CN101938497A - Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof - Google Patents
Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof Download PDFInfo
- Publication number
- CN101938497A CN101938497A CN2010102921101A CN201010292110A CN101938497A CN 101938497 A CN101938497 A CN 101938497A CN 2010102921101 A CN2010102921101 A CN 2010102921101A CN 201010292110 A CN201010292110 A CN 201010292110A CN 101938497 A CN101938497 A CN 101938497A
- Authority
- CN
- China
- Prior art keywords
- key
- user
- file
- sets
- documentation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to a multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof. The multistage security file structure comprises a plurality of security levels for distinguishing files in different security levels, and each security level comprises a plurality of file sets not overlapped with each other; each file set comprises a root node as well as a left child node and a right child node which are based on the root node, wherein the left child nodes are member sets capable of accessing the file sets, the right child nodes are files in the file sets, and the root nodes store working secret keys for the member sets to access the files; and apart from containing the files in per se, the right nodes of the file set in a higher security level also contain file sets in the security level one level lower than the file set in the higher security level. The multistage security file structure is used for carrying out distinguishing management to user access authorities and realizes the multistage protecting management of computer files by matching with the control of the user access authorities; and meanwhile, the soft and hard life cycles of the secret keys are increased so that new secret keys and old secrete keys are effectively substituted, thereby the safe use of the secrete keys is realized.
Description
Technical field
The present invention relates to computer file system, more particularly, relate to a kind of multilevel security sets of documentation structure of computer file system and file access control thereof and key management user terminal, service terminal, system and method.
Background technology
Traditional computer file system is not supported access privilege control, and file is not encrypted storage, important file and ordinary file are not treated by differentiation, so file can arbitrarily be replicated and propagate, and this is unfavorable for file content safety.
Some computer file system support is encrypted file, but it can't guarantee the safety of encryption key.And the secret key safety of file encryption is most important to file security, in case encryption key is illegally accessed, will bring danger to file protect so.
For example publication number is the patent of invention of CN 1567255A, a kind of storage and access control method of secure file system are disclosed, it is applied to digital signature technology and encryption technology in the file system, by file being carried out digital signature and implementing primitiveness and differentiate, prevents that file from being distorted; According to the different security level requirement of file storage, adopt different cryptographic algorithm and Cipher Strengths to encrypt to storage file, prevent that file is stolen and causes content such as information leakage.
But there is following shortcoming in above-mentioned prior art: 1, do not distinguish the control access privilege, can not realize document classification management flexibly; 2, the problem that file encryption key upgrades can not be solved, the security requirement of encrypting and protecting files can not be satisfied well.
Summary of the invention
The technical problem to be solved in the present invention is, a kind of multilevel security sets of documentation structure and file access control thereof and key management user terminal, service terminal, system and method are provided.
The technical solution adopted for the present invention to solve the technical problems is:
Construct a kind of multilevel security sets of documentation structure, wherein, comprise a plurality of security classifications that are used to distinguish the different security level document, each described security classification comprises a plurality of not overlapped sets of documentation;
Each described sets of documentation comprises root node, and based on the left child node and the right child node of this root node;
Wherein, described left child node is for visiting member's group of described sets of documentation, and described right child node is the document in the described sets of documentation, and described root node stores the working key for the described document of described member's group access;
The right child node of the sets of documentation that security classification is higher also comprises the sets of documentation of security classification than its low one-level except comprising document itself, the member in the higher sets of documentation of security classification gives tacit consent to the working key that has the lower sets of documentation of security classification.
Multilevel security sets of documentation structure of the present invention, wherein, described sets of documentation adopts numbering K
ImIdentify, wherein i represents the affiliated security classification of document in the document group, and m represents the document group pairing sets of documentation sequence number in affiliated security classification; Each described sets of documentation adopts self numbers as root node; Wherein, described i and m are natural number.
Multilevel security sets of documentation structure of the present invention, wherein, the document that is comprised in the described right child node comprises file content and end-of-file; Wherein,
Described end-of-file comprises: file encryption sign, file access authority sign, key version number;
Described file access authority sign is made of file security rank and affiliated sets of documentation information.
Multilevel security sets of documentation structure of the present invention, wherein, described working key comprises: file access control authority sign, key version number, cipher controlled symbol, key material, random number, the soft life cycle of key and the hard life cycle of key;
Wherein, the hard life cycle of described key is the key life cycle that computer system sets; The soft life cycle of described key is the key out-of-service time that the other reasons before the hard life cycle of key finishes causes.
The present invention also provides a kind of file access control and key management user terminal based on foregoing multilevel security sets of documentation structure, wherein, comprising:
User login services device authentication module is used to obtain user ID, user key and user's login time, and sends to service terminal;
Key generates and uses module, is used to generate working key, and realizes replacing between the new and old key by key soft or hard life cycle, cipher controlled symbol;
Document management module is used for storage file, and the pairing file protect range information of user ID of login is sent to service terminal.
The present invention also provides a kind of file access control and cipher key management services terminal based on foregoing multilevel security sets of documentation structure, wherein, comprising:
User authentication module is used for the user key preserved according to service end the user is carried out the legitimacy authentication, treat that validated user passes through after, generate one and user terminal communication cipher key shared according to user key and login time, be used to transmit feedback information;
The authority configuration module, be used to finish user right change, determine user right;
Key management module is used to finish distribution, renewal and the maintenance of key;
Document management module is used for file is carried out branch rank, branch group, and the rank of file and group information is sent to key management module;
Key control module is used for taking all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, and user's key material is distributed in decision.
The present invention also provides a kind of file access control and key management system based on foregoing multilevel security sets of documentation structure, wherein, comprises foregoing user terminal, and the service terminal that is connected with described user terminal communication.
The present invention also provides a kind of file access control and key management method based on foregoing multilevel security sets of documentation structure, wherein, may further comprise the steps:
Obtain user ID, user key and user's login time;
The user key of preserving according to service end carries out the legitimacy authentication to the user, treat that validated user passes through after, generate one and user terminal communication cipher key shared according to user key and login time, with the feedback information of passing service terminal;
According to the pairing file protect range information of user ID of login, file is carried out branch rank, branch group, finish distribution, renewal and the maintenance of key;
Take all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, user's key material is distributed in decision;
According to the key material that is distributed, generate working key.
Method of the present invention, wherein, the described fileinfo of protecting by user right configuration, user's restricted rights and user side is taken all factors into consideration, and the key material step that the user is distributed in decision specifically may further comprise the steps:
Obtain user's default privilege;
The filter user restricted rights;
Filter user does not need the key that uses;
User's key material is finally distributed in decision.
Method of the present invention, wherein, the described key updating process of finishing may further comprise the steps:
Whether the hard life cycle of key of checking key expires;
If the hard life cycle of key expires, the cipher controlled symbol of this key more recent version key is set, the replace old key is removed old key;
If the hard life cycle of key does not expire, judge again whether the soft life cycle of key expires;
If the soft life cycle of key expires, obtain this key redaction key identification, set new key, the cipher controlled symbol of this key legacy version key is set, upgrade the key information of tree structure;
If the soft life cycle of key does not expire, finish inspection.
The present invention carries out the branch rank to file and encrypts storage by adopting multilevel security sets of documentation structure, as long as the user has enough authorities can both the normal read written document, does not influence the file-sharing of validated user, has also satisfied the safety of files requirement simultaneously.
Based on multilevel security sets of documentation structure of the present invention, access privilege is distinguished management, cooperate the control of access privilege, user's access rights can be set flexibly, reach refinement management to document classification.All will carry out authentication to the user who enters the file protect district, legal users just can enter the file protect district, prevents unauthorized access, forbids any operation of disabled user to protected file.Realized the multi-stage protection management of computer documents.
Simultaneously, the potential safety hazard that the present invention also reveals at key regularly or is in case of necessity upgraded key, makes key safe in utilization, thereby guarantees the safety of encrypting and protecting files.
Description of drawings
The invention will be further described below in conjunction with drawings and Examples, in the accompanying drawing:
Fig. 1 is the multilevel security sets of documentation structure chart of preferred embodiment of the present invention;
Fig. 2 is the key management figure of preferred embodiment of the present invention;
Fig. 3 is the sets of documentation key updating flow chart of preferred embodiment of the present invention;
Fig. 4 is the cipher controlled flow process of preferred embodiment of the present invention;
Fig. 5 is the encryption key distribution and the user right change schematic diagram of preferred embodiment of the present invention;
Fig. 6 is the file access control and the key management system functional module structure figure of preferred embodiment of the present invention;
Fig. 7 is file access control and each functional module information interaction view of key management system of preferred embodiment of the present invention.
Embodiment
The multilevel security sets of documentation structure of the embodiment of the invention as shown in Figure 1, it comprises a plurality of security classifications that are used to distinguish the different security level document, each security classification comprises a plurality of not overlapped sets of documentation; Each sets of documentation comprises root node, and based on the left child node and the right child node of this root node.Wherein, left child node be can the access document group member's group, right child node is the document in the sets of documentation, root node stores the working key for member's group access document.The right child node of the sets of documentation that security classification is higher also comprises the sets of documentation of security classification than its low one-level except comprising document itself, the member in the higher sets of documentation of security classification gives tacit consent to the working key that has the lower sets of documentation of security classification.
In the present embodiment, preferably, sets of documentation adopts numbering K
ImIdentify, wherein i represents the affiliated security classification of document in the document group, and m represents the document group pairing sets of documentation sequence number in affiliated security classification; Each sets of documentation adopts and self numbers as root node.Wherein, i and m are natural number.
In the present embodiment, preferably, the document that is comprised in the right child node comprises file content and end-of-file.Wherein, as shown in table 1 below, end-of-file comprises: file encryption sign, file access authority sign, key version number.File access authority sign is made of file security rank and affiliated sets of documentation information.
Table 1 file structure
Wherein, as shown in table 2 below, the working key in the various embodiments described above comprises: file access control authority sign, key version number, cipher controlled symbol, key material, random number, the soft life cycle of key and the hard life cycle of key.Wherein, the hard life cycle of key is the key life cycle that computer system sets; The soft life cycle of key is the key out-of-service time that the other reasons before the hard life cycle of key finishes causes.
Table 2 key structure
Below in conjunction with accompanying drawing 1, be elaborated with forming process to the multilevel security sets of documentation structure in the foregoing description:
At first document is divided into some grades according to security classification, the hypothesis Pi (1≤i≤3) that falls into three classes here, corresponding three security classifications are respectively sensitivity level, confidential and top secret.Then, in each security classification, can be divided into not overlapped sets of documentation Kim (wherein i shows which security classification document belongs to, and m indicates which sets of documentation in the sensitivity level) according to the enterprise practical needs.
Each sets of documentation all has different working keys, and it is used for the file of sets of documentation is carried out encryption and decryption.It is root node that a sets of documentation can generate such tree: a sets of documentation ID, and left side child nodes (left child node) M is for visiting member's group of the document group, and the right child nodes (right child node) D is the document in the sets of documentation, as shown in Figure 1.Like this, by the root node of sets of documentation, the member in member's group and the file of the document group have had related, and this illustrates that also the member in member's group can operate the file that belongs to sets of documentation by the key of sets of documentation.
The higher sets of documentation of protection level the right child nodes is except the document of itself, and the sets of documentation protection level is than the right child nodes that also all becomes it of its low one-level.From top to bottom, by that analogy, the sets of documentation that these are represented with the form of tree is formed the key management figure that is mapped by member, key and document, as shown in Figure 2, supposes that each sets of documentation has two members and two files.
In key management figure, as shown in Figure 2, discuss with regard to the tree structure of single sets of documentation, by the relation between layer and the layer, be in the working key of the sets of documentation that can have this group document and low protection rank under other member's default situations of high first class of protection level.For example, the member under the Kim can have the working key of the m group document in the 1st grade of maintaining secrecy, and has all working key lower than security classification 1 simultaneously.And each sets of documentation is not overlapped, the addressable member of each sets of documentation also is not overlapped, therefore, member's the caused key updating that enters/withdraw from can manage according to key management figure as shown in Figure 2 in the distribution of member's working key, sets of documentation key updating, the member's group.
The present invention also provides a kind of file access control and key management method of the multilevel security sets of documentation structure based on the front, wherein, may further comprise the steps:
Obtain user ID, user key and user's login time;
The user key of preserving according to service end carries out the legitimacy authentication to the user, treat that validated user passes through after, generate one and user terminal communication cipher key shared according to user key and login time, with the feedback information of passing service terminal;
According to the pairing file protect range information of user ID of login, file is carried out branch rank, branch group, finish distribution, renewal and the maintenance of key;
Take all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, user's key material is distributed in decision;
According to the key material that is distributed, generate working key.
In the foregoing description, take all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, user's key material step, i.e. cipher controlled are distributed in decision, flow chart specifically may further comprise the steps as shown in Figure 4: obtain user's default privilege; The filter user restricted rights; Filter user does not need the key that uses; User's key material is finally distributed in decision.
In the foregoing description, finish sets of documentation key updating process flow diagram as shown in Figure 3, may further comprise the steps: whether the hard life cycle of key of checking key expires; If the hard life cycle of key expires, the cipher controlled symbol of this key more recent version is set, the replace old key is removed old key, upgrades the key information of tree structure, finishes renewal; If the hard life cycle of key does not expire, judge again whether the soft life cycle of key expires; If the soft life cycle of key expires, obtain the key identification of this key redaction, set new key, set the cipher controlled symbol of this key legacy version key, upgrade the key information of tree structure, finish renewal; If the soft life cycle of key does not expire, finish inspection.
Wherein, the sets of documentation key updating, key version number according to old key sets new key version number, it specifically is last negate of key version number of old key, obtain the key version number of new key, purpose is to distinguish with old key, can easily obtain new key according to the file access control authority sign+key version number of old key again.Then set the more material and the life cycle of new key, and the old and new's cipher controlled symbol that new key is set is 11, is different from old key, the old and new's cipher controlled symbol of old key then is set to 10, and expression the old and new key exists simultaneously.In the key management graph structure, be stored in the node information of the document group.When the server-assignment key is given the user, only need read the key information on the relevant documentation group node, when new and old key existed simultaneously, new and old edition all will send to the user.When the hard life cycle of the old key of discovering server has been got over the phase, will replace old key, and promptly the information of old key be removed from the sets of documentation node, and the old and new's cipher controlled of new key symbol is set to 00 with new key.
When reading file and need use key, the access rights of match user at first, if legal, (file access authority sign+key version number) consistent sign in search and the file header in user's the working key tabulation again, take out the content of working key then, file content is decrypted.After operating writing-file is finished, when file is saved in disk, need encrypt file content.At first, judge by file the old and new cipher controlled symbol whether the encryption key of file should upgrade,, illustrate that then the encryption key of this document is in the succession of the old by the new stage if command character is 10.Earlier last negate of key version number in the file header, search for and (file access authority sign+key version number) consistent sign in the tabulation in user's the working key again, take out this key-pair file and carry out encrypting storing.
It will be appreciated that, corresponding relation between user, key and the file that key management figure of the present invention (accompanying drawing 2) is mentioned is a kind of logical relation, can understand and realize the management of user right and key more intuitively by the form of figure, it is a lot of that but the method that can represent this logical relation also has, and therefore is not limited to content represented in the accompanying drawing.
The present invention also provides a kind of file access control and key management user terminal of the multilevel security sets of documentation structure based on the front, communicate to connect with a service terminal, comprise that user login services device authentication module, key generate and use module and document management module.Wherein, user login services device authentication module is used to obtain user ID, user key and user's login time, and sends to service terminal; Key generates and uses module, is used to generate working key, and realizes replacing between the new and old key by key soft or hard life cycle, cipher controlled symbol; Document management module is used for storage file, and the pairing file protect range information of user ID of login is sent to service terminal.
The present invention also provides a kind of file access control and cipher key management services terminal of the multilevel security sets of documentation structure based on the front, comprises user authentication module, authority configuration module, key management module, document management module and key control module.Wherein, user authentication module is used for the user key preserved according to service end the user is carried out the legitimacy authentication, treat that validated user passes through after, generate one and user terminal communication cipher key shared according to user key and login time, be used for the feedback information of passing service terminal; The authority configuration module, be used to finish user right change, determine user right; Key management module is used to finish distribution, renewal and the maintenance of key; Document management module is used for file is carried out branch rank, branch group, and the rank of file and group information is sent to key management module; Key control module is used for taking all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, and user's key material is distributed in decision.
The present invention also provides a kind of file access control and key management system based on the multilevel security sets of documentation structure described in the embodiment of front, as shown in Figure 6, comprise user terminal and service terminal among the embodiment of front, the information interaction between this user terminal and the service terminal as shown in Figure 7.User's game server authentication module of user terminal, it need provide the feedback of information such as user ID, user key and landing time and waiting for server to server end; Key generates and uses module mainly to be responsible for the generation of paper work key and the coordination between the new and old key: when only entering the file protect district, ability spanned file working key, when the user withdrawed from the file protect district, this module was destroyed all working key, to reach the safety that key uses; Realize that by key soft or hard life cycle, cipher controlled symbol etc. the seamless of new and old key replaces, and need not the user participate in.Document management module is responsible for the file extent that user terminal is protected, and server end need provide the user side file to have the key material of information Control distribution according to this module.
The user authentication module of service terminal is responsible for user's debarkation authentication, the user key that utilizes server end to preserve carries out the legitimacy authentication to the user, validated user is by after authenticating, this module uses user key and landing time to generate one and user terminal communication cipher key shared, is used for the feedback information of delivery server end.The authority configuration module be responsible for user right change, determine user right.Key management module is of paramount importance, and realizing the safe in utilization of key, it is responsible for the work such as distribution, renewal, maintenance of key by it.Document management module mainly is responsible for branch rank, the branch group of file, then these information is passed to key management module.The function of key control module is the key material that Control Server is distributed to which needs of user, and it is to take all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, and user's key material is distributed in decision.
In the system of present embodiment, as shown in Figure 5, when encryption key distribution and change user right, at user terminal and server end, the task that communication between them and inner separately processing need be finished has respectively:
At user terminal: user log-in authentication, and login time sent to server in the lump as random number, preserve this login time T at user side simultaneously.The user uses login key of oneself and login time to produce user key, the key material that deciphering is returned by server key management/key control module and the working key of spanned file.
At server end: server is determined authority under this user according to the ID of user in key management figure, cooperate key control module again, and which key the decision user should distribute.Server by utilizing user logins key and generates user key, and the key material that encryption should distribute also sends to the user.When enterprise staff withdrawed from enterprise, employed key must upgrade during employee work.ID and authorization policy management according to the employee determine that the key needs of which sets of documentation upgrade, and it is similar to upgrade operation and sets of documentation key updating.When having new employee to add enterprise, only the employee need be added to the sets of documentation under him.When enterprise staff is transferred, when authority changes, can determine that the key needs of which sets of documentation upgrade according to the ID and the authorization policy management of employee in key management figure between business enterprice sector.
The present invention carries out the branch rank to file and encrypts storage by adopting multilevel security sets of documentation structure, as long as the user has enough authorities can both the normal read written document, does not influence the file-sharing of validated user, has also satisfied the safety of files requirement simultaneously.
Based on multilevel security sets of documentation structure of the present invention, access privilege is distinguished management, cooperate the control of access privilege, user's access rights can be set flexibly, reach refinement management to document classification.All will carry out authentication to the user who enters the file protect district, legal users just can enter the file protect district, prevents unauthorized access, forbids any operation of disabled user to protected file.Realized the multi-stage protection management of computer documents.
Simultaneously, the potential safety hazard that the present invention also reveals at key regularly or is in case of necessity upgraded key, makes key safe in utilization, thereby guarantees the safety of encrypting and protecting files.
Should be understood that, for those of ordinary skills, can be improved according to the above description or conversion, and all these improvement and conversion all should belong to the protection range of claims of the present invention.
Claims (10)
1. a multilevel security sets of documentation structure is characterized in that, comprises a plurality of security classifications that are used to distinguish the different security level document, and each described security classification comprises a plurality of not overlapped sets of documentation;
Each described sets of documentation comprises root node, and based on the left child node and the right child node of this root node;
Wherein, described left child node is for visiting member's group of described sets of documentation, and described right child node is the document in the described sets of documentation, and described root node stores the working key for the described document of described member's group access;
The right child node of the sets of documentation that security classification is higher also comprises the sets of documentation of security classification than its low one-level except comprising document itself, the member in the higher sets of documentation of security classification gives tacit consent to the working key that has the lower sets of documentation of security classification.
2. multilevel security sets of documentation structure according to claim 1 is characterized in that, described sets of documentation adopts numbering K
ImIdentify, wherein i represents the affiliated security classification of document in the document group, and m represents the document group pairing sets of documentation sequence number in affiliated security classification; Each described sets of documentation adopts self numbers as root node; Wherein, described i and m are natural number.
3. multilevel security sets of documentation structure according to claim 1 is characterized in that the document that is comprised in the described right child node comprises file content and end-of-file; Wherein,
Described end-of-file comprises: file encryption sign, file access authority sign, key version number;
Described file access authority sign is made of file security rank and affiliated sets of documentation information.
4. multilevel security sets of documentation structure according to claim 1, it is characterized in that described working key comprises: file access control authority sign, key version number, cipher controlled symbol, key material, random number, the soft life cycle of key and the hard life cycle of key;
Wherein, the hard life cycle of described key is the key life cycle that computer system sets; The soft life cycle of described key is the key out-of-service time that the other reasons before the hard life cycle of key finishes causes.
5. file access control and key management user terminal based on the described multilevel security sets of documentation of claim 1 structure is characterized in that, comprising:
User login services device authentication module is used to obtain user ID, user key and user's login time, and sends to service terminal;
Key generates and uses module, is used to generate working key, and realizes replacing between the new and old key by key soft or hard life cycle, cipher controlled symbol;
Document management module is used for storage file, and the pairing file protect range information of user ID of login is sent to service terminal.
6. file access control and cipher key management services terminal based on the described multilevel security sets of documentation of claim 1 structure is characterized in that, comprising:
User authentication module is used for the user key preserved according to service end the user is carried out the legitimacy authentication, treat that validated user passes through after, generate one and user terminal communication cipher key shared according to user key and login time, be used to transmit feedback information;
The authority configuration module, be used to finish user right change, determine user right;
Key management module is used to finish distribution, renewal and the maintenance of key;
Document management module is used for file is carried out branch rank, branch group, and the rank of file and group information is sent to key management module;
Key control module is used for taking all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, and user's key material is distributed in decision.
7. file access control and key management system based on the described multilevel security sets of documentation of claim 1 structure, it is characterized in that, comprise user terminal as claimed in claim 5, and the service terminal as claimed in claim 6 that is connected with described user terminal communication.
8. file access control and key management method based on the described multilevel security sets of documentation of claim 1 structure is characterized in that, may further comprise the steps:
Obtain user ID, user key and user's login time;
The user key of preserving according to service end carries out the legitimacy authentication to the user, treat that validated user passes through after, generate one and user terminal communication cipher key shared according to user key and login time, with the feedback information of passing service terminal;
According to the pairing file protect range information of user ID of login, file is carried out branch rank, branch group, finish distribution, renewal and the maintenance of key;
Take all factors into consideration by the fileinfo that user right configuration, user's restricted rights and user side are protected, user's key material is distributed in decision;
According to the key material that is distributed, generate working key.
9. method according to claim 8 is characterized in that, the described fileinfo of protecting by user right configuration, user's restricted rights and user side is taken all factors into consideration, and the key material step that the user is distributed in decision specifically may further comprise the steps:
Obtain user's default privilege;
The filter user restricted rights;
Filter user does not need the key that uses;
User's key material is finally distributed in decision.
10. method according to claim 8 is characterized in that, the described key updating process of finishing may further comprise the steps:
Whether the hard life cycle of key of checking key expires;
If the hard life cycle of key expires, the cipher controlled symbol of this key more recent version key is set, the replace old key is removed old key;
If the hard life cycle of key does not expire, judge again whether the soft life cycle of key expires;
If the soft life cycle of key expires, obtain this key redaction key identification, set new key, the cipher controlled symbol of this key legacy version key is set, upgrade the key information of tree structure;
If the soft life cycle of key does not expire, finish inspection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102921101A CN101938497B (en) | 2010-09-26 | 2010-09-26 | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102921101A CN101938497B (en) | 2010-09-26 | 2010-09-26 | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101938497A true CN101938497A (en) | 2011-01-05 |
| CN101938497B CN101938497B (en) | 2013-01-30 |
Family
ID=43391626
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102921101A Expired - Fee Related CN101938497B (en) | 2010-09-26 | 2010-09-26 | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101938497B (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102271332A (en) * | 2011-07-18 | 2011-12-07 | 中兴通讯股份有限公司 | Method and device for maintaining secrecy of terminal information |
| CN102938762A (en) * | 2012-10-26 | 2013-02-20 | 深圳出入境检验检疫局信息中心 | File safety management system based on mobile terminal |
| CN104182503A (en) * | 2014-08-18 | 2014-12-03 | 上海众恒信息产业股份有限公司 | Cloud platform data access safety isolation method |
| CN104517062A (en) * | 2013-09-26 | 2015-04-15 | 中兴通讯股份有限公司 | Method and device for sub authority document management based on document object model |
| CN105389364A (en) * | 2015-11-06 | 2016-03-09 | 中国科学院自动化研究所 | Digital cultural relic security sharing system |
| CN105426776A (en) * | 2015-11-13 | 2016-03-23 | 浪潮软件集团有限公司 | Electronic document management device and method |
| CN105930742A (en) * | 2016-04-18 | 2016-09-07 | Ubiix有限公司 | Enterprise archive monitoring, transmitting and retransmitting method and device and applied communication equipment |
| CN106603509A (en) * | 2016-11-29 | 2017-04-26 | 中科曙光信息技术无锡有限公司 | Enterprise document management method |
| CN107368749A (en) * | 2017-05-16 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Document handling method, device, equipment and computer-readable storage medium |
| CN103746798B (en) * | 2013-12-12 | 2017-12-26 | 中国科学院深圳先进技术研究院 | A kind of data access control method and system |
| CN108427889A (en) * | 2018-01-10 | 2018-08-21 | 链家网(北京)科技有限公司 | Document handling method and device |
| CN109284426A (en) * | 2018-08-23 | 2019-01-29 | 杭州创梦汇科技有限公司 | It is a kind of most according to document classification system based on Permission Levels |
| CN109408464A (en) * | 2018-10-10 | 2019-03-01 | 广州力挚网络科技有限公司 | A kind of graded access method and apparatus |
| CN109614792A (en) * | 2018-11-29 | 2019-04-12 | 中国电子科技集团公司第三十研究所 | A kind of hierarchial file structure key management method |
| CN109635905A (en) * | 2018-12-06 | 2019-04-16 | 南京中孚信息技术有限公司 | Two-dimensional code generation method, apparatus and system |
| CN109743292A (en) * | 2018-12-12 | 2019-05-10 | 杭州安恒信息技术股份有限公司 | A kind of method and system of shared data cascade protection |
| CN110493168A (en) * | 2018-07-19 | 2019-11-22 | 江苏恒宝智能***技术有限公司 | Medical curative effect based on asymmetric encryption techniques monitors sharing method |
| CN111782911A (en) * | 2020-07-24 | 2020-10-16 | 三一重能有限公司 | Document management method and system and electronic equipment |
| CN111984590A (en) * | 2020-09-01 | 2020-11-24 | 冠群信息技术(南京)有限公司 | System and method for identifying, filing and storing paper documents |
| CN112214656A (en) * | 2020-09-15 | 2021-01-12 | 湖南汽车工程职业学院 | Scientific research document management system convenient for searching safety |
| WO2021139075A1 (en) * | 2020-01-09 | 2021-07-15 | 平安科技(深圳)有限公司 | Contract encryption and decryption method and apparatus, and device and storage medium |
| CN116108423A (en) * | 2023-04-12 | 2023-05-12 | 福昕鲲鹏(北京)信息科技有限公司 | Rights management method and device for open format document OFD |
| CN118133322A (en) * | 2024-05-06 | 2024-06-04 | 上海合见工业软件集团有限公司 | EDA software design data sharing method, electronic device and medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1859086A (en) * | 2005-12-31 | 2006-11-08 | 华为技术有限公司 | Content grading access control system and method |
| WO2006131906A2 (en) * | 2005-06-07 | 2006-12-14 | Varonis Inc. | Automatic management of storage access control |
| CN101047978A (en) * | 2006-03-27 | 2007-10-03 | 华为技术有限公司 | Method for updating key in user's set |
| CN101442404A (en) * | 2008-12-30 | 2009-05-27 | 北京中企开源信息技术有限公司 | Multilevel management system and method for license |
| CN101605137A (en) * | 2009-07-10 | 2009-12-16 | 中国科学技术大学 | Safe distribution file system |
-
2010
- 2010-09-26 CN CN2010102921101A patent/CN101938497B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2006131906A2 (en) * | 2005-06-07 | 2006-12-14 | Varonis Inc. | Automatic management of storage access control |
| CN1859086A (en) * | 2005-12-31 | 2006-11-08 | 华为技术有限公司 | Content grading access control system and method |
| CN101047978A (en) * | 2006-03-27 | 2007-10-03 | 华为技术有限公司 | Method for updating key in user's set |
| CN101442404A (en) * | 2008-12-30 | 2009-05-27 | 北京中企开源信息技术有限公司 | Multilevel management system and method for license |
| CN101605137A (en) * | 2009-07-10 | 2009-12-16 | 中国科学技术大学 | Safe distribution file system |
Cited By (32)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102271332B (en) * | 2011-07-18 | 2017-09-12 | 中兴通讯股份有限公司 | End message time slot scrambling and device |
| CN102271332A (en) * | 2011-07-18 | 2011-12-07 | 中兴通讯股份有限公司 | Method and device for maintaining secrecy of terminal information |
| CN102938762B (en) * | 2012-10-26 | 2015-09-09 | 深圳出入境检验检疫局信息中心 | A kind of file safety management system based on mobile terminal |
| CN102938762A (en) * | 2012-10-26 | 2013-02-20 | 深圳出入境检验检疫局信息中心 | File safety management system based on mobile terminal |
| CN104517062A (en) * | 2013-09-26 | 2015-04-15 | 中兴通讯股份有限公司 | Method and device for sub authority document management based on document object model |
| CN103746798B (en) * | 2013-12-12 | 2017-12-26 | 中国科学院深圳先进技术研究院 | A kind of data access control method and system |
| CN104182503A (en) * | 2014-08-18 | 2014-12-03 | 上海众恒信息产业股份有限公司 | Cloud platform data access safety isolation method |
| CN105389364A (en) * | 2015-11-06 | 2016-03-09 | 中国科学院自动化研究所 | Digital cultural relic security sharing system |
| CN105389364B (en) * | 2015-11-06 | 2020-02-04 | 中国科学院自动化研究所 | Digital cultural relic safety sharing system |
| CN105426776A (en) * | 2015-11-13 | 2016-03-23 | 浪潮软件集团有限公司 | Electronic document management device and method |
| CN105930742A (en) * | 2016-04-18 | 2016-09-07 | Ubiix有限公司 | Enterprise archive monitoring, transmitting and retransmitting method and device and applied communication equipment |
| CN106603509A (en) * | 2016-11-29 | 2017-04-26 | 中科曙光信息技术无锡有限公司 | Enterprise document management method |
| CN106603509B (en) * | 2016-11-29 | 2020-07-07 | 中科曙光信息技术无锡有限公司 | Enterprise document management method |
| CN107368749A (en) * | 2017-05-16 | 2017-11-21 | 阿里巴巴集团控股有限公司 | Document handling method, device, equipment and computer-readable storage medium |
| CN107368749B (en) * | 2017-05-16 | 2020-09-15 | 阿里巴巴集团控股有限公司 | File processing method, device, equipment and computer storage medium |
| CN108427889A (en) * | 2018-01-10 | 2018-08-21 | 链家网(北京)科技有限公司 | Document handling method and device |
| CN110493168A (en) * | 2018-07-19 | 2019-11-22 | 江苏恒宝智能***技术有限公司 | Medical curative effect based on asymmetric encryption techniques monitors sharing method |
| CN109284426A (en) * | 2018-08-23 | 2019-01-29 | 杭州创梦汇科技有限公司 | It is a kind of most according to document classification system based on Permission Levels |
| CN109284426B (en) * | 2018-08-23 | 2021-02-19 | 中信天津金融科技服务有限公司 | Multi-data document classification system based on permission level |
| CN109408464A (en) * | 2018-10-10 | 2019-03-01 | 广州力挚网络科技有限公司 | A kind of graded access method and apparatus |
| CN109614792A (en) * | 2018-11-29 | 2019-04-12 | 中国电子科技集团公司第三十研究所 | A kind of hierarchial file structure key management method |
| CN109614792B (en) * | 2018-11-29 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | Hierarchical file key management method |
| CN109635905A (en) * | 2018-12-06 | 2019-04-16 | 南京中孚信息技术有限公司 | Two-dimensional code generation method, apparatus and system |
| CN109635905B (en) * | 2018-12-06 | 2022-09-02 | 南京中孚信息技术有限公司 | Two-dimensional code generation method, device and system |
| CN109743292A (en) * | 2018-12-12 | 2019-05-10 | 杭州安恒信息技术股份有限公司 | A kind of method and system of shared data cascade protection |
| WO2021139075A1 (en) * | 2020-01-09 | 2021-07-15 | 平安科技(深圳)有限公司 | Contract encryption and decryption method and apparatus, and device and storage medium |
| CN111782911A (en) * | 2020-07-24 | 2020-10-16 | 三一重能有限公司 | Document management method and system and electronic equipment |
| CN111984590A (en) * | 2020-09-01 | 2020-11-24 | 冠群信息技术(南京)有限公司 | System and method for identifying, filing and storing paper documents |
| CN112214656A (en) * | 2020-09-15 | 2021-01-12 | 湖南汽车工程职业学院 | Scientific research document management system convenient for searching safety |
| CN116108423A (en) * | 2023-04-12 | 2023-05-12 | 福昕鲲鹏(北京)信息科技有限公司 | Rights management method and device for open format document OFD |
| CN116108423B (en) * | 2023-04-12 | 2023-06-20 | 福昕鲲鹏(北京)信息科技有限公司 | Rights management method and device for open format document OFD |
| CN118133322A (en) * | 2024-05-06 | 2024-06-04 | 上海合见工业软件集团有限公司 | EDA software design data sharing method, electronic device and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101938497B (en) | 2013-01-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101938497B (en) | Multistage security file structure as well as file access control and secret key management user terminal, service terminal, system and method thereof | |
| CN106330868B (en) | A kind of high speed network encryption storage key management system and method | |
| CN106462718B (en) | Store the rapid data protection of equipment | |
| CN105100083B (en) | A kind of secret protection and support user's revocation based on encryption attribute method and system | |
| US9721071B2 (en) | Binding of cryptographic content using unique device characteristics with server heuristics | |
| EP3585023B1 (en) | Data protection method and system | |
| CN102567688B (en) | File confidentiality keeping system and file confidentiality keeping method on Android operating system | |
| KR20050074494A (en) | Method and device for authorizing content operations | |
| CN105718794B (en) | The method and system of safeguard protection are carried out to virtual machine based on VTPM | |
| CN110519049A (en) | A kind of cloud data protection system based on credible performing environment | |
| CN103530570A (en) | Electronic document safety management system and method | |
| CN104933793A (en) | Two-dimension code electronic key implementation method based on digital signature | |
| CN104392405A (en) | Electronic medical record safety system | |
| CA2714196A1 (en) | Information distribution system and program for the same | |
| CN201682524U (en) | Document transfer authority control system based on document filtering driver | |
| US8307217B2 (en) | Trusted storage | |
| CN101159754A (en) | Internet application management system operating on intelligent mobile terminal | |
| CN104125069A (en) | Secure file catalogue file encryption system towards sharing | |
| CN107612910A (en) | A kind of distributed document data access method and system | |
| CN106203137B (en) | A kind of classified papers access safety system | |
| CN104333545A (en) | Method for encrypting cloud storage file data | |
| US7412603B2 (en) | Methods and systems for enabling secure storage of sensitive data | |
| CN202872828U (en) | A circulation control system of files | |
| CN109818923A (en) | A kind of attribute base cloud service access control method based on attribute ciphertext re-encryption | |
| CN1953366B (en) | Password management method and system for intelligent secret key device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20130130 Termination date: 20180926 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |