自動 信號 用戶 所附 該請 間、 般規 密碼 述構 想’數位資料防盜用方法中更可包含下列 數位資,處理裝置接收到使用者所下達之 時’該第二數位資料處理裝置便抓取該私 動對該數位資料檔案進行該具加密步驟之 想,數 數位資 時,該 附加於 想,數 :可供 可供編 想,數 數位資 位資 料處 第二 該加 位資 讀取 輯之 位資 料處 下達之一資 發出一 中包含 識別碼 加之該 求信號 網路位 定以及 至該第 想,數 請求 有該 、時 存取 進行 址皆 該存 二數 位資 料防盜 理裝置 數位資 密數位 料防盜 之區域 項目以 料防盜 理裝置 料讀取 信號至 使用者 間、網 權限表 驗證, 符合預 取權限 位資料 料防盜 用方 接收 料處 資料 用方 ;可 及使 用方 接收 指令 該第 帳號 路位 ;以 當該 設於 表之 處理 用方 法中 到使 理裝 檔案 法中 供讀 用者 法中 到使 時, 一數 更可 用者 置便 中 〇 該存 取之 帳號 更可 用者 該第 位資 第二 包含下列 所下達之 提供一存 取權限表 時間;可 包含 對該 二數 料處 數位 加密 數位 號、 位資 時, 下列 加密 位資 理裝 資料 數位 資料 用戶 料處 自動 、該 址以及該 及該第一 使用者帳 該第一數 特殊規定 裝置。 法所應用之環境更Page 6 529282 V. Description of the invention (3) According to the previous step, a person with confidential information, a step of claiming rights, includes the steps of reading and processing of digital materials, processing of data, processing, identification, packing, and transmission: the storage code of the material, Upper: Based on the material storage limit table and according to the following, the following shall be taken: Upper the device, one of the code pairing and the time setting on the file of the data filer, the requesting device, and the public shall do it according to the second instruction above. The structured second instruction automatically describes the structured information; the structured second case automatically signals the user ’s attached signal, and the general password description concept. The digital data anti-theft method may further include the following digital data, which the processing device receives and uses. When issued by the author, 'the second digital data processing device captures the private action to perform the encryption step on the digital data file. When the digital data is used, it should be added to the digital data: available for editing , The digital data information department, the second one of the additional data, and one of the additional information issued by the digital data department issued an information code containing the identification code plus the signal network position and the first request, the digital request Access to the address should store two digital data anti-theft management device digital confidential digital material anti-theft area project to the anti-theft management device to read the signal to the user, the network permission table verification, in line with the pre-fetch authority bit data anti-theft The user shall receive the data from the material source; the user may receive instructions for the road position of the account; in the processing method set in the table When the file method for reading and reading in the file method is used, one of the more available ones will be placed in hand. The account number of the access is more available. The second asset includes the following access list. Time; can include the following encrypted data when the digital data is encrypted, the following encrypted data management data installed digital data user data automatically, the address, and the first user account the first number of special provisions Device. The environment in which the law applies
$ 7頁 529282 五、發明說明(4) 可包含一第三數位資料處理裝置,其係與該第一數位資料 處理裝置達成信號連接,而該方法更包含下列步驟··因應 該第三數位資料處理裝置對該第一數位資料處理裝置所進 行一註冊程序,該第一數位資料處理裝置相對應該第二數 位資料處理裝置產生該對密碼及一第二用戶識別碼,該對 密碼包含該私人密碼以及該公用密碼,而將該第二用戶識 別碼以及該私人密碼儲存於該第三數位資料處理裝置之 中;因應該第三數位資料處理裝置對該加密數位資料檔案 所執行之一資料讀取動作,該第一數位資料處理裝置透過 該用戶識別碼確認身份後自動傳送該公用密碼至該第三數 位資料處理裝置;以及該第三數位資料處理裝置利用該公 用密碼對該加密數位資料檔案進行一具解密步驟之資料讀 取動作。 根據上述構想,數位資料防盜用方法中更可包含下列 步驟:於該第三數位資料處理裝置接收到使用者對該加密 數位資料檔案所下達之一資料讀取指令時,該第三數位資 料處理裝置自動發出一第二請求信號至該第一數位資料處 理裝置,該請求信號中包含有該使用者帳號、該第三數位 資料處理裝置之用戶識別碼、時間、網路位址以及該加密 數位資料檔案上所附加之該存取權限表;以及該第一數位 資料處理裝置對該第二請求信號進行驗證,當該使用者帳 號、用戶識別碼、時間、網路位址皆符合預設於該第一數 位資料處理裝置之一般規定以及該存取權限表之特殊規定 時,自動傳送該公用密碼至該第三數位資料處理裝置。$ 7 pages 529282 5. Description of the invention (4) A third digital data processing device may be included, which is connected to the first digital data processing device, and the method further includes the following steps. The processing device performs a registration procedure on the first digital data processing device. The first digital data processing device generates the pair of passwords and a second user identification code corresponding to the second digital data processing device. The pair of passwords includes the private password. And the public password, and the second user identification code and the private password are stored in the third digital data processing device; one of the data reading performed by the third digital data processing device on the encrypted digital data file is performed Action, the first digital data processing device automatically transmits the common password to the third digital data processing device after confirming the identity through the user identification code; and the third digital data processing device performs the encrypted digital data file using the public password A data reading operation with a decryption step. According to the above concept, the method for preventing theft of digital data may further include the following steps: when the third digital data processing device receives a data reading instruction issued by the user to the encrypted digital data file, the third digital data processing device processes the third digital data The device automatically sends a second request signal to the first digital data processing device. The request signal includes the user account number, the user identification code of the third digital data processing device, time, network address, and the encrypted digital number. The access permission table attached to the data file; and the first digital data processing device verifies the second request signal. When the user account, user identification code, time, and network address all conform to the preset in When the general requirements of the first digital data processing device and the special requirements of the access authority table, the common password is automatically transmitted to the third digital data processing device.
第8頁 529282 五、發明說明(5) 根據上述構想,數位資料防盜用方法所應用之該第一 數位資料處理裝置、該第二數位資料處理裝置以及該第三 數位資料處理裝置係可連接於一網路上。 根據上述構想,數位資料防盜用方法所應用之該網路 係可為一公司内部網路。 根據上述構想,數位資料防盜用方法所應用之該第一 數位資料處理裝置係為一伺服器。 根據上述構想,數位資料防盜用方法所應用之該第二 數位資料處理裝置以及該第三數位資料處理裝置係可為一 第一用戶端以及一第二用戶端。 根據上述構想,數位資料防盜用方法中該私人密碼與4 該公用密碼之值係為相同。 根據上述構想,數位資料防盜用方法中該私人密碼與 該公用密碼之值係可為不相同而成對存在。 本案之另一方面係為一種防盜用數位資料處理系統, 該系統包含有:一第一數位資料處理裝置,其中儲存有一 公用密碼;以及一第二數位資料處理裝置,信號連接至該 第一數位資料處理裝置,該第一數位資料處理裝置係因應 該第二數位資料處理裝置對其所進行一註冊程序而相對應 ,產生一對密碼及一用戶識別碼,該對密碼包含一私人密碼 以及該公用密碼,而將該用戶識別碼以及該私人密碼儲存 於該第二數位資料處理裝置之中,當該第二數位資料處理胃> 裝置對一數位資料檔案執行一資料儲存動作時,該第二數 位資料處理裝置自動利用該私人密碼對該數位資料檔案進Page 8 529282 V. Description of the invention (5) According to the above idea, the first digital data processing device, the second digital data processing device, and the third digital data processing device applied to the digital data anti-theft method can be connected to On the Internet. According to the above idea, the network to which the digital data anti-theft method is applied may be a company intranet. According to the above idea, the first digital data processing device to which the digital data anti-theft method is applied is a server. According to the above-mentioned concept, the second digital data processing device and the third digital data processing device to which the digital data anti-theft method is applied can be a first client and a second client. According to the above idea, the value of the private password and 4 the public password in the digital data anti-theft method are the same. According to the above-mentioned concept, in the method of digital data anti-theft method, the values of the private password and the public password may be different in pairs. Another aspect of this case is an anti-theft digital data processing system. The system includes: a first digital data processing device in which a common password is stored; and a second digital data processing device, the signal is connected to the first digital A data processing device. The first digital data processing device corresponds to a registration procedure performed on the second digital data processing device to generate a pair of passwords and a user identification code. The pair of passwords includes a private password and the A public password, and the user identification code and the private password are stored in the second digital data processing device. When the second digital data processing stomach> device performs a data storage operation on a digital data file, the first The digital data processing device automatically uses the private password to enter the digital data file.
第9頁 529282 五、發明說明(6) 行一具加密步驟之資料儲存 料槽案,當該第二數位資料 案執行一資料讀取動作,該 用戶識別螞確認身份後自動 資料處理裝置,而該第二數 碼對該加密數位資料檔案進 作0 動作’進而形成一加密數位資 處理裝置對該加密數位資料檔 第一數位資料處理裝置透過該 傳送該公用密碼至該第二數位 位資料處理裝置利用該公用密 行一具解密步驟之資料讀取動 數位資料 時,該第 自動對該 作。 根據 數位資料 時,該第 動附加於 根據 限表可包 間;可供 根據 數位資料 下達之一 可發出一 號中包含 根據上述構想, 處理裝置接 防盈用數位資料 二數位資料 秦:位資料檔 上述構想, 處理裝置接 * 六 ί | 少―七 fp, Syij Γ λ7^ 收到使用者所下達之一資料儲存指令 處理裝置便可抓取該私人密碼,進而 案進行該具加密步驟之資料儲存動Page 9 529282 V. Description of the invention (6) A data storage tank case with an encryption step is performed. When the second digital data case performs a data reading operation, the user automatically recognizes the identity of the data processing device, and The second digital performs a 0 action on the encrypted digital data file to form an encrypted digital data processing device. The first digital data processing device transmits the common password to the second digital data processing device through the encrypted digital data file. When using the data of the public secret bank with a decryption step to read the digital data, the first one will do the same automatically. In the case of digital data, the first action is attached to the available space according to the limit table. One of the available data can be issued according to the above. The number one contains the digital data used by the processing device to prevent profit according to the above concept. The above-mentioned concept of the file, the processing device accesses * six ί | less-seven fp, Syij Γ λ7 ^ After receiving one of the data storage instructions issued by the user, the processing device can capture the private password, and then proceed with the data with the encryption step Store move
I 一數位 該加密 上述構 含有下 讀取之 上述構 處理t 資料讀 請求信 有該使 資料 數位 想, 列資 次數 想, 置接 取指 號至 用者 防盜用 收到使 處理裝 資料檔 防盜用 訊:可 ;可供 防盜用 收到使 令時, 該第一 帳號、 數位資料處 用者所下達 置更可提供 案中。 數位資料處 供讀取之區 編輯之項目 數位資料處 用者對該加 該第二數位 數位資料處 該第二赵朽 理系統中於該第二 之一資料儲存指令 一存取權限表並自 理系統中該存取權 域;可供讀取之時 以及使用者帳號。 理系統中於該第二 密數位資料檔案所 資料處理裝置自動 理裝置,該請求信I A digit of the encrypted structure includes the above structure to be read below. T The data read request letter has the data to be considered digitally, the number of times of funding is to be set, and the access instruction is set to the user. Information: Yes; it is available for anti-theft use. When the order is received, the first account number and digital information user can issue the case and provide it in the case. The user of the digital data department edits the items in the area for reading. The user of the digital data processor adds an access permission table to the second data storage instruction in the second Zhao Wenli system and adds the second digital data. The access domain in the system; when it is available for reading and the user account. In the processing system, the data processing device in the second dense digital data file processing device automatically manages the device, and the request letter
529282529282
五、發明說明(7) 戶識別碼、時間、網路位址以及該加密數位資料檔案上所 附加之該存取權限表’而該第一數位資料處理裝置對該請 求信號進行驗證,當該使用者帳號、用戶識別碼、時間、 網路位址皆符合預設於該第一數位資料處理裝置之一般規 定以及該存取權限表之特殊規定時,自動傳送該公用密碼 至該第二數位資料處理裝置。V. Description of the invention (7) The user identification code, time, network address and the access permission table attached to the encrypted digital data file 'and the first digital data processing device verifies the request signal, and when the When the user account, user ID, time, and network address comply with the general requirements preset on the first digital data processing device and the special requirements of the access permission table, the public password is automatically transmitted to the second digital Data processing device.
根據上述構想,防盜用數位資料處理系統中更可包含 一第三數位資料處理裝置’其係與該第一數位資料處理裝 置達成信號連接,該第一數位資料處理裝置亦因應該第 三數位資料處理裝置對其所進行一註冊程'"序,該第一數位 負料處理裝置相對應該第二數位資料處理裝置產生該對松 碼及一第二用戶識別碼,該對密碼包含該私人密碼以及該 么用後碼’而將該第一用戶識別碼以及該私人密碼儲存於 該第三數位資料處理裝置之中,當該第^數位資料處理裝 置對該加密數位資料檔案執行之一資料讀取動作時,該第 一數位資料處理裝置透過該用戶識別碼確認身份後自動傳 送該公用密碼至該第三數位資料處理裝置,該第三數位資 料處理裝置便利用該公用密碼對該加密數位資料檔案進行 一具解密步驟之資料讀取動作。According to the above idea, the anti-theft digital data processing system may further include a third digital data processing device, which is connected to the first digital data processing device. The first digital data processing device also responds to the third digital data. The processing device performs a registration procedure on it. The first digital negative material processing device generates the pair of loose codes and a second user identification code corresponding to the second digital data processing device. The pair of passwords includes the private password. And how to use the postcode 'to store the first user identification code and the private password in the third digital data processing device, and when the third digital data processing device performs a data read on the encrypted digital data file When the action is taken, the first digital data processing device automatically transmits the common password to the third digital data processing device after confirming the identity through the user identification code, and the third digital data processing device facilitates the encrypted digital data using the public password. The file reads data with a decryption step.
根據上述構想,防盜用數位資料處理系統中當該第三 數位資料處理裝置接收到使用者對該加密數位資料檔案所 下達之一資料讀取指令時,該第三數位資料處理裝置可自 動發出一第二請求信號至該第一數位資料處理裝置,該請 求信號中包含有該使用者帳號、該第三數位資料處理裝置According to the above idea, in the anti-theft digital data processing system, when the third digital data processing device receives a data reading instruction given by the user to the encrypted digital data file, the third digital data processing device may automatically issue a A second request signal to the first digital data processing device, the request signal including the user account and the third digital data processing device
529282 五、發明說明(8) 之用戶識別碼、時間、網路位址以及該加密數位資料檔案 上所附加之該存取權限表,而該第一數位資料處理裝置對 該第二請求信號進行驗證,當該使用者帳號、用戶識別 碼、時間、網路位址皆符合預設於該第一數位資料處理裝 置之一般規定以及該存取權限表之特殊規定時,自動傳送 該公用密碼至該第三數位資料處理裝置。 根據上述構想,防盜用數位資料處理系統所應用之該 第一數位資料處理裝置、該第二數位資料處理裝置以及該 第三數位資料處理裝置係可連接於一網路上。 根據上述構想,防盜用數位資料處理系統所應用之該 網路係為一公司内部網路。 根據上述構想,防盜用數位資料處理系統所應用之該 第一數位資料處理裝置係可為一伺服器。 根據上述構想,防盜用數位資料處理系統所應用之該 第二數位資料處理裝置以及該第三數位資料處理裝置係可 為一第一用戶端以及一第二用戶端。 根據上述構想,防盜用數位資料處理系統中該私人密 碼與該公用密碼之值係可為相同。 根據上述構想,防盜用數位資料處理系統中該私人密 碼與該公用密碼之值係可為不相同而成對存在。 簡單圖式說明 本案得藉由下列圖式及詳細說明,俾得一更深入之了529282 V. Description of the invention (8) The user identification code, time, network address and the access permission table attached to the encrypted digital data file, and the first digital data processing device performs the second request signal Verify that when the user account, user ID, time, and network address meet the general requirements preset in the first digital data processing device and the special requirements of the access permission table, automatically send the public password to The third digital data processing device. According to the above idea, the first digital data processing device, the second digital data processing device, and the third digital data processing device applied to the anti-theft digital data processing system can be connected to a network. According to the above idea, the network to which the anti-theft digital data processing system is applied is a company intranet. According to the above concept, the first digital data processing device applied to the anti-theft digital data processing system can be a server. According to the above concept, the second digital data processing device and the third digital data processing device applied to the anti-theft digital data processing system can be a first client and a second client. According to the above idea, the value of the private password and the public password in the anti-theft digital data processing system may be the same. According to the above-mentioned concept, the values of the private password and the public password in the anti-theft digital data processing system may exist in different pairs. Simple Schematic Explanation This case has to be deepened with the following diagrams and detailed descriptions.
第12頁 529282 五、發明說明(9) 解: 第一圖:其係本案較佳實施例之硬體架構示意圖。 第二圖(a ) ( b ) ( c ):其係本案較佳實施例方法之步 驟流程圖。 本案圖式中所包含之各元件列示如下: 伺服器1 0 第一用戶端1 1 第二用戶端1 2 較佳實施例說明 f 請參見第一圖,其係本案較佳實施例之硬體架構示意 圖,通常公司内部網路係具有一伺服器1 0以及多個用戶端 (圖中僅示出第一用戶端11以及第二用戶端12),其間係 透過網路(例如乙太網路架構)進行信號之連接與傳輸, 而本案方法係先於伺服器1 0上安裝一伺服器端程式,隨後 在所有用戶端之個人電腦上——安裝一用戶端程式,並於 每一用戶端程式安裝時,透過網路與伺服器1 0上之伺服器 端程式進行之註冊程序,用以產生一對密碼及相對應之用 戶識別碼,該對密碼包含一私人密碼以及一公用密碼,並 _ 將該相對應之用戶識別碼以及該私人密碼分別儲存於該等 _ 用戶端之中。 以下就用戶端程式與伺服器端程式安裝完成後,以伺Page 12 529282 V. Description of the invention (9) Solution: The first picture: it is a schematic diagram of the hardware architecture of the preferred embodiment of the present case. The second figure (a) (b) (c): it is a flowchart of the steps in the method of the preferred embodiment of the present case. The components included in the diagram of this case are listed as follows: Server 1 0 First client 1 1 Second client 1 2 Description of the preferred embodiment f Please refer to the first figure, which is the hardware of the preferred embodiment of this case Schematic diagram of the physical structure. Generally, the company's internal network has a server 10 and multiple clients (only the first client 11 and the second client 12 are shown in the figure). Circuit structure) for signal connection and transmission, and the method in this case is to install a server-side program on server 10, and then install a client-side program on the personal computers of all clients, and When the terminal program is installed, the registration process performed through the network and the server terminal program on the server 10 is used to generate a pair of passwords and corresponding user identification codes. The pair of passwords includes a private password and a public password. And _ store the corresponding user identification code and the private password in these _ clients, respectively. After the client and server programs are installed,
第13頁 529282 五、發明說明(ίο) 服器10與第一用戶端11以及第二用戶端12為例進行本案方 法之說明。 當該第一用戶端1 1接收到使用者對一數位資料檔案所 下達之一資料儲存指令時,用戶端程式便利用註冊程序所 得之該私人密碼對該數位資料檔案進行一具加密步驟之資 料儲存動作,進而形成一加密數位資料檔案,於此同時, 第一用戶端11之用戶端程式亦提供一存取權限表並自動附 加於該加密數位資料檔案中,而該存取權限表包含有可供 讀取之區域、可供讀取之時間、可供讀取之次數、可供編 輯之項目以及使用者帳號等資訊於其中,其内容可供系統 管理者進行設定,用以做為後續用戶端讀取該檔案時之限 因此,當該第一用戶端1 1於接收到使用者對該數位資 料檔案所下達之一資料讀取指令時,用戶端程式便使該第 一用戶端1 1亦自動發出一請求信號至該伺服器1 0,而該請 求信號中係包含有該使用者帳號、專屬於第一用戶端11之 用戶識別碼、時間、網路位址以及該加密數位資料檔案上 所附加之該存取權限表等資訊,該伺服器1 0便對該請求信 號中之資訊進行驗證,而當該使用者帳號、用戶識別碼、 時間、網路位址皆符合預設於該伺服器1 0之一般規定以及 該存取權限表之特殊規定時,該伺服器便自動傳送該公用 密碼與該存取權限表至該第二數位資料處理裝置,進而使 第一用戶端1 1可利用該公用密碼來完成該加密數位資料檔 案之解密讀取動作。Page 13 529282 V. Description of the Invention The server 10, the first client 11 and the second client 12 are used as examples to explain the method in this case. When the first client 11 receives a data storage instruction given by a user to a digital data file, the client program conveniently uses the private password obtained by the registration process to perform data with an encryption step on the digital data file. The storage operation further forms an encrypted digital data file. At the same time, the client program of the first client 11 also provides an access permission table and is automatically attached to the encrypted digital data file. The access permission table includes Information such as the area available for reading, the time available for reading, the number of times available for reading, the items that can be edited, and the user account are included in it, and their contents can be set by the system administrator for subsequent use. The time limit for the client to read the file. Therefore, when the first client 11 receives a data reading instruction issued by the user to the digital data file, the client program causes the first client 1 1 also automatically sends a request signal to the server 10, and the request signal contains the user account, a user identification code unique to the first client 11 and time The network address and the access permission table and other information attached to the encrypted digital data file, the server 10 verifies the information in the request signal, and when the user account, user ID, time When the network address meets the general requirements preset on the server 10 and the special requirements of the access permission table, the server automatically sends the public password and the access permission table to the second digital data The processing device further enables the first client 11 to use the common password to complete the decryption and read operation of the encrypted digital data file.
第14頁 529282 五、發明說明(11) 而當該加密數位資料檔案被拿到該第二用戶端1 2進行 開啟與讀取時,同樣地,該第二用戶端12上之用戶端程式 將於接收到使用者對該數位資料檔案所下達之一資料讀取 指令時,便自動發出一第二請求信號至該伺服器1 0,而該 第二請求信號中係包含有該使用者帳號、該第二數位資料 處理裝置之用戶識別碼、時間、網路位址以及該加密數位 資料檔案上所附加之該存取權限表等資訊,該伺服器1 0便 對該請求信號中之資訊進行驗證,而當該使用者帳號、用 戶識別碼、時間、網路位址皆符合預設於該伺服器1 0之一 般規定範圍内以及該存取權限表之特殊規定時,該伺服器 1 0便自動傳送該公用密碼該存取權限表至該第二數位資料 處理裝置,進而使第二用戶端1 1亦可利用該公用密碼來完 成該加密數位資料檔案之解密讀取動作。 通常預設於該伺服器1 0之一般規定係為所有完成註冊 程序之用戶端之用戶識別碼、配屬於員工之使用者帳號、 可存取之時間(例如8 : 00am至1 0 : 00pm )以及合法之網 路位址範圍等,而附加於該加密數位資料檔案之該存取權 限表上則載有屬於該檔案之特殊規定,例如特定用戶端之 用戶識別碼、特定之使用者帳號、範圍較小之可存取時間 (例如1 0 : 0 0 a m至5 :00pm)以及特定之數個合法網路位 址等。如此一來,系統管理者可更針對特殊需求而對讀取 者之資格、權限做更清楚之定義。 而關於上述方法之步驟流程圖係如第二圖(a ) (b ) 所示,如此一來,裝有本案用戶端程式且完成註冊程序之Page 14 529282 V. Description of the invention (11) When the encrypted digital data file is taken to the second client 12 for opening and reading, similarly, the client program on the second client 12 will Upon receiving a data reading instruction given by the user to the digital data file, a second request signal is automatically sent to the server 10, and the second request signal includes the user account, The user identification code, time, network address of the second digital data processing device, and the access permission table attached to the encrypted digital data file, etc., the server 10 performs the information in the request signal Authentication, and when the user account, user ID, time, and network address all meet the general requirements preset in the server 10 and the special requirements of the access permission table, the server 1 0 The public password and the access permission table are automatically transmitted to the second digital data processing device, so that the second client 11 can also use the public password to complete the decryption and read operation of the encrypted digital data file. Generally, the general requirements preset on the server 10 are the user identification code of all the clients who completed the registration process, the user account assigned to the employee, and the accessible time (for example, 8:00 am to 10:00 pm) And legal network address ranges, etc., and the access permission table attached to the encrypted digital data file contains special rules that belong to the file, such as a user ID for a specific client, a specific user account, A small range of access time (for example, 10:00 am to 5:00 pm) and a specific number of legal network addresses. In this way, the system administrator can more clearly define the reader's qualifications and permissions for special needs. The flowchart of the above steps is shown in the second figure (a) (b). In this way, the client program of this case is installed and the registration process is completed.
第15頁 529282 五 、發明說明(12) ::端電腦對一數位資料檔、 取消此-加密動;!^卜完;加密動作儲’電腦 貝f標案執行一資料讀‘動作二端電腦對該經加密^法 註冊程序之用戶端電匕以f本案用戶端程式】, 以當使用者將以此方此凡成開啟讀取之動凡成 冊之任何電腦上開所=加密檔案帶到未;:法所 讼碼而導致無法解密:故可有過身份驗證來獲取^ 盜取檔案之習用缺失。 員工甚至員工=當 功能,亦可右μ & 無法任意開啟與讀取檔案之 而能大大降低整;:= Κ密檀案之^,進 至M u、+、u J之電細系統遭到破壞之機率。 值可為/ -述技術手段中所利用之私人密碼與公用密瑪之 女、it 目同,但如此一來,由於存於用戶端之私人密碼具 ^ _解之可能性,因此當私人密碼被得知後,該公用密 碼'、同時被知悉。所以,吾人可運用如R F C 1 4 2 3 - 4 · 2所述 之非對稱加也、技術(Asymmetric Encryption Α1§0Γι thms),將該私人密碼與該公用密碼設為不相同之 值而成對存在,如此一來,即使存於用戶端之私人密瑪被 破解1仍無法有效對該加密檔案進行解密之動作。而關於 非對稱加密技術之作法已是常見之技術手段,故本案在此 不再加以贅述。 然本案發明得由熟習此技藝之人士任施匠思而為諸般Page 15 529282 V. Description of the invention (12) :: end computer to a digital data file, cancel this-encryption;! ^ End of encryption; the encryption action stores the 'computer shell f project execution of a data read' action on the two-end computer For the encrypted client computer registration procedure, use the client program of this case], so that when the user opens the computer on any computer that reads this book, the encrypted file is sent to the computer. Not ;: Unable to decrypt due to lawsuit code: Therefore, it is possible to have identity verification to obtain ^ The practice of stealing files is missing. Employees or even employees = when functioning, it can also be used μ & can not open and read the file arbitrarily, which can greatly reduce the whole;: = ^ K Mi Tan case ^, into the electrical system of Mu, +, u J To the chance of destruction. The value can be the same as the private password used in the technical means described above. It is the same as the daughter of the public password and it, but in this case, because the private password stored in the client has the possibility of ^ _ solution, when the private password After being known, the common password was also known. Therefore, we can use the asymmetric encryption technique (Asymmetric Encryption A1§0Γι thms) as described in RFC 1 4 2 3-4 · 2 to set the private password and the public password to a different value to form a pair Existence. In this way, even if the private secret stored in the client is cracked, it is still unable to effectively decrypt the encrypted file. The method of asymmetric encryption technology is already a common technical means, so this case will not be repeated here. However, this case was invented by those skilled in the art
第16頁 529282Page 16 529282
第17頁 529282 圖式簡單說明 第一圖:其係本案較佳實施例之硬體架構示意圖。 第二圖(a ) (b ) ( c ):其係本案較佳實施例方法之步 驟流程圖。 ί 1^1 第18頁Page 529 282 Brief description of the diagram The first diagram: it is a schematic diagram of the hardware architecture of the preferred embodiment of the present case. The second figure (a) (b) (c): it is a flowchart of the steps of the method of the preferred embodiment of the present case. ί 1 ^ 1 p. 18
Claims (1)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW90121556A TW529282B (en) | 2001-08-31 | 2001-08-31 | Anti-theft method for digital data and anti-theft digital data processing system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW90121556A TW529282B (en) | 2001-08-31 | 2001-08-31 | Anti-theft method for digital data and anti-theft digital data processing system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TW529282B true TW529282B (en) | 2003-04-21 |
Family
ID=28450624
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW90121556A TW529282B (en) | 2001-08-31 | 2001-08-31 | Anti-theft method for digital data and anti-theft digital data processing system |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TW529282B (en) |
-
2001
- 2001-08-31 TW TW90121556A patent/TW529282B/en not_active IP Right Cessation
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109274652B (en) | Identity information verification system, method and device and computer storage medium | |
| US20170005788A1 (en) | Communication system and method | |
| US7395436B1 (en) | Methods, software programs, and systems for electronic information security | |
| US8341720B2 (en) | Information protection applied by an intermediary device | |
| US6963971B1 (en) | Method for authenticating electronic documents | |
| US7523310B2 (en) | Domain-based trust models for rights management of content | |
| JP5639660B2 (en) | Confirmable trust for data through the wrapper complex | |
| EP1364268A2 (en) | Methods and systems for authenticating business partners for secured electronic transactions | |
| JP2012518330A (en) | Reliable cloud computing and cloud service framework | |
| JP2003531447A5 (en) | ||
| US10554663B2 (en) | Self-destructing smart data container | |
| US20210166247A1 (en) | Asset ownership transfer and verification management | |
| KR100873314B1 (en) | Methods and apparatus for secure content distribution | |
| WO2007086015A2 (en) | Secure transfer of content ownership | |
| US7047409B1 (en) | Automated tracking of certificate pedigree | |
| CN112861102B (en) | Method and system for processing electronic file based on block chain | |
| EP3185465A1 (en) | A method for encrypting data and a method for decrypting data | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| JPH1188321A (en) | Digital signature generation server | |
| Chen et al. | A novel DRM scheme for accommodating expectations of personal use | |
| CN109902495B (en) | Data fusion method and device | |
| JP6533542B2 (en) | Secret key replication system, terminal and secret key replication method | |
| TW529282B (en) | Anti-theft method for digital data and anti-theft digital data processing system | |
| Conrado et al. | Controlled sharing of personal content using digital rights management | |
| Kaushik et al. | Securing the transfer and controlling the piracy of digital files using Blockchain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GD4A | Issue of patent certificate for granted invention patent | ||
| MM4A | Annulment or lapse of patent due to non-payment of fees |