WO2021012563A1 - 文件加密管理方法、系统及计算机可读存储介质 - Google Patents
文件加密管理方法、系统及计算机可读存储介质 Download PDFInfo
- Publication number
- WO2021012563A1 WO2021012563A1 PCT/CN2019/121817 CN2019121817W WO2021012563A1 WO 2021012563 A1 WO2021012563 A1 WO 2021012563A1 CN 2019121817 W CN2019121817 W CN 2019121817W WO 2021012563 A1 WO2021012563 A1 WO 2021012563A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- file
- feature
- encrypted
- encryption server
- characteristic
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Definitions
- This application belongs to the field of data security technology, and in particular relates to a file encryption management method, system, and computer-readable storage medium.
- Enterprise security refers to keeping the enterprise in a comprehensive, reliable and controlled state.
- the embodiments of the present application provide a file encryption management method, system, and computer-readable storage medium to solve the problem that the prior art cannot ensure the safety of important enterprise files.
- a file encryption management method including:
- the user terminal adds a feature tag to the initial file to obtain the file to be encrypted
- the user terminal sends a file encryption request to the file encryption server, where the file encryption request includes the file to be encrypted and the company ID;
- the file encryption server correspondingly stores the feature tags contained in the file to be encrypted and the company ID in a pre-built feature tag-enterprise ID mapping table;
- the file encryption server encrypts the file to be encrypted to obtain an encrypted file, and sends the encrypted file to the user terminal;
- the user terminal uses the encrypted file as the first feature encrypted file, and sends a file decryption request to the file encryption server.
- the open instruction includes the first feature company ID, so The file decryption request includes the first feature encrypted file and the first feature company ID;
- the file encryption server judges whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table
- the file encryption server decrypts the first feature encrypted file and sends it to the user terminal.
- a file encryption management system in a second aspect, includes a user terminal and a file encryption server.
- the user terminal includes an adding unit, a first sending unit, and a second sending unit.
- the file encryption server It includes a storage unit, a first encryption unit, a first judgment unit and a first decryption unit, wherein:
- the adding unit is used to add a feature tag to the initial file to obtain the file to be encrypted
- the first sending unit is configured to send a file encryption request to a file encryption server, where the file encryption request includes the file to be encrypted and an enterprise ID;
- the storage unit is configured to correspondingly store the feature tags contained in the file to be encrypted and the company ID in a pre-built feature tag-enterprise ID mapping table;
- the first encryption unit is configured to encrypt the file to be encrypted to obtain an encrypted file, and send the encrypted file to a user terminal;
- the second sending unit is configured to, if an instruction to open the encrypted file is received, use the encrypted file as a first feature encrypted file, and send a file decryption request to the file encryption server, where the open instruction includes A first characteristic company ID, where the file decryption request includes the first characteristic encrypted file and the first characteristic company ID;
- the first determining unit is configured to determine whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table;
- the first decryption unit is configured to, if the first characteristic company ID matches the first characteristic encrypted file, the file encryption server decrypts the first characteristic encrypted file and sends it to the user terminal.
- a file encryption management system which includes a user terminal and a file encryption server. Both the user terminal and the file encryption server include a memory, a processor, and are stored on the memory and can be stored on the processor.
- the running computer-readable instructions when the user terminal and the processor of the file encryption server execute the corresponding computer-readable instructions, jointly implement the method as described in the first aspect.
- a computer-readable storage medium stores a first computer-readable instruction and a second computer-readable instruction.
- the first computer-readable instruction and the second computer-readable The method as described in the first aspect can be implemented when the read instruction is executed by the processor of the user terminal and the processor of the file encryption server respectively.
- FIG. 1 is a schematic diagram of an application scenario of a file encryption management method provided by an embodiment of the application
- FIG. 2 is a schematic flowchart of a file encryption management method provided by an embodiment of the application
- FIG. 3 is a schematic diagram of a sub-flow of a file encryption management method provided by an embodiment of the application.
- FIG. 4 is a schematic flowchart of a file encryption management method provided by another embodiment of this application.
- FIG. 5 is a schematic block diagram of a file encryption management system provided by an embodiment of the application.
- FIG. 6 is a schematic block diagram of a first encryption unit of a file encryption server of a file encryption management system according to an embodiment of the application;
- FIG. 7 is a schematic block diagram of a first determining unit of a file encryption server of a file encryption management system provided by an embodiment of the application;
- FIG. 8 is a schematic block diagram of a first decryption unit of a file encryption server of a file encryption management system according to an embodiment of the application;
- FIG. 9 is a schematic block diagram of a file encryption management system provided by another embodiment of this application.
- FIG. 10 is a schematic block diagram of a computer device according to an embodiment of the application.
- FIG. 1 is a schematic diagram of an application scenario of a file encryption management method provided by an embodiment of the application.
- FIG. 2 is a schematic flowchart of a file encryption management method provided by an embodiment of the application.
- the file encryption management method is applied in a file encryption management system.
- the file management system includes a user terminal 1 and a file encryption server 2.
- the user terminal 1 adds a feature tag to the initial file to obtain the file to be encrypted; the user terminal 1 sends a file encryption request to the file encryption server 2, and the file encryption request includes the file to be encrypted and the enterprise ID; the file encryption server 2
- the feature tags contained in the file to be encrypted and the company ID are correspondingly stored in a pre-built feature tag-enterprise ID mapping table; the file encryption server 2 encrypts the file to be encrypted to obtain an encrypted file, and encrypts the file
- the file is sent to the user terminal 1.
- the user terminal 1 uses the encrypted file as the first feature encrypted file, and sends a file decryption request to the file encryption server 2, and the open
- the instruction includes the first characteristic company ID
- the file decryption request includes the first characteristic encrypted file and the first characteristic company ID
- the file encryption server 2 determines the first characteristic according to the characteristic tag-enterprise ID mapping table Whether the enterprise ID matches the first characteristic encrypted file; if the first characteristic enterprise ID matches the first characteristic encrypted file, the file encryption server 2 decrypts the first characteristic encrypted file and sends it to the user terminal 1.
- Fig. 2 is a schematic flowchart of a file encryption management method provided by an embodiment of the present application. As shown in the figure, the method includes the following steps S1-S8.
- S1 The user terminal adds a feature tag to the initial file to obtain the file to be encrypted.
- the initial file refers to the file stored in the terminal, which can specifically include important files in the enterprise such as WORD files and EXL files.
- the user terminal adds a feature tag to the initial file to obtain the file to be encrypted.
- the feature tag can identify the company to which the file to be encrypted belongs. Different companies have different feature tags, and terminals in the same company have the same feature tags.
- the feature label is specifically an identification string, which is used to uniquely identify the enterprise.
- the identification string can be set by the user.
- the identification string is "zxcv1230".
- tag management software for example: Tag Tower
- Tag Tower can be used to add feature tags to files.
- S2 The user terminal sends a file encryption request to the file encryption server, where the file encryption request includes the file to be encrypted and the enterprise ID.
- the user terminal sends a file encryption request to the file encryption server to request the file encryption server to encrypt the file to be encrypted.
- the file encryption request includes the file to be encrypted and an enterprise ID.
- the company ID is the company's identification number.
- the file encryption server determines the company to which the file to be encrypted belongs based on the company ID.
- the file encryption server correspondingly stores the feature tag contained in the file to be encrypted and the company ID in a pre-built feature tag-enterprise ID mapping table.
- the file encryption server correspondingly stores the feature tags contained in the file to be encrypted and the company ID in a pre-built feature tag-enterprise ID mapping table.
- the feature tag-enterprise ID mapping table is used to record the mapping relationship between the feature tag of the company and the company ID of the company.
- the characteristic label of the enterprise needs to be determined according to the characteristic label-enterprise ID mapping table.
- the file encryption server encrypts the file to be encrypted to obtain an encrypted file, and sends the encrypted file to the user terminal.
- the file encryption server encrypts the file to be encrypted to obtain an encrypted file, and sends the encrypted file to the user terminal, thereby completing the encryption process of the file to be encrypted.
- the file encryption server encrypts the file to be encrypted with its own public key, so that only the private key of the file encryption server can decrypt the encrypted file, which improves the security of the encrypted file .
- the public key refers to the key distributed through the asymmetric encryption algorithm.
- the asymmetric encryption algorithm uses two different keys for encryption and decryption, called the public key and the private key. Only the private key can decrypt data encrypted by the public key, and only the public key can decrypt data encrypted by the private key.
- the private key is generated by a random number algorithm, the public key is generated according to the private key, and the public key and the private key are distributed in pairs. Among them, the public key is public, and the private key is privately held and strictly protected.
- the user terminal if receiving an instruction to open an encrypted file input by the user, uses the encrypted file as the first feature encrypted file and sends a file decryption request to the file encryption server, and the file decryption request includes the file decryption request.
- the first feature encrypted file and the first feature company ID if receiving an instruction to open an encrypted file input by the user, uses the encrypted file as the first feature encrypted file and sends a file decryption request to the file encryption server, and the file decryption request includes the file decryption request.
- the first feature encrypted file and the first feature company ID if receiving an instruction to open an encrypted file input by the user, uses the encrypted file as the first feature encrypted file and sends a file decryption request to the file encryption server, and the file decryption request includes the file decryption request.
- the first feature encrypted file and the first feature company ID if receiving an instruction to open an encrypted file input by the user, uses the encrypted file as the first feature encrypted file and sends a file decryption
- S6 The file encryption server judges whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table.
- the file encryption server judges whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table. That is, it is determined whether the company ID corresponding to the feature tag of the first feature encryption file is the same as the first feature company ID, and if they are the same, whether the first feature company ID matches the first feature encryption file; Otherwise, whether the first characteristic company ID does not match the first characteristic encrypted file.
- step S6 specifically includes the following steps S61-S63.
- the file encryption server obtains the feature tag contained in the first feature encrypted file as the first target feature tag.
- the file encryption server when the file encryption server receives the file decryption request sent by the user terminal, it first obtains the feature tag of the first feature encrypted file included in the file decryption request as the target feature tag.
- the file encryption server determines whether the first feature encrypted file is a file of the company to which the first feature company ID corresponds based on the target feature tag and the first feature company ID included in the file decryption request. If the first feature encrypted file is a file of the company to which the first feature company ID corresponds, the first feature encrypted file is decrypted; otherwise, the first feature encrypted file is not decrypted. Therefore, only the enterprise itself can decrypt its own encrypted files, which improves the security of enterprise encrypted files.
- the file encryption server determines whether the first target feature tag is the same as a reference feature tag, and the reference feature tag is a feature tag corresponding to the first feature company ID in the feature tag-enterprise ID mapping table.
- the file encryption server determines whether the first target feature tag is the same as the reference feature tag, and the reference feature tag is the feature tag corresponding to the first feature company ID in the feature tag-enterprise ID mapping table .
- the first target feature tag is the same as the reference feature tag, it means that the first feature decryption file is a file of the company corresponding to the first feature company ID; otherwise, it indicates that the first feature decryption file is not the first feature company.
- the file of the company corresponding to the ID is not the first feature company.
- the file encryption server determines that the first feature company ID matches the first feature encrypted file.
- the file encryption server determines that the first feature company ID does not match the first feature encrypted file.
- the file encryption server The encrypted file with the first characteristic is decrypted and sent to the user terminal, thereby completing the decryption process of the encrypted file.
- the file encryption server decrypts the first feature encrypted file with its own private key and sends it to the user terminal.
- the user terminal adds a feature tag to the initial file to obtain the file to be encrypted, and the file encryption server encrypts the file to be encrypted to obtain the encrypted file, and sends it to the user terminal; if an encrypted file is received Open the instruction, the user terminal uses the encrypted file as the first feature encrypted file, and sends a file decryption request to the file encryption server; the file encryption server determines whether the feature tag contained in the first feature encrypted file is the same as the feature tag corresponding to the enterprise ID If yes, decrypt the first feature encrypted file and send it to the user terminal. Therefore, the file encryption server will decrypt the encrypted file only when the feature tag contained in the encrypted file is the same as the feature tag corresponding to the enterprise, which greatly improves the security of the encrypted file.
- FIG. 4 is a schematic flowchart of a file encryption management method provided by another embodiment of the present application.
- the file encryption management method of this embodiment includes steps S101-S112.
- the steps S101-S107 are similar to the steps S1-S7 in the foregoing embodiment, and will not be repeated here.
- the steps S108-S112 added in this embodiment will be described in detail below.
- the file encryption server sends a first error prompt message to the user terminal.
- the first error prompt message is used to inform the user that the encrypted file with the first characteristic is not a file of the enterprise and the file decryption fails.
- S109 If an outgoing instruction for an encrypted file is received, the user terminal uses the encrypted file as a second feature encrypted file, and sends a file outgoing request to the file encryption server, where the outgoing instruction includes the target email address and A second characteristic company ID, where the file outsourcing request includes the second characteristic encrypted file, the second characteristic company ID, and the target email address.
- the outgoing instruction includes a target email address, indicating that the user needs to send the encrypted file to the target email address.
- the user terminal uses the encrypted file as the second feature encrypted file, and sends a file outgoing request to the file encryption server.
- the file outgoing request includes the second characteristic encrypted file, the second characteristic company ID, and the target email address.
- S110 The file encryption server judges whether the second characteristic company ID matches the second characteristic encrypted file according to the characteristic tag-enterprise ID mapping table.
- the file encryption server judges whether the second characteristic enterprise ID matches the second characteristic encrypted file according to the characteristic tag-enterprise ID mapping table. That is, it is determined whether the company ID corresponding to the feature tag of the second feature encryption file is the same as the second feature company ID, and if they are the same, whether the second feature company ID matches the second feature encryption file; Otherwise, whether the second characteristic company ID does not match the second characteristic encrypted file.
- the file encryption server decrypts the second characteristic encrypted file to obtain the decrypted file, and sends to the target email address containing the Decrypt the file in the mail.
- the file encryption server decrypts the second feature encrypted file to obtain the decrypted file, and sends the file to the target email address containing The mail of the decrypted file.
- the decrypted file can be distributed to other users.
- the encrypted file can only be decrypted through the above methods, which improves the security of the encrypted file.
- the file encryption server correspondingly decrypts the encrypted file with its own private key to obtain the decrypted file.
- the file encryption server sends a second error prompt message to the user terminal.
- the second error prompt message is used to inform the user that the encrypted file with the first feature is not the file of the enterprise, the file decryption fails, and the email sending fails.
- FIG. 5 is a schematic block diagram of a file encryption management system 100 provided by an embodiment of the present application. As shown in FIG. 5, corresponding to the above file encryption management method, the present application also provides a file encryption management system 100.
- the file encryption management system 100 includes a user terminal 90 and a file encryption server 80. Specifically, referring to FIG. 5, the user terminal 90 includes an adding unit 91, a first sending unit 92, and a second sending unit 93.
- the file encryption server 80 includes a storage unit 81, a first encryption unit 82, and a first judgment. Unit 83 and the first decryption unit 84.
- the first sending unit 92 is configured to send a file encryption request to a file encryption server, where the file encryption request includes the file to be encrypted and an enterprise ID.
- the storage unit 81 is configured to correspondingly store the feature tags and the company ID contained in the file to be encrypted in a pre-built feature tag-enterprise ID mapping table.
- the first encryption unit 82 is configured to encrypt the file to be encrypted to obtain an encrypted file, and send the encrypted file to the user terminal.
- the second sending unit 93 is configured to, if an instruction to open the encrypted file is received, use the encrypted file as the first feature encrypted file, and send a file decryption request to the file encryption server, where the open instruction includes a A characteristic enterprise ID, and the file decryption request includes the first characteristic encrypted file and the first characteristic enterprise ID.
- the first determining unit 83 is configured to determine whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table.
- the first decryption unit 84 is configured to, if the first characteristic company ID matches the first characteristic encrypted file, the file encryption server decrypts the first characteristic encrypted file and sends it to the user terminal.
- the first encryption unit 82 includes a second encryption unit 820.
- the second encryption unit 821 is configured to encrypt the file to be encrypted with its own public key to obtain the encrypted file.
- the first judgment unit 83 includes an acquisition unit 831, a second judgment unit 832, a first judgment unit 833 and a second judgment unit 834.
- the obtaining unit 831 is configured to obtain the feature tag contained in the first feature encrypted file as the first target feature tag.
- the second determining unit 832 is configured to determine whether the first target feature tag is the same as the reference feature tag, and the reference feature tag is the feature corresponding to the first feature company ID in the feature tag-enterprise ID mapping table label.
- the first determining unit 833 is configured to determine that the first characteristic enterprise ID matches the first characteristic encrypted file if the first target characteristic label is the same as the reference characteristic label.
- the second determining unit 834 is configured to determine that the first characteristic enterprise ID does not match the first characteristic encrypted file if the first target characteristic tag is different from the reference characteristic tag.
- the first decryption unit 84 includes a second decryption unit 841.
- the second decryption unit 841 is configured to decrypt the first feature encrypted file with the private key of the file encryption server and send it to the user terminal.
- FIG. 9 is a schematic block diagram of a file encryption management system 100 provided by another embodiment of the present application.
- the user terminal of the file encryption management system 100 of this embodiment is based on the above embodiment with a fourth sending unit 94; the file encryption server of the file encryption management system 100 of this embodiment is the above embodiment
- a third sending unit 85, a third judging unit 86, a third decrypting unit 87, and a fifth sending unit 88 are added on the basis of.
- the third sending unit 85 is configured to send a first error prompt message to the user terminal if the first characteristic company ID does not match the first characteristic encrypted file.
- the fourth sending unit 94 is configured to, if an outgoing instruction for an encrypted file is received, use the encrypted file as the second feature encrypted file, and send a file outgoing request to the file encryption server, where the outgoing instruction includes the target mail Address and a second characteristic company ID, the file outgoing request includes the second characteristic encrypted file, the second characteristic company ID, and the target email address.
- the third determining unit 86 is configured to determine whether the second characteristic enterprise ID matches the second characteristic encrypted file according to the characteristic tag-enterprise ID mapping table.
- the third decryption unit 87 is configured to, if the second characteristic company ID matches the second characteristic encrypted file, decrypt the second characteristic encrypted file to obtain the decrypted file, and send the file containing The mail of the decrypted file.
- the fifth sending unit 88 is configured to send a second error prompt message to the user terminal if the second characteristic company ID does not match the second characteristic encrypted file.
- the embodiment of the present application also proposes a file encryption management system.
- the file encryption management system includes at least two computer devices, including a file encryption server and at least one user terminal.
- FIG. 10 is a schematic block diagram of a computer device according to an embodiment of the present application.
- the computer device 500 may be the above-mentioned file encryption server or the user terminal, and the terminal may be an electronic device with communication function such as a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like.
- the computer device 500 includes a processor 502, a memory, and a network interface 505 connected through a system bus 501, where the memory may include a non-volatile storage medium 503 and an internal memory 504.
- the non-volatile storage medium 503 can store an operating system 5031 and computer-readable instructions 5032.
- the processor 502 can execute a bid management method.
- the processor 502 is used to provide calculation and control capabilities to support the operation of the entire computer device 500.
- the internal memory 504 provides an environment for the operation of the computer-readable instructions 5032 in the non-volatile storage medium 503.
- the processor 502 can execute a bid management method.
- the network interface 505 is used for network communication with other devices.
- the structure shown in FIG. 10 is only a block diagram of part of the structure related to the solution of the present application, and does not constitute a limitation on the computer device 500 to which the solution of the present application is applied.
- the specific computer device 500 may include more or fewer components than shown in the figure, or combine certain components, or have a different component arrangement.
- processor 502 of the user terminal and the file encryption server is configured to run computer-readable instructions 5032 stored in the memory to implement the following steps:
- the user terminal adds a feature tag to the initial file to obtain the file to be encrypted
- the user terminal sends a file encryption request to the file encryption server, where the file encryption request includes the file to be encrypted and the company ID;
- the file encryption server correspondingly stores the feature tags contained in the file to be encrypted and the company ID in a pre-built feature tag-enterprise ID mapping table;
- the file encryption server encrypts the file to be encrypted to obtain an encrypted file, and sends the encrypted file to the user terminal;
- the user terminal uses the encrypted file as the first feature encrypted file, and sends a file decryption request to the file encryption server.
- the open instruction includes the first feature company ID, so The file decryption request includes the first feature encrypted file and the first feature company ID;
- the file encryption server judges whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table
- the file encryption server decrypts the first feature encrypted file and sends it to the user terminal.
- the processor 502 may be a central processing unit (Central Processing Unit, CPU), and the processor 502 may also be other general-purpose processors, digital signal processors (Digital Signal Processors, DSPs), Application Specific Integrated Circuit (ASIC), Field-Programmable Gate Array (FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc.
- the general-purpose processor may be a microprocessor or the processor may also be any conventional processor.
- Non-volatile memory may include read only memory (ROM), programmable ROM (PROM), electrically programmable ROM (EPROM), electrically erasable programmable ROM (EEPROM), or flash memory.
- Volatile memory may include random access memory (RAM) or external cache memory.
- RAM is available in many forms, such as static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double data rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous chain Channel (Synchlink) DRAM (SLDRAM), memory bus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM), etc.
- the storage medium stores a first computer readable instruction and a second computer readable instruction.
- the first computer readable instruction and the second computer readable instruction are respectively used by the processor and the second computer readable instruction of the user terminal.
- the processor of the file encryption server can implement the following steps when executing:
- the user terminal adds a feature tag to the initial file to obtain the file to be encrypted
- the user terminal sends a file encryption request to the file encryption server, where the file encryption request includes the file to be encrypted and the company ID;
- the file encryption server correspondingly stores the feature tags contained in the file to be encrypted and the company ID in a pre-built feature tag-enterprise ID mapping table;
- the file encryption server encrypts the file to be encrypted to obtain an encrypted file, and sends the encrypted file to the user terminal;
- the user terminal uses the encrypted file as the first feature encrypted file, and sends a file decryption request to the file encryption server.
- the open instruction includes the first feature company ID, so The file decryption request includes the first feature encrypted file and the first feature company ID;
- the file encryption server judges whether the first characteristic enterprise ID matches the first characteristic encrypted file according to the characteristic tag-enterprise ID mapping table
- the file encryption server decrypts the first feature encrypted file and sends it to the user terminal.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (20)
- 一种文件加密管理方法,其特征在于,包括:用户终端在初始文件中添加特征标签以得到待加密文件;用户终端向文件加密服务器发送文件加密请求,所述文件加密请求包含所述待加密文件以及企业ID;文件加密服务器将所述待加密文件包含的特征标签以及所述企业ID对应存储到预构建的特征标签-企业ID映射表中;文件加密服务器对所述待加密文件进行加密以得到加密文件,并将所述加密文件发送给用户终端;若接收到对所述加密文件的开启指令,用户终端将所述加密文件作为第一特征加密文件,并向所述文件加密服务器发送文件解密请求,所述开启指令包含第一特征企业ID,所述文件解密请求包含所述第一特征加密文件以及所述第一特征企业ID;文件加密服务器根据所述特征标签-企业ID映射表判断所述第一特征企业ID是否与所述第一特征加密文件匹配;若所述第一特征企业ID与所述第一特征加密文件匹配,文件加密服务器对所述第一特征加密文件进行解密后发送给用户终端。
- 根据权利要求1所述的方法,其特征在于,所述文件加密服务器对所述待加密文件进行加密以得到加密文件,包括:文件加密服务器通过自身的公钥对所述待加密文件进行加密以得到所述加密文件。
- 根据权利要求1所述的方法,其特征在于,所述文件加密服务器根据所述特征标签-企业ID映射表判断所述第一特征企业ID是否与所述第一特征加密文件匹配,包括:文件加密服务器获取所述第一特征加密文件包含的特征标签作为第一目标特征标签;文件加密服务器判断所述第一目标特征标签是否与参考特征标签相同,所述参考特征标签为所述特征标签-企业ID映射表中与所述 第一特征企业ID对应的特征标签;若所述第一目标特征标签与所述参考特征标签相同,文件加密服务器判定所述第一特征企业ID与所述第一特征加密文件匹配;若所述第一目标特征标签与所述参考特征标签不相同,文件加密服务器判定所述第一特征企业ID与所述第一特征加密文件不匹配。
- 根据权利要求2所述的方法,其特征在于,所述文件加密服务器对所述第一特征加密文件进行解密后发送给用户终端,包括:文件加密服务器通过自己的私钥对所述第一特征加密文件进行解密后发送给用户终端。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:若所述第一特征企业ID与所述第一特征加密文件不匹配,文件加密服务器向所述用户终端发送第一错误提示消息。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:若接收到对所述加密文件的外发指令,用户终端将所述加密文件作为第二特征加密文件,并向文件加密服务器发送文件外发请求,所述外发指令包括目标邮件地址以及第二特征企业ID,所述文件外发请求包括所述第二特征加密文件、所述第二特征企业ID以及所述目标邮件地址;文件加密服务器根据所述特征标签-企业ID映射表判断所述第二特征企业ID是否与所述第二特征加密文件匹配;若所述第二特征企业ID与所述第二特征加密文件匹配,文件加密服务器对所述第二特征加密文件进行解密后得到解密文件,并向所述目标邮件地址发送包含所述解密文件的邮件。
- 根据权利要求6所述的方法,其特征在于,所述方法还包括:若所述第二特征企业ID与所述第二特征加密文件不匹配,文件加密服务器向所述用户终端发送第二错误提示消息。
- 一种文件加密管理系统,其特征在于,所述文件加密管理系统包 括用户终端以及文件加密服务器,所述用户终端包括添加单元、第一发送单元以及第二发送单元,所述文件加密服务器包括存储单元、第一加密单元、第一判断单元以及第一解密单元,其中:所述添加单元,用于在初始文件中添加特征标签以得到待加密文件;所述第一发送单元,用于向文件加密服务器发送文件加密请求,所述文件加密请求包含所述待加密文件以及企业ID;所述存储单元,用于将所述待加密文件包含的特征标签以及所述企业ID对应存储到预构建的特征标签-企业ID映射表中;所述第一加密单元,用于对所述待加密文件进行加密以得到加密文件,并将所述加密文件发送给用户终端;所述第二发送单元,用于若接收到对所述加密文件的开启指令,将所述加密文件作为第一特征加密文件,并向所述文件加密服务器发送文件解密请求,所述开启指令包含第一特征企业ID,所述文件解密请求包含所述第一特征加密文件以及所述第一特征企业ID;所述第一判断单元,用于根据所述特征标签-企业ID映射表判断所述第一特征企业ID是否与所述第一特征加密文件匹配;所述第一解密单元,用于若所述第一特征企业ID与所述第一特征加密文件匹配,文件加密服务器对所述第一特征加密文件进行解密后发送给用户终端。
- 根据权利要求8所述的系统,其特征在于,所述第一加密单元包括第二加密单元;所述第二加密单元,用于通过自身的公钥对所述待加密文件进行加密以得到所述加密文件。
- 根据权利要求8所述的系统,其特征在于,所述第一判断单元包括获取单元、第二判断单元、第一判定单元以及第二判定单元。所述获取单元,用于获取所述第一特征加密文件包含的特征标签 作为第一目标特征标签。所述第二判断单元,用于判断所述第一目标特征标签是否与参考特征标签相同,所述参考特征标签为所述特征标签-企业ID映射表中与所述第一特征企业ID对应的特征标签。所述第一判定单元,用于若所述第一目标特征标签与所述参考特征标签相同,判定所述第一特征企业ID与所述第一特征加密文件匹配。所述第二判定单元,用于若所述第一目标特征标签与所述参考特征标签不相同,判定所述第一特征企业ID与所述第一特征加密文件不匹配。
- 根据权利要求9所述的系统,其特征在于,所述第一解密单元包括第二解密单元;所述第二解密单元,用于通过文件加密服务器的私钥对所述第一特征加密文件进行解密后发送给用户终端。
- 一种文件加密管理系统,其特征在于,包括用户终端以及文件加密服务器,所述用户终端以及文件加密服务器均包括存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机可读指令,所述用户终端以及文件加密服务器的处理器执行相应的计算机可读指令时共同实现如下步骤:用户终端在初始文件中添加特征标签以得到待加密文件;用户终端向文件加密服务器发送文件加密请求,所述文件加密请求包含所述待加密文件以及企业ID;文件加密服务器将所述待加密文件包含的特征标签以及所述企业ID对应存储到预构建的特征标签-企业ID映射表中;文件加密服务器对所述待加密文件进行加密以得到加密文件,并将所述加密文件发送给用户终端;若接收到对所述加密文件的开启指令,用户终端将所述加密文件作为第一特征加密文件,并向所述文件加密服务器发送文件解密 请求,所述开启指令包含第一特征企业ID,所述文件解密请求包含所述第一特征加密文件以及所述第一特征企业ID;文件加密服务器根据所述特征标签-企业ID映射表判断所述第一特征企业ID是否与所述第一特征加密文件匹配;若所述第一特征企业ID与所述第一特征加密文件匹配,文件加密服务器对所述第一特征加密文件进行解密后发送给用户终端。
- 根据权利要求12所述的系统,其特征在于,所述文件加密服务器的处理器执行相应的计算机可读指令时还实现如下步骤:文件加密服务器通过自身的公钥对所述待加密文件进行加密以得到所述加密文件。
- 根据权利要求12所述的系统,其特征在于,所述文件加密服务器的处理器执行相应的计算机可读指令时还实现如下步骤:文件加密服务器获取所述第一特征加密文件包含的特征标签作为第一目标特征标签;文件加密服务器判断所述第一目标特征标签是否与参考特征标签相同,所述参考特征标签为所述特征标签-企业ID映射表中与所述第一特征企业ID对应的特征标签;若所述第一目标特征标签与所述参考特征标签相同,文件加密服务器判定所述第一特征企业ID与所述第一特征加密文件匹配;若所述第一目标特征标签与所述参考特征标签不相同,文件加密服务器判定所述第一特征企业ID与所述第一特征加密文件不匹配。
- 根据权利要求13所述的系统,其特征在于,所述文件加密服务器的处理器执行相应的计算机可读指令时还实现如下步骤:文件加密服务器通过自己的私钥对所述第一特征加密文件进行解密后发送给用户终端。
- 根据权利要求12所述的系统,其特征在于,所述用户终端以及文件加密服务器的处理器执行相应的计算机可读指令时共同实现如 下步骤:若所述第一特征企业ID与所述第一特征加密文件不匹配,文件加密服务器向所述用户终端发送第一错误提示消息;若接收到对加密文件的外发指令,用户终端将所述加密文件作为第二特征加密文件,并向文件加密服务器发送文件外发请求,所述外发指令包括目标邮件地址以及第二特征企业ID,所述文件外发请求包括所述第二特征加密文件、所述第二特征企业ID以及所述目标邮件地址;文件加密服务器根据所述特征标签-企业ID映射表判断所述第二特征企业ID是否与所述第二特征加密文件匹配;若所述第二特征企业ID与所述第二特征加密文件匹配,文件加密服务器对所述第二特征加密文件进行解密后得到解密文件,并向所述目标邮件地址发送包含所述解密文件的邮件;若所述第二特征企业ID与所述第二特征加密文件不匹配,文件加密服务器向所述用户终端发送第二错误提示消息。
- 一种计算机可读存储介质,所述存储介质存储有第一计算机可读指令和第二计算机可读指令,所述第一计算机可读指令和第二计算机可读指令分别被用户终端的处理器和文件加密服务器的处理器执行时实现如下步骤:用户终端在初始文件中添加特征标签以得到待加密文件;用户终端向文件加密服务器发送文件加密请求,所述文件加密请求包含所述待加密文件以及企业ID;文件加密服务器将所述待加密文件包含的特征标签以及所述企业ID对应存储到预构建的特征标签-企业ID映射表中;文件加密服务器对所述待加密文件进行加密以得到加密文件,并将所述加密文件发送给用户终端;若接收到对所述加密文件的开启指令,用户终端将所述加密文件作为第一特征加密文件,并向所述文件加密服务器发送文件解密 请求,所述开启指令包含第一特征企业ID,所述文件解密请求包含所述第一特征加密文件以及所述第一特征企业ID;文件加密服务器根据所述特征标签-企业ID映射表判断所述第一特征企业ID是否与所述第一特征加密文件匹配;若所述第一特征企业ID与所述第一特征加密文件匹配,文件加密服务器对所述第一特征加密文件进行解密后发送给用户终端。
- 根据权利要求17所述的计算机可读存储介质,其特征在于,所述文件加密服务器的处理器在执行所述第二计算机可读指令时还实现如下步骤:文件加密服务器通过自身的公钥对所述待加密文件进行加密以得到所述加密文件。
- 根据权利要求17所述的计算机可读存储介质,其特征在于,所述文件加密服务器的处理器在执行所述第二计算机可读指令时还实现如下步骤:文件加密服务器获取所述第一特征加密文件包含的特征标签作为第一目标特征标签;文件加密服务器判断所述第一目标特征标签是否与参考特征标签相同,所述参考特征标签为所述特征标签-企业ID映射表中与所述第一特征企业ID对应的特征标签;若所述第一目标特征标签与所述参考特征标签相同,文件加密服务器判定所述第一特征企业ID与所述第一特征加密文件匹配;若所述第一目标特征标签与所述参考特征标签不相同,文件加密服务器判定所述第一特征企业ID与所述第一特征加密文件不匹配。
- 根据权利要求18所述的计算机可读存储介质,其特征在于,所述文件加密服务器的处理器在执行所述第二计算机可读指令时还实现如下步骤:文件加密服务器通过自己的私钥对所述第一特征加密文件进行解 密后发送给用户终端。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910666732.7A CN110532796A (zh) | 2019-07-23 | 2019-07-23 | 文件加密管理方法、系统及计算机可读存储介质 |
CN201910666732.7 | 2019-07-23 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2021012563A1 true WO2021012563A1 (zh) | 2021-01-28 |
Family
ID=68661882
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2019/121817 WO2021012563A1 (zh) | 2019-07-23 | 2019-11-29 | 文件加密管理方法、系统及计算机可读存储介质 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN110532796A (zh) |
WO (1) | WO2021012563A1 (zh) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111339543B (zh) * | 2020-02-27 | 2023-07-14 | 深信服科技股份有限公司 | 一种文件处理方法及装置、设备、存储介质 |
CN112632588A (zh) * | 2020-12-30 | 2021-04-09 | 中国农业银行股份有限公司 | 一种文本加密方法及装置 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101702150A (zh) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | 一种pdf文档页内容的保护、验证及撤销方法 |
CN102142073A (zh) * | 2010-12-27 | 2011-08-03 | 成都网安科技发展有限公司 | 基于隐密水印的纸质文档防泄密及其鉴别系统 |
CN103685138A (zh) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | 移动互联网上的Android平台应用软件的认证方法和系统 |
CN104917769A (zh) * | 2015-06-11 | 2015-09-16 | 北京嘉和美康信息技术有限公司 | 一种电子病历签名方法及装置 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7673134B2 (en) * | 2005-04-07 | 2010-03-02 | Lenovo (Singapore) Pte. Ltd. | Backup restore in a corporate infrastructure |
-
2019
- 2019-07-23 CN CN201910666732.7A patent/CN110532796A/zh active Pending
- 2019-11-29 WO PCT/CN2019/121817 patent/WO2021012563A1/zh active Application Filing
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101702150A (zh) * | 2009-12-02 | 2010-05-05 | 江西金格网络科技有限责任公司 | 一种pdf文档页内容的保护、验证及撤销方法 |
CN102142073A (zh) * | 2010-12-27 | 2011-08-03 | 成都网安科技发展有限公司 | 基于隐密水印的纸质文档防泄密及其鉴别系统 |
CN103685138A (zh) * | 2012-08-30 | 2014-03-26 | 卓望数码技术(深圳)有限公司 | 移动互联网上的Android平台应用软件的认证方法和系统 |
CN104917769A (zh) * | 2015-06-11 | 2015-09-16 | 北京嘉和美康信息技术有限公司 | 一种电子病历签名方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN110532796A (zh) | 2019-12-03 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2021003980A1 (zh) | 黑名单共享方法、装置、计算机设备和存储介质 | |
US11010483B1 (en) | Policy enforcement | |
US11650955B2 (en) | Systems and methods for distributed data storage and delivery using blockchain | |
US20060232826A1 (en) | Method, device, and system of selectively accessing data | |
US20090100060A1 (en) | Device, system, and method of file-utilization management | |
US20060262928A1 (en) | Method, device, and system of encrypting/decrypting data | |
US9152811B2 (en) | Transparent real-time access to encrypted non-relational data | |
WO2021003977A1 (zh) | 违约信息查询方法、装置、计算机设备和存储介质 | |
WO2020206953A1 (zh) | 一种数据处理方法及系统 | |
US10911538B2 (en) | Management of and persistent storage for nodes in a secure cluster | |
US20240061790A1 (en) | Locally-stored remote block data integrity | |
US20200342091A1 (en) | Authentication and control of encryption keys | |
WO2022028289A1 (zh) | 数据加密方法、数据解密方法、装置、终端和存储介质 | |
US10402574B2 (en) | Techniques for multi-domain memory encryption | |
WO2020215685A1 (zh) | 基于区块链的信息处理、获取方法、装置、设备及介质 | |
WO2021012563A1 (zh) | 文件加密管理方法、系统及计算机可读存储介质 | |
US9058472B1 (en) | System and method of applying access rules to files transmitted between computers | |
US9218296B2 (en) | Low-latency, low-overhead hybrid encryption scheme | |
US9712324B2 (en) | Methods and apparatuses for reducing or eliminating unauthorized access to tethered data | |
US11399015B2 (en) | Data security tool | |
US9183403B2 (en) | Key retrieval | |
US20160182474A1 (en) | Secondary communications channel facilitating document security | |
US11870763B2 (en) | Systems and methods for inter-system account identification | |
US20240048380A1 (en) | Cryptography-as-a-Service | |
WO2024030308A1 (en) | Data exchange protection and governance system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 19938775 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19938775 Country of ref document: EP Kind code of ref document: A1 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205ADATED 01.08.2022) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 19938775 Country of ref document: EP Kind code of ref document: A1 |