1264638 九、發明說明: 【發明所屬之技術領域】 本如明係關於一種應用軟體之檔案 種可令特定目的開發的應用軟體内建即時=控伴;^指一 限制特定^ I/O動作,以確保:王I制’ 方法。 逆〜杈案不虞外洩遭竊之 【先前技術】 *電I、、、疑疋現代人最佳的管理卫具及資料儲存媒體 ,於各種針對各種不同用途的應用軟體不斷被開發問世 ’例如人事管理系、統、財務管理系統、會計系統、庫存管 理系統料,林林總總不勝枚舉,而提供了使用者方便且 貫用的管理工具。而不論是電腦的使用者介面或應用軟體 ,為方便操作及使用,都儘量提高介面的親和力,以儘量 降低使用者的操作障礙。而前述的人性化設計1然立意良 善’但同樣為商業間諜或電腦駭客竊取/破壞資料時提供 絕佳的捷徑。為確保檔案資料的安全,加密為必要的手段 之一,就一般電腦所能提供的加密工具,係以檔案為對象 逐一以密碼進行加密’此種加密方法的缺點十分顯著,即 數量過於龐大,執行過於耗時費力,且當加密檔案的數量 魔大時,密碼管理又是另一個問題。 又坊間固然有所謂的密碼鎖,但其鎖定的對象是電腦 ,產生的結果是全開全鎖,其不便與實用價值的低落可想 而知。簡言之,電腦是一便利的管理工具,但安裝在電腦 1264638 上的應用程式、軟體及其錯存 加密,因此以執行工具 ”並非母一個都需要 〃 #马鎖定對象ό s 角度來看,針對特定fs別 了象自屬不智。從另一個 r對特疋類型的檔 、財務、會計等類型檔案 a‘鎖疋,例如人事 前揭所述,以檔案為單 保王拈鈀惟如 而既以檔案類型作為加密盥 田缺乏效率, 聯的應靠體 類^案關 有效措施。 a力在對象,將是效率極高的 【發明内容】 ^本《明主要目的在提供—種針對特定播案類型 關聯的應用軟體進行即時 、i 萨以右4仅入批 並限制特定功能的執行, 精有效保全特定類型檔案之方法。 為達成前述目的採取的主要技術手段係在應用 敗入一即瞎gt i允和A , 歷τ 密…心並對該應用軟體關聯的檔案進行加 〃即時監控程式係執行下列步驟: 接收應用軟體執行後產生的呼叫訊息; 揭取應用軟體的特定資訊; 暫存該註冊資料 對該開啟檔案解 利用取得的特定資訊完成即時註冊 ’並進入即時監控狀態; t應用軟體開啟關聯類型的檔案時 密; 動作限制使用者對檔案執行的複製、貼上、轉存、列印等 1264638 在該權案關閉時’先進行加密後再予關閉; 當應用軟體結束時’刪除即時註冊資料。 利用前述技術,可α ^ 對象 痛x執仃特疋類型檔案之應用軟體為 :一旦應用軟體被執行,其新產生或關聯的檔幸 即進入限制執行特定私你# B + ^ ^ 、 、P 4監控狀態,由於受於# _ 案使用中舉凡複製、貼上、 又皿控才田 轉存、列印等可能取走資斜的 動作均被鎖住,故可確伴f 、 的開發業者^J女全性。又對於應用軟體 。 、° ’、保全機制的嵌入而提升其商業價值 【實施方式】 有關本發明之一較祛每 士亞尨 1又佳只施例,詳如以下所述:本發明 主要係以應用軟體作為監控 兮麻田私遍 的對象,其監控範圍擴及 聯的舊檔案及在使用過程中產生的新檔案, “下應用軟體產生的所有檔案在關閉前都會加 雄,因此,當應用軟體被再次勃"^ 1曰加 時,會先對舊檔案解密再予開啟二’、广:關聯的舊標案 特定類型的所有播案進行=:目;此一來’不僅達到對 逐-加密,且右… 的’因無須對所有稽案 八有同度的便利性,且 啟檔案時亦將予 又瓜控的應用軟體開 ::將予自動解进,故不存在密碼管理的問題。 貼上鉍+ 作為在於限制檔案本身作複擎、 料二=及列印"0動作,當應用軟 幸 全措施而防止資料外…'要時,即可: 月執行前述㈣全作為。其W的技㈣料如以5 1264638 所述: 本發明主要係在應用軟體内嵌入一即時監控程式,此 即%監控程式將對應用軟體執行過程中所產生的檔案, 進仃加密,其加密的時機在權案關閉之前,解密的時機則 才田案開啟之後,至於可採用的加密/解密技術容後詳述 。而刖述即時監控程式係在應用軟體執行後的運作過程中 ’限制該應用軟體所開啟任何職執行複製、貼上、轉存 鲁及列印等動作,以避免資料循該等管道被非法竊取。該即 時監控程式的具體步驟,請參閱第一圖所示,係包括有: 接收應用軟體執行後產生的呼叫訊息(1 〇1):由於即時 監控程式係直接嵌入至應用軟體中,其與應用軟體間將^ 立一連結關係,當應用軟體被執行時,隨即守叫並啟動即 時監控程式。 擷取應用軟體的特定資訊⑽):該即時監控程式被啟 動後,將透過電腦視窗系統内建的介面(例如:wind〇ws 鲁32 b丨ts App丨icatlon Pr〇grammjng丨叫心⑶,以下簡稱 API)操取該應用軟體的特定資訊’該特^資訊係由即時監 控程式所指定’例如檔案大小、資料類型、檔名或該檔案 產生的時間等等,以作為後續的動態註冊動作。 利用取得的特^資訊完成即時註冊(1()3):即時監控程 式透過AP丨擷取的資訊將被用以註冊之用,當透⑽丨取 得指定的特定資訊後,即同時完成動態註冊動作,且註冊 用的特定資訊將被暫存,隨後並進入即時監控狀態(104); 在即時監控狀態下,應用軟體開啟關聯類型的檔案時 1264638 ’即先對該開啟檔案進行解密(105,1 06),一種可行的加解 始、技術為des m,除此以外亦可連結以週邊形式設置的 加解密裝置(例如硬體鎖)或其他自行開發的演算法。 而在應用軟體開啟並使用該檔案期間,即時監控程式 將限制使用者對檔案執行的複製、貼上、轉存、列印等動 作(1 07),該等限制動作主要係配合視窗作業系統内建的 Installab丨e Fi|e System 功能,該 |nsta||ab丨e Fi|e system 原係供作業系統控制檔案的產生、開啟、讀取、寫入等動 作,因此本發明之即時監控程式其攔截其信號而對特定播 、產生㈣啟"貝取、寫入等動作進行監控,並限制複 ^ 、上轉存歹,J印等動作的執行。而當前述使用中的 “關閉時(1 08),將先進行加密後再予_閉(1 〇9)。 ,應用軟體結束執行時⑴Q),即刪除前述的註冊資料 ),俟下次再次執行時,再重新註冊。 由上述說明可瞭解本發明一〜 較佳貫施例的具體技術内 谷以该4貧料保全方法可將即 體的開發業者,供業者將J 式提供給應用軟 定用途而、 ,時1^控程式嵌入至其基於特 疋用述而開發的應用軟體中, -資料保全機制1而可提升::二:其開發的應用軟體 該即時監控程式有複數的使用者日;用知值與附加價值。當 識機制,其賦予每'組即時監二,:進-步内建丨D辨 在啟動應㈣體時將先執行m ^別具有不同的ID’ 者之保全機制可以通用。 動作,避免不同使用 由上述可知,本發明主 捉供一種可保護特定類型檔 1264638 =進行即時監控以限制其執行複製、貼上、 對乍的貝料保全方法’其既非鎖定整部電腦 一對母個檔案進行加密,而係| ^ ^ ^ 糸針對應用軟體關聯 1扠案進行群組化監控,其 个彳1扣供確保機密資 彳’更兼顧操作介面的親和力,故Γ;外… ..^ 故以该等設計確 者的實用性與進步性’並符合^明專利要件。 【圖式簡單說明】 第一圖··係本發明之流程圖 【主要元件符號說明】 轉存、列 ,亦#逐 的特定類 料不虞外 已具備顯1264638 IX. Description of the invention: [Technical field to which the invention pertains] This document relates to a file type of application software that can be used for a specific purpose to develop an application software built-in instant = control partner; ^ refers to a specific ^ I / O action, To ensure: Wang I system 'method. Reversal ~ 杈 虞 虞 【 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 先前 【 先前 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 【 最佳 最佳 最佳The personnel management department, the system of financial management, the accounting system, and the inventory management system are numerous, and provide a convenient and consistent management tool for users. Regardless of the user interface or application software of the computer, the interface affinity is maximized for the convenience of operation and use, so as to minimize the user's operation obstacles. The aforementioned humanized design is a good idea, but it also provides an excellent shortcut for commercial spies or computer hackers to steal/destroy data. In order to ensure the security of archives, encryption is one of the necessary means. The encryption tools that can be provided by ordinary computers are encrypted by passwords for files. The shortcomings of such encryption methods are very significant, that is, the number is too large. Execution is too time consuming and laborious, and password management is another problem when the number of encrypted files is large. There is also a so-called password lock, but the object of its lock is the computer, the result is full open and full lock, its inconvenience and the low value of practical value can be imagined. In short, the computer is a convenient management tool, but the application, software and its error encryption installed on the computer 1264638, so the execution tool "is not the mother one need to 〃 #马锁定对象ό s perspective, For the specific fs, it is not self-intellectual. From another r to the special type of file, financial, accounting and other types of files a' lock, such as the pre-personnel disclosure, the file as a single guarantee Wang Hao palladium only However, the use of file type as the encryption of the lack of efficiency in Putian, the joint should rely on the body class ^ case to effectively measure. A force in the object, will be extremely efficient [invention content] ^ The main purpose of this Ming is to provide The application software associated with a specific type of broadcast performs instant, i, and right, and only restricts the execution of specific functions, and effectively saves the specific types of files. The main technical means to achieve the above objectives is the application failure. That is, 瞎 i 允 允 允 允 允 允 允 允 允 允 允 允 允 允 允 允 允 允 允 允 τ τ τ τ τ τ τ τ τ τ τ τ τ τ τ τ τ τ τ 〃 〃 Declaring specific information of the application software; temporarily storing the registration data to complete the instant registration of the specific information obtained by using the open file and entering the instant monitoring state; t the application software opening the file of the associated type is dense; Copying, pasting, dumping, printing, etc. of the file execution 1264638 When the right is closed, 'encryption is first turned off; when the application software ends' deletes the instant registration data. Using the aforementioned technology, α ^ object pain The application software of the x special type file is: once the application software is executed, its newly generated or associated file is fortunate to enter the limit execution specific private you # B + ^ ^, , P 4 monitoring state, due to # _ In the use of the case, the actions of copying, affixing, and controlling the transfer of the field, printing, etc., which may take away the capital, are locked, so it is true that the developer of the company is accompanied by f, and the application software. , ° ', the embedding of the security mechanism to enhance its commercial value [Embodiment] One of the inventions is better than the Aristocratic 1 and the preferred embodiment, as described below: It is necessary to use the application software as the object of monitoring the private field of the 兮麻田, and its monitoring scope is extended to the old file of the association and the new file generated during the use. "All files generated by the application software will be added before closing. Therefore, When the application software is added again, it will first decrypt the old file and then open the second ', wide: all the related cases of the specific type of the old standard are associated with =: the target; For the encryption-by-encryption, and right... because there is no need to have the same degree of convenience for all the auditors, and the application software will be controlled when the file is opened:: will be automatically solved, so there is no password Management issues. Paste 铋+ as a restriction on the file itself as a re-engineer, material 2 = and print "0 action, when the application is soft, all measures are taken to prevent the data from outside... 'When necessary, you can: Perform the above (4) full action in the month. The technology of the W (4) is as described in 5 1264638: The present invention mainly embeds an instant monitoring program in the application software, and the % monitoring program encrypts and encrypts the files generated during the execution of the application software. The timing of the decryption is only after the case is closed, and then the encryption/decryption technology that can be used is detailed later. The description of the real-time monitoring program is to limit the actions of the application software to perform copying, pasting, dumping and printing in the operation process after the application software is executed, so as to prevent the data from being illegally stolen according to the pipeline. . The specific steps of the real-time monitoring program are shown in the first figure, which includes: a call message generated after receiving the application software (1 〇 1): since the real-time monitoring program is directly embedded in the application software, the application and the application The software will establish a connection relationship. When the application software is executed, it will immediately scream and start the real-time monitoring program. Capture specific information about the application software (10)): After the instant monitoring program is launched, it will be through the built-in interface of the computer window system (for example: wind〇ws 鲁32 b丨ts App丨icatlon Pr〇grammjng 丨叫心(3), below The API refers to the specific information of the application software. The information is specified by the real-time monitoring program, such as file size, data type, file name or time generated by the file, etc., as a follow-up dynamic registration action. Use the obtained special information to complete the instant registration (1()3): the information captured by the instant monitoring program through the AP will be used for registration. When the specific information is obtained through the (10), the dynamic registration is completed at the same time. The action, and the specific information for registration will be temporarily stored, and then enter the real-time monitoring state (104); In the instant monitoring state, when the application software opens the file of the associated type, 1264638' first decrypts the open file (105, 1 06), a feasible additive solution, the technology is des m, in addition to the addition of encryption and decryption devices (such as hardware locks) or other self-developed algorithms. During the application software opening and using the file, the real-time monitoring program will limit the user's copying, pasting, dumping, printing, etc. (1 07), which are mainly used in the window operating system. The built-in Installab丨e Fi|e System function, the |nsta||ab丨e Fi|e system is used to generate, open, read, write, etc. of the operating system control file, so the instant monitoring program of the present invention It intercepts its signals and monitors specific broadcasts, generates (four) Kai "betting, writing, etc., and limits the execution of actions such as complex ^, up-and-forward, and J-print. When the above-mentioned use is "closed (1 08), it will be encrypted first and then _closed (1 〇 9). When the application software ends execution (1) Q), the aforementioned registration data is deleted), next time again When it is executed, it is re-registered. From the above description, it can be understood that the specific technology of the present invention - the preferred embodiment of the method can be provided to the developer of the application by the developer of the 4 poor material preservation method. For the purpose of use, the time control program is embedded in the application software developed based on the special specification, - the data security mechanism 1 can be improved: 2: the application software developed by the application monitor has multiple uses Use the value and value added. When the mechanism is known, it gives each group a real-time supervision, and: The security mechanism can be used universally. Actions, avoiding different uses. As can be seen from the above, the present invention provides a method for protecting a specific type of file 1264638 = performing on-the-spot monitoring to limit its execution of copying, pasting, and confrontation. Non-locking the entire computer Encrypt the parent file, and ^ ^ ^ ^ 群组 Grouping monitoring for the application software associated with the 1 fork case, the other one is for ensuring the confidentiality of the business interface's affinity, so... ..^ Therefore, the practicality and progress of the design are in accordance with the requirements of the patent. [Simplified description of the drawings] The first figure is the flow chart of the present invention [the main component symbol description] Columns, also # specific materials are not obvious