CN102360476B

CN102360476B - Method for synchronously processing cascade secret-level setting information

Info

Publication number: CN102360476B
Application number: CN 201110332425
Authority: CN
Inventors: 黄锐
Original assignee: China Ship Development and Design Centre
Current assignee: China Ship Development and Design Centre
Priority date: 2011-10-28
Filing date: 2011-10-28
Publication date: 2013-09-11
Anticipated expiration: 2031-10-28
Also published as: CN102360476A

Abstract

The invention discloses a method for synchronously processing cascade secret-level setting information. By taking a correspondence relation among secret items into full consideration, secret-involved information and secret-involved carriers and difference in the order of magnitude, the management and maintenance of the secret-level setting information are always performed in three levels of the secret items, the secret-involved information and the secret-involved carriers. By adoption of a management system and the method provided by the invention, the secret-level setting information is onlyrequired to be changed in the level of the secret items having the minimum order of magnitude; and for the secret-level setting information with the secret-involved information and the secret-involved carriers having higher order of magnitude, functions of automatic accounting and synchronous updating are provided, so that the complicated operation of synchronous maintenance and management on a large amount of secret-level setting information with the secret-involved information and the secret-involved carriers by unit staff is avoided. Based on contents of the invention, corresponding secret-level setting information dynamic management system software can be developed, and important practical significance is provided for improving the working efficiency of secret-level setting and improving the normalization of the secret-level setting.

Description

A kind of tandem type is decided the confidential information synchronization processing method

Technical field

The invention belongs to secret science and technology field, be specifically related to a kind of tandem type and decide the confidential information synchronization processing method.

Background technology

Security work concerns national security, and conservative state secret relates to core national interests such as safeguarding national politics, economy, military affairs.At present, national government at all levels, army, each military enterprise unit etc. are equipped with special security work mechanism.Fixed close work is the important step of unit in carrying out security work, the purpose of fixed close work determines that exactly which information is state secret, which information is not state secret, has only clearly defined after the object of maintaining secrecy, and security work could reasonably be carried out.

The content of fixed close work specifically, be exactly that unit produces information voluntarily to it and at first judges whether concerning security matters, if concerning security matters, will be to the level of confidentiality of classified information, know that scope, security deadline or decryption condition clearly define, and level of confidentiality, know that scope, security deadline or decryption condition just are referred to as and decide confidential information.Unit will drop into corresponding secret cost according to deciding confidential information, and classified information is taked corresponding safeguard measure.In the past in the reality, determine that to what decide confidential information often randomness is bigger, lack foundation usually, it is not accurate enough decide confidential information, and the responsibility to close work calmly is also clear and definite inadequately simultaneously.For the fixed close work of standard, in the Law of the People's Republic of China on Guarding State Secrets chapter 2 of new revision issue on October 1st, 2010, amount to every requirement that 12 rules have clearly been stipulated fixed close work.

The word content that relates to state secret that the classified information unit of typically referring to produces voluntarily, detail of design etc., classified information can not exist without foundation, must occur with the form of certain medium, reads or use for people.The medium of carrying classified information is commonly referred to the concerning security matters carrier, and the concerning security matters carrier can have forms such as paper medium, light medium, magnetic medium, and for example, the file made of paper of a carrying classified information is exactly a concerning security matters carrier; The CD of a carrying classified information also is a concerning security matters carrier.This shows that the concerning security matters carrier is the approach in kind that obtains classified information, the emphasis that keeping and the use of concerning security matters carrier always is security work.The concerning security matters carrier decide the confidential information of deciding that confidential information is exactly its classified information that carries, the safeguard measure that the concerning security matters carrier is taked should meet it and decide the requirement that confidential information embodies.

At present, be the fixed close work of standard, make close surely foundation to some extent, thereby clear and definite fixed close work responsibility, unit should be at first clear and definite self related state secret scope, listed every state secret item that our unit relates in the secret scope, at every secrets, unit must determine that it decide confidential information,, the level of confidentiality of every secrets, knows scope, security deadline or decryption condition that is.All secrets and decide confidential information and finally manage with the form of catalogue, this catalogue is commonly called the secrets detailed catalogue.The secrets detailed catalogue will be carried out close surely foundation to all classified informations that produce as our unit.When producing a classified information, it decides determining and must being determined according to the confidential information of deciding of related secrets in this classified information of confidential information.The most contents of a information is concerning security matters not, as long as but have place's content to relate to a certain state secret item, this part information has been exactly classified information so.Why unit works out the secrets detailed catalogue, wish exactly the various classified informations that produce are voluntarily being carried out when close surely, what can obtain seeking unity of standard decides confidential information, even avoid close surely to carrying out with a classified information in the past, different personnel may make the different generations of confidential information situation of deciding.

The state secret item that relates to along with unit and the concerning security matters carrier of generation constantly increase, and will be hard works to the maintenance of deciding confidential information.In the 18 clause of new edition privacy act chapter 2, clearly " level of confidentiality of state secret, security deadline and know scope should according to circumstances change timely change to regulation.The level of confidentiality of state secret, security deadline and know scope change should in time be notified the office, unit or the personnel that know in the scope in writing ".Change in time means that unit needs safeguard that dynamically deciding confidential information changes situation, and will change keeping or the applying unit that situation is in time notified the concerning security matters carrier accordingly.

From the above as can be seen, the fixed close work of unit has related to three kinds of objects, is respectively secrets, classified information and concerning security matters carrier.Unit can be implemented on any aspect in these three kinds of objects the synchronous processing of deciding confidential information, carry out deciding the synchronous processing of confidential information in any object aspect, this just needs us that these three kinds of relation between objects of secrets, classified information and concerning security matters carrier and the order of magnitude are further analyzed actually.

Secrets is the key element composition that relates to state secret in the classified information, be also referred to as " close point ", may comprise many different secrets in a classified information, and same secrets may appear in the many parts of different classified informations, therefore, between secrets and the classified information may be the corresponding relation of " multi-to-multi "; On the other hand, by means such as duplicating, copies, unit may adopt the carrier of a plurality of differences (or medium not of the same race) to carry with a classified information, therefore, may be the corresponding relation of " one-to-many " between classified information and the concerning security matters carrier.Listed the above-mentioned relation between secrets, classified information and the concerning security matters carrier three in the accompanying drawing 1.

Usually, the quantity of a related state secret item of unit is relatively-stationary in a period of time, yet, unit but may be a large amount of according to the classified information quantity that its secrets produces, the secrets that a classified information comprises may be any kind of independent assortment of whole secrets in the secrets detailed catalogue, therefore, to classified information, may be the process of a combination multiplication by secrets on the order of magnitude; In addition, because unit can adopt many parts of concerning security matters carriers to carry with a classified information by copying or copying usually, therefore, to the concerning security matters carrier, be the process of linear multiplier by classified information at least on the order of magnitude.

In real work in the past, the security work of unit often will be decided administering and maintaining of confidential information and be confined on the aspect of concerning security matters carrier, classified information and concerning security matters carrier are not made clear and definite differentiation and peeled off, seriously ignored corresponding relation between secrets, classified information and this three of concerning security matters carrier and the difference on the order of magnitude.Get off for a long time, the quantity of the classified information that office or unit possess and concerning security matters carrier is more and more, in case want the confidential information of deciding of certain bar state secret item is changed, the confidential information of deciding to its classified information that involves and concerning security matters carrier carries out synchronously, and the work that faces will be intricate and heavy.

Summary of the invention

The technical problem to be solved in the present invention is: provide a kind of tandem type to decide the confidential information synchronization processing method, realize rational and effective dynamic management and maintenance to deciding confidential information.

The present invention solves the problems of the technologies described above the technical scheme of taking to be: a kind of tandem type is decided the confidential information synchronization processing method, it is characterized in that: it may further comprise the steps:

Step 1) initialization: adopt tandem type to decide the synchronous disposal system of confidential information, at first every the secrets that relates to for unit is created the fixed close administration module of a secrets respectively, and the system manager will every secrets decides in the fixed close record cell of item that confidential information is entered into the fixed close administration module of corresponding secrets;

After the initialization, unit adopt as required tandem type decide the synchronous disposal system of confidential information the classified information that produces voluntarily and carrier thereof are carried out initially fixed close, and to deciding the later stage Dynamic Maintenance of confidential information;

Step 2) carry out initially fixed close to classified information and the carrier thereof that produces voluntarily: when unit produces a classified information and corresponding some concerning security matters carrier thereof voluntarily, the corresponding fixed close administration module of a classified information and the corresponding fixed close administration module of several concerning security matters carriers created of system, step operation in the following order:

Entry information numbering and information produce the date in 2-1, the fixed close record cell of information in the fixed close administration module of the classified information of creating;

The event identification of all secrets that the input classified information relates in 2-2, the secrets numbered list in the fixed close administration module of the classified information of creating;

2-3, the information encoding of classified information added in the fixed close administration module of all secrets that classified information relates in the classified information numbered list;

2-4, in the fixed close administration module of the concerning security matters carrier of correspondence, finish the information typing of carrier information record cell;

The bearer number of all concerning security matters carriers of this classified information of input carrying in 2-5, the bearer number tabulation in the fixed close administration module of the classified information of creating;

2-6, the confidential information of deciding that starts in the fixed close administration module of classified information are adjusted the unit automatically, make it finish the work that confidential information is initially adjusted of deciding to classified information;

Step 3) is to deciding the later stage Dynamic Maintenance of confidential information: unit need be when deciding confidential information and change, can only operate by the fixed close administration module of the secrets in the system of the present invention, to guarantee that secrets and classified information that all are associated keep synchronous, specific as follows in the content of deciding confidential information:

3-1, the secrets that confidential information is decided in change for needs in the fixed close administration module of its corresponding secrets, are submitted the confidential information of deciding of needs change to given confidential information change trigger element; According to wanting changed content, decide confidential information change trigger element and from the fixed close record cell of item, read out corresponding result before changing and preservation, the result after changing that will submit to then writes in the respective items in the fixed close record cell of item, deciding confidential information change trigger element at last travels through the classified information numbered list, be index with the information encoding, send an item respectively to the fixed close administration module of all classified informations that relate to this secrets and decide confidential information change message, decide confidential information change messaging list by the item of correspondence and receive and preserve;

3-2, decide confidential information adjust automatically the unit to classified information decide enter the periodic duty pattern after confidential information is finished initial calculation work, the situation that change takes place confidential information of deciding that change causes classified information is taken place in the confidential information of deciding by secrets, that decides that confidential information adjusts automatically that the unit adjusts out classified information termly automatically up-to-dately decides confidential information, and the confidential information Notification of Changes tabulation of deciding in the fixed close administration module of corresponding concerning security matters carrier sends and decides the confidential information Notification of Changes;

3-3, decide confidential information Notification of Changes tabulation and receive and preserve and decide the confidential information Notification of Changes, and to decide confidential information change processing unit transmission triggering message;

3-4, decide confidential information change processing unit and receiving when deciding triggering message that the tabulation of confidential information Notification of Changes sends, by information encoding, from the fixed close record cell of information, read the confidential information of deciding of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list is decided in generation.

Press such scheme, describedly decide confidential information and adjust the initial accounting of unit automatically and may further comprise the steps:

A1, traversal secrets numbered list, be numbered index with secrets, the fixed close record cell of item in the fixed close administration module of every secrets correspondence that the visit classified information relates to, afterwards read out the confidential information of deciding of every secrets relating in the secrets numbered list, the confidential information of deciding of secrets comprises that item knows that scope set, item level of confidentiality, item produce date, item security deadline and item decryption condition;

A2, according to the confidential information of deciding of the whole secrets that read, adjust out the confidential information of deciding of classified information, concrete accounting method is: information knows that the scope set knows that by the item of the whole secrets that read the common factor of scope set constitutes; Form after the item decryption condition merging of decrypts information condition list by the whole secrets that read; The information level of confidentiality is the High Security Level in the item level of confidentiality of whole secrets of reading; The accounting in information privacy time limit is according to the confidential information of deciding of the whole secrets of read, at first finish following calculating respectively at every the secrets that relates in the secrets numbered list: the item generation date adds the item security deadline, the information that deducts again produces the date, after calculating is finished, for each the bar secrets that relates in the secrets numbered list, all can obtain a time period numerical value accordingly, in these time period numerical value, maximum time period numerical value is exactly the information privacy time limit that obtains after adjusting;

The confidential information of deciding of a3, the classified information that obtains after will adjusting writes respective items in the fixed close record cell of information, and namely information is known scope set, information level of confidentiality, information privacy time limit and decrypts information condition list.

Press such scheme, describedly decide confidential information and adjust the unit automatically and be provided with two variable M and T; Wherein M represents to finish last when decide confidential information and adjusting automatically, and item is decided the quantity that confidential information changes message in the messaging list, and M is positive integer, and first duration is 0; T represents to decide the work period that confidential information is adjusted the unit automatically, and T is natural number, and unit is fate;

Under the periodic duty pattern, deciding confidential information, to adjust the unit automatically be the work period with T, regularly reads the quantitative value N that item is decided current message of preserving in the confidential information change messaging list, and judge: if M=N then is left intact; If N-M 〉=1 then begins following steps:

B1, from the fixed close record cell of information, read classified information current decide confidential information, generate one and decide the confidential information historical record, this record content comprises: decide confidential information historical record numbering, decide confidential information and know that by date, information level of confidentiality, information privacy time limit, information scope is gathered, the decrypts information condition list; The confidential information historical record of deciding that generates is added to and decides in the confidential information history list;

B2, according to the step in the initial accounting, finish the work that confidential information is adjusted automatically and write again of deciding to classified information;

B3, the tabulation of traversal bearer number are index with the bearer number, and the fixed close administration module of each the concerning security matters carrier in tabulating to bearer number sends decides the confidential information Notification of Changes; The content of deciding the confidential information Notification of Changes comprises: the confidential information historical record of deciding in the confidential information historical record of deciding is numbered, and generates the date of deciding the confidential information Notification of Changes;

B4, the quantitative value N that current item is decided message in the confidential information change messaging list give M, namely finish assign operation M=N.

Press such scheme, describedly decide confidential information and adjust the work period T of unit automatically less than 30.

A kind of tandem type is decided the synchronous disposal system of confidential information, and it is characterized in that: it comprises: the fixed close administration module of secrets, for the confidential information of deciding that records and safeguard secrets; The fixed close administration module of classified information is for the confidential information of deciding that records and safeguard classified information; The fixed close administration module of concerning security matters carrier is used for the essential information of record concerning security matters carrier, and handles from what the fixed close administration module of classified information sended over and decide the confidential information Notification of Changes;

The fixed close administration module of described secrets and secrets are one-one relationship, comprising: the fixed close record cell of item, for the confidential information of deciding of record secrets; The classified information numbered list is used for the information encoding that record relates to all classified informations of secrets; Decide confidential information and change trigger element, close record cell is read and write processing, the transmission item is decided confidential information change message and decided the change processing of confidential information to finish secrets for item is decided; The content that item is decided confidential information change message mainly comprises: event identification, item are decided the confidential information Date Of Change, item is decided the confidential information changed content; Item is decided the confidential information changed content and is comprised result and result before changing after changing simultaneously;

Be man-to-man relation between the fixed close administration module of described classified information and the classified information, comprise: the fixed close record cell of information, for the confidential information of deciding of record classified information; The secrets numbered list is used for the event identification of all secrets that the record classified information relates to; Decide the confidential information history list, that be used for to preserve classified information decides the confidential information historical record, and historical record is adjusted the unit generation automatically by decide confidential information; Item is decided confidential information change messaging list, and the fixed close administration module of secrets that is used for receiving and preserve all secrets that related to by classified information decide item that confidential information change trigger element sends over and is decided confidential information and change message; Bearer number is tabulated, and is used for the bearer number of all concerning security matters carriers of recording carrying classified information; And decide confidential information and adjust the unit automatically, be used for the confidential information of deciding according to the related secrets of classified information, adjust and walk out of together the confidential information of deciding of classified information automatically;

Be man-to-man relation between the fixed close administration module of described concerning security matters carrier and the concerning security matters carrier, comprise: the carrier information record cell, for the essential information of record concerning security matters carrier; Decide confidential information Notification of Changes tabulation, be used for receiving and preserve by what the fixed close administration module of classified information decide that confidential information adjusts automatically that the unit sends over and decide the confidential information Notification of Changes, send triggering message and make its generation decide confidential information Notification of Changes list to decide confidential information change processing unit; Decide confidential information and change processing unit, be used for when receiving the triggering message of deciding confidential information Notification of Changes tabulation transmission, from the fixed close record cell of information, read the confidential information of deciding of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list being decided in generation; Decide confidential information Notification of Changes list, produce by deciding confidential information change processing unit, be used for concerning security matters classified information that carrier carries up-to-date decided the keeping unit that confidential information sends to the concerning security matters carrier.

The confidential information of deciding of the secrets of the fixed close recording unit records of described item comprises that specifically event identification, item title, item know scope set, item level of confidentiality, item generation date, item security deadline and item decryption condition.

The confidential information of deciding of the classified information of the fixed close recording unit records of described information comprises that information encoding, name of the information, information knows scope set, information level of confidentiality, information generation date, information privacy time limit and decrypts information condition list.

The essential information of the concerning security matters carrier of described carrier information recording unit records comprises that information encoding, the carrier of bearer number, the classified information that carries are made the date and carrier is taken care of organization.

Describedly decide confidential information Notification of Changes list content and comprise: name of the information, bearer number, carrier keeping organization, the current up-to-date of classified information that carrier carries are decided confidential information and up-to-date effective date of deciding confidential information; Effective date was formulated and was filled in by the fixed close person liable of our unit before deciding confidential information Notification of Changes single transmit; Classified information that carrier carries current up-to-date decided confidential information and comprised that information level of confidentiality, information privacy time limit, information knows scope set and decrypts information condition list.

Beneficial effect of the present invention is:

1, this system and method thereof have taken into full account corresponding relation between secrets, classified information and the concerning security matters carrier three and the difference on the order of magnitude, will decide the administering and maintaining on secrets, classified information and three aspects of concerning security matters carrier of confidential information.

2, owing to carried out deciding the interlock of confidential information in secrets, classified information and three aspects of concerning security matters carrier, only need be at the enterprising line operate of aspect of this order of magnitude minimum of secrets to the change of deciding confidential information, the confidential information of deciding to the bigger classified information of the order of magnitude and concerning security matters carrier, the function that the invention provides automatic accounting and upgrade synchronously, thus decide the loaded down with trivial details work that confidential information carry out manual synchronization maintenance and management of working unit personnel to a large amount of classified informations and concerning security matters carrier reduced.

3, automatically adjusting in the function, the present invention also is provided with initial accounting and two kinds of patterns of periodic duty pattern, make decide confidential information adjust automatically the unit regular judge deciding confidential information and whether changing of secrets that classified information is related, all changes in one-period are unified to concentrate accounting, need not all once to adjust at each change, avoid system to carry out a large amount of and loaded down with trivial details computings, also reduced and decided the quantity that confidential information Notification of Changes per unit area yield is given birth to, decided confidential information Notification of Changes single-shot toward the number of times of the keeping unit of corresponding carrier thereby reduced the staff with what system produced.

4, utilize native system and disposal route, to improving close surely work efficiency and strengthening the standardization of deciding close work, have important practice significance.

Description of drawings

Fig. 1 is the fixed main object of close work and graph of a relation.

Fig. 2 is for deciding the logic relation picture of the synchronous disposal system of confidential information and intermodule.

Fig. 3 is the fixed close administration module system construction drawing of secrets.

Fig. 4 is the fixed close administration module system construction drawing of classified information.

Fig. 5 is the fixed close administration module system construction drawing of concerning security matters carrier.

Fig. 6 is the fixed closely knit example of certain unit.

Fig. 7 is the embodiment system construction drawing at Fig. 6.

Fig. 8 is process flow diagram of the present invention.

Embodiment

Below in conjunction with accompanying drawing and concrete embodiment, describe in detail and how to utilize system of the present invention to carry out Dynamic Maintenance and management to deciding confidential information.

A kind of tandem type is decided the synchronous disposal system of confidential information and is comprised: the fixed close administration module of secrets, for the confidential information of deciding that records and safeguard secrets; The fixed close administration module of classified information is for the confidential information of deciding that records and safeguard classified information; The fixed close administration module of concerning security matters carrier is used for the essential information of record concerning security matters carrier, and handles from what the fixed close administration module of classified information sended over and decide the confidential information Notification of Changes.Fig. 2 is for deciding the logic relation picture of the synchronous disposal system of confidential information and intermodule.

The fixed close administration module of described secrets and secrets are one-one relationship, structural drawing as shown in Figure 3, comprise: the fixed close record cell 301 of item, the confidential information of deciding that is used for the record secrets, the confidential information of deciding of secrets comprises that specifically event identification Item_ID, item title Item_N, item know that scope set Item_A, item level of confidentiality Item_L, item produce date Item_D, item security deadline Item_P and item decryption condition Item_DC; Classified information numbered list 302 is used for the information encoding that record relates to all classified informations of secrets; Decide confidential information and change trigger element 303, close record cell is read and write processing, the transmission item is decided confidential information change message and decided the change processing of confidential information to finish secrets for item is decided.The content that item is decided confidential information change message mainly comprises: event identification, item are decided the confidential information Date Of Change, item is decided the confidential information changed content; Item is decided the confidential information changed content and is comprised result and result before changing after changing simultaneously;

As system manager during to the deciding confidential information and change of secrets, as item being known scope set Item_A, item level of confidentiality Item_L, item security deadline Item_P, when a few items among the item decryption condition Item_DC change, at first submit result after changing to given confidential information change trigger element 303, according to wanting changed content, decide confidential information change trigger element 303 and from the fixed close record cell 301 of item, read out corresponding result before changing and preservation, the result after changing that will submit to then writes in the respective items in the fixed close record cell 301 of item, deciding 303 pairs of classified information numbered lists 302 of confidential information change trigger element at last travels through, be index with information encoding Info_ID, send an item respectively to the fixed close administration module of all classified informations that relate to secrets and decide confidential information change message Item_Msg.The content that this item is decided confidential information change message Item_Msg mainly comprises: event identification Item_ID, item are decided the confidential information Date Of Change, item is decided confidential information changed content (should comprise result and result before changing after changing simultaneously).

Be man-to-man relation between the fixed close administration module of described classified information and the classified information, structural drawing as shown in Figure 4, comprise: the fixed close record cell 401 of information, the confidential information of deciding that is used for the record classified information, the confidential information of deciding of classified information comprises that mainly information encoding Info_ID, name of the information Info_N, information knows that scope set Info_A, information level of confidentiality Info_L, information produce date Info_D, information privacy time limit Info_P, decrypts information condition list Info_DC_List; Secrets numbered list 402 is used for the event identification of all secrets that the record classified information relates to; Decide confidential information history list 403, that be used for to preserve classified information decides the confidential information historical record, and historical record is adjusted the unit generation automatically by decide confidential information; Item is decided confidential information change messaging list 404, and the fixed close administration module of secrets that is used for receiving and preserve all secrets that related to by classified information decide item that confidential information change trigger element sends over and is decided confidential information and change message; Bearer number tabulates 405, is used for the bearer number of all concerning security matters carriers of recording carrying classified information; And decide confidential information and adjust unit 406 automatically, be used for the confidential information of deciding according to the related secrets of classified information, adjust out the confidential information of deciding of classified information automatically.

Deciding confidential information adjusts the mode of operation of unit 406 automatically and has following two kinds:

1, generates the fixed close administration module of a classified information for the concrete classified information of certain part is initial and carry out deciding first when close for this classified information when system, decide confidential information and adjust unit 406 automatically and only the confidential information of deciding of classified information is adjusted automatically, do not do other processing.Concrete accounting step is as follows:

(1) traversal secrets numbered list 402, Item_ID is index with the secrets numbering, visit the fixed close record cell 301 of item in the fixed close administration module of every secrets correspondence, read out the confidential information of deciding of every secrets relating in the secrets numbered list 402, the confidential information of deciding that must read is that item knows that scope set Item_A, item level of confidentiality Item_L, item produce date Item_D, item security deadline Item_P, item decryption condition Item_DC.

(2) according to the confidential information of deciding of the whole secrets that read, adjust out the confidential information of deciding of classified information, concrete accounting method is: information knows that scope set Info_A knows that by the whole items that read the common factor of scope set Item_A constitutes; Decrypts information condition list Info_DC_List forms after being merged by the whole item decryption condition Item_DC that read; Information level of confidentiality Info_L is the High Security Level among the whole item level of confidentiality Item_L that read; The accounting relative complex of information privacy time limit Info_P, according to the confidential information of deciding that reads, at first finish following calculating respectively at every the secrets that relates in the secrets numbered list 402, computing method are: item produces date Item_D and adds item security deadline Item_P, and the information that deducts again produces date Info_D.After calculating is finished, for each the bar secrets that relates in the secrets numbered list 402, all can obtain a time period numerical value accordingly, in these time period numerical value, maximum time period numerical value is exactly the information privacy time limit Info_P that obtains after adjusting.(explanatory notes: if the information privacy time limit Info_P that obtains is a negative, illustrate that then current classified information need not to have maintained secrecy in time again, whether continuation is maintained secrecy, only need referring to the existence that whether also has decryption condition among the decrypts information condition list Info_DC_List, if also there is decryption condition, then showing still needs classified information is maintained secrecy.)

(3) confidential information of deciding of the classified information that obtains after will adjusting writes respective items in the fixed close record cell 401 of information, and namely information is known scope set Info_A, information level of confidentiality Info_L, information privacy time limit Info_P, decrypts information condition list Info_DC_List.

2, when finishing deciding first after confidential information adjusts classified information, deciding confidential information adjusts unit 406 automatically and will enter the periodic duty pattern, the situation that change takes place confidential information of deciding that causes classified information is changed in the confidential information generation of deciding because of secrets in the future, that decides that confidential information adjusts automatically that unit 406 will adjust out classified information termly automatically up-to-dately decide confidential information, keeps timely synchronous with the confidential information of deciding of deciding confidential information and secrets of guaranteeing classified information.For this reason, the present invention adjusts automatically and is provided with two variablees in the unit 406 deciding confidential information, is respectively M and T, wherein M is used for record and finishes lastly when decide confidential information and adjusting automatically, and item is decided the quantity that confidential information changes message in the messaging list 404, among the present invention, M is positive integer, and first duration is 0; T is used for deciding the work period that confidential information is adjusted unit 406 automatically, and T is natural number among the present invention, and unit is fate, and the value of T should be less than 30 days usually.

Deciding confidential information and adjust the unit automatically after entering the periodic duty pattern, will be the time interval with T, regularly finish following concrete work:

Read item and decide the quantitative value N (i.e. Lie Biao current length) of current message of preserving in the confidential information change messaging list 404, and judge, if M equals N, then be left intact; If N-M 〉=1 then begins to carry out following work:

(1) from the fixed close record cell 401 of information, read classified information current decide confidential information, generate one and decide confidential information historical record sInfo_log, this record content comprises: decide confidential information historical record numbering (system generates automatically), decide confidential information and know that by date when deciding the confidential information historical record (namely generate this date), information level of confidentiality Info_L, information privacy time limit Info_P, information scope gathers Info_A, decrypts information condition list Info_DC_List.The confidential information historical record of deciding that generates is added to and decides in the confidential information history list 403;

(2) according to (1), (2), (3) step in 1, finish the work that confidential information is adjusted automatically and write again of deciding to classified information;

(3) traversal bearer number tabulation 405, be index with bearer number Carrier_ID, confidential information Notification of Changes Note_log is decided in the fixed close administration module transmission of each the concerning security matters carrier in the bearer number tabulation 405, the content of deciding confidential information Notification of Changes Note_log comprises: the confidential information historical record of deciding among the confidential information historical record sInfo_log of deciding is numbered, and generate the date decide the confidential information Notification of Changes, the present invention set this date should with decide confidential information historical record sInfo_log in to decide confidential information identical by the date;

(4) the quantitative value N that current item is decided message in the confidential information change messaging list 404 gives M, namely finishes assign operation M=N.

Be man-to-man relation between the fixed close administration module of described concerning security matters carrier and the concerning security matters carrier, structural drawing as shown in Figure 5, comprise: carrier information record cell 501, the essential information that is used for record concerning security matters carrier, the essential information of concerning security matters carrier comprise that information encoding Info_ID, the carrier of bearer number Carrier_ID, the classified information that carries are made date Carrier_D and carrier is taken care of organization; Decide confidential information Notification of Changes tabulation 502, be used for receiving and preserve by what the fixed close administration module of classified information decide that confidential information adjusts automatically that the unit sends over and decide the confidential information Notification of Changes, send the triggering message and make its generation decide confidential information Notification of Changes list 503 to decide confidential information change processing unit 504; Decide confidential information change processing unit 504, be used for when receiving the triggering message of deciding confidential information Notification of Changes tabulation 502 transmissions, from the fixed close record cell 401 of information, read the confidential information of deciding of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list 503 is decided in generation; Decide confidential information Notification of Changes list 503, produce by deciding confidential information change processing unit 504, be used for concerning security matters classified information that carrier carries up-to-date decided the keeping unit that confidential information sends to the concerning security matters carrier.

System can read the confidential information of deciding of classified information with information encoding Info_ID as index in the fixed close administration module of the classified information of correspondence, this decides the confidential information of deciding that confidential information is exactly the concerning security matters carrier.

Deciding confidential information Notification of Changes list 503 contents mainly comprises: name of the information Info_N, bearer number Carrier_ID, carrier keeping organization, the current up-to-date of classified information that carrier carries are decided confidential information (being that information level of confidentiality Info_L, information privacy time limit Info_P, information are known scope set Info_A, decrypts information condition list Info_DC_List) and up-to-date effective date of deciding confidential information, effective date was formulated and was filled in by the fixed close person liable of our unit before deciding 503 transmissions of confidential information Notification of Changes list.

More than for deciding the detailed description of each module in the synchronous disposal system of confidential information, when using system of the present invention, every secrets that system can at first relate to for unit is created the fixed close administration module of a secrets respectively, and the system manager will every secrets decides item that confidential information is entered into the fixed close administration module of secrets calmly in the close record cell 301.After finishing this work, unit can begin the classified information and the carrier thereof that produce are voluntarily carried out close surely work, and to deciding the later stage Dynamic Maintenance of confidential information, groundwork will be finished automatically by system of the present invention.

A kind of tandem type is decided the confidential information synchronization processing method, and as shown in Figure 8, it may further comprise the steps:

After confidential information Notification of Changes list is decided in generation, what system manager or other staff can regularly produce system decides confidential information Notification of Changes single-shot toward the keeping unit of corresponding carrier, manually corresponding on the corresponding carrier of change decide confidential information, keeps timely synchronous to guarantee the confidential information of deciding in the concerning security matters carrier with the confidential information of deciding of corresponding secrets.

Describedly decide confidential information and adjust the initial accounting of unit automatically and may further comprise the steps:

Describedly decide confidential information and adjust the unit automatically and have two variable M and T in the periodic duty pattern; Wherein M represents to finish last when decide confidential information and adjusting automatically, and item is decided the quantity that confidential information changes message in the messaging list, and M is positive integer, and first duration is 0; T represents to decide the work period that confidential information is adjusted the unit automatically, and T is natural number, and unit is fate; Describedly decide confidential information and adjust the work period T of unit automatically less than 30.

Be the work period with T, decide confidential information and adjust the unit automatically and under the periodic duty pattern, regularly read the quantitative value N that item is decided current message of preserving in the confidential information change messaging list, and judge: if M=N then is left intact; If N-M 〉=1 then begins following steps:

Fig. 6 has provided the fixed closely knit example of certain unit, and wherein secrets has two, and numbering is respectively AA.01.01 and BB.04.01; Classified information has two parts, numbering is respectively 0001 and 0002, and classified information 0001 relates to two secrets, i.e. AA.01.01 and BB.04.01, it is as shown in table 1 that the item of secrets AA.01.01 and BB.04.01 is decided confidential information, and classified information 0002 only relates to secrets AA.01.01; The concerning security matters carrier has three parts, and numbering is respectively 000101,000102,000201, and wherein concerning security matters carrier 000101 and 000102 is all for carrying classified information 0001, and concerning security matters carrier 000201 carries classified information 0002.Fig. 7 is the example structure figure that the present invention is directed to Fig. 6.Be that example describes with classified information among Fig. 6 0001 and carrier 000101 and 000102 thereof, can do similar processing to classified information 0002 and its carrier 000201.

The item of table 1. secrets AA.01.01 and BB.04.01 is decided confidential information

1, the initially fixed closely knit example of executing of classified information and carrier thereof:

1.1, entry information numbering 0001 and information produce the date in the fixed close record cell 401 of the information in the fixed close administration module of classified information 0001, this example is decided to be in January, 2011;

1.2, in the secrets numbered list 402 of the fixed close administration module of classified information 0001, input transaction numbering AA.01.01 and BB.04.01.

1.3, in the classified information numbered list 302 of the fixed close administration module of secrets AA.01.01 input information encoding 0001 and 0002; Input information encoding 0001 in the classified information numbered list 302 of the fixed close administration module of secrets BB.04.01.

1.4, the every carrier information of typing in the carrier information record cell 501 in the fixed close administration module of concerning security matters carrier 000101 and 000102 respectively.Concrete entry information is referring to following table 2:

Table 2. concerning security matters carrier 000101 and 000102 information

1.5, in the bearer number tabulation 405 of the fixed close administration module of classified information 0001 numbering 000101 and 000102 of input concerning security matters carrier.

1.6, the confidential information of deciding that triggers in the classified information 0001 fixed close administration module adjusts singly 406 automatically, it is finished classified information 0001 initial is decided the automatic calculation work of confidential information.Its concrete accounting process is as follows:

(1) the secrets numbered list 402 in the fixed close administration module of traversal classified information 0001, be index with event identification AA.01.01 and BB.04.01, the fixed close record cell 301 of item in the fixed close administration module of visit secrets AA.01.01 and BB.04.01, read out the confidential information of deciding of secrets AA.01.01 and BB.04.01 respectively, the confidential information of deciding that must read is that item is known scope set Item_A, item level of confidentiality Item_L, item produces date Item_D, item security deadline Item_P, item decryption condition Item_DC, specifically deciding the confidential information data can be referring to table 1.

(2) according to the confidential information of deciding of the above-mentioned secrets AA.01.01 that reads and BB.04.01, adjust out the confidential information of deciding of classified information 0001, concrete accounting method is: information knows that scope set Info_A knows that by the whole items that read the common factor of scope set Item_A constitutes, according to data in the table 1, the information of classified information 0001 knows that scope set Info_A is exactly { Zhang San }; Decrypts information condition list Info_DC_List is merged by the whole item decryption condition Item_DC that read and forms, and according to data in the table 1, the decrypts information condition list Info_DC_List of classified information 0001 is empty, does not namely have decryption condition; Information level of confidentiality Info_L is the High Security Level among the whole item level of confidentiality Item_L that read, and according to data in the table 1, the information level of confidentiality Info_L of classified information 0001 is secret; The accounting relative complex of information privacy time limit Info_P, according to the confidential information of deciding that reads, at first finish following calculating respectively at secrets AA.01.01 and BB.04.01, computing method are: item produces date Item_D and adds item security deadline Item_P, the information that deducts again produces date Info_D, information according to data in the table 1 and classified information 0001 produces the date, after calculating is finished, for secrets AA.01.01 and BB.04.01, can obtain a time period numerical value respectively, they are respectively 4 years and 12 years, in these two time period numerical value, resulting information privacy time limit Info_P after maximum time period numerical value is adjusted exactly, that is, the security deadline of classified information 0001 is 12 years.

(3) in the respective items in deciding of obtaining after will the adjusting fixed close record cell 401 of information of fixed close administration module that confidential information writes classified information 0001, namely information is known scope set Info_A, information level of confidentiality Info_L, information privacy time limit Info_P, decrypts information condition list Info_DC_List.

Above process is utilized system of the present invention exactly, and classified information and carrier thereof that unit is produced carry out initially fixed close process.

2, decide confidential information change process embodiment:

To deciding the change of confidential information, can be that any one is made amendment to the item of secrets is known scope set Item_A, item level of confidentiality Item_L, item security deadline Item_P and item decryption condition Item_DC.System embodiment of the present invention only changes to example with the item security deadline Item_P to secrets AA.01.01 here for convenience of description, by original 10 years (seeing Table 1), is extended for 20 years.

The concrete implementation of system is as follows:

2.1, at first with the up-to-date numerical value of the item security deadline Item_P of secrets AA.01.01 20 years, the confidential information of deciding of submitting to the fixed close administration module of secrets AA.01.01 changes trigger element 303, decide confidential information change trigger element 303 reads out former item security deadline Item_P from the fixed close record cell 301 of the item of the fixed close administration module of secrets AA.01.01 numerical value (10 years), and temporary transient the preservation, then with the up-to-date numerical value of item security deadline Item_P submitted to 20 years, the item that writes the fixed close administration module of secrets AA.01.01 is decided in the close record cell 301, at last, the classified information numbered list 302 of the fixed close administration module of traversal secrets AA.01.01, traversing result is 0001 and 0002, decide confidential information change message Item_Msg to item of fixed close administration module transmission of classified information 0001 and 0002 respectively, the content of this message comprises: event identification AA.01.01, item is decided confidential information Date Of Change (being system's current date), item is decided confidential information changed content (former item security deadline Item_P=10, item security deadline Item_P=20 after changing).List after changing the item of secrets AA.01.01 and BB.04.01 in the table 3 and decided confidential information.

Table 3. item of secrets AA.01.01 and BB.04.01 is after changing decided confidential information

At this moment, the item of classified information 0001 and 0002 fixed close administration module is decided all can receive and preserve in the confidential information change messaging list 404 above item and decide confidential information and changes message Item_Msg.Below explanation is example with classified information 0001 and carrier thereof mainly.

2.2, because after finishing classified information 0001 initial fixed close, the confidential information of deciding of its fixed close administration module is adjusted unit 406 automatically and will be entered the periodic duty pattern, the present invention adjusts automatically and is provided with two variablees in the unit 406 deciding confidential information, be respectively M and T, wherein M is used for record and finishes last when deciding confidential information and adjusting automatically, item is decided the quantity of message in the confidential information change messaging list 404, among the present invention, M is positive integer, duration just is 0, for classified information 0001, finishes last when deciding confidential information and adjusting automatically, namely finish initially fixed when close, the value of M is exactly initial value 0; T is used for deciding the work period that confidential information is adjusted unit 406 automatically, and T is natural number among the present invention, and unit is fate, and the value of T should be less than 30 days usually.The fixed closely knit example of unit in Fig. 6, suppose the value of T was made as 7 days, so, when classified information 0001 finish initial fixed close after, the confidential information of deciding in its fixed close administration module is adjusted unit 406 meetings automatically and be finished following work every 7 days:

Read the item of the fixed close administration module of classified information 0001 and decide the current message count value N that preserves (i.e. Lie Biao current length) in the confidential information change messaging list 404, and judge, if M equals N, then be left intact; If N-M 〉=1 then begins to carry out the synchronous working of deciding confidential information.For this example, current N=1, M=0, i.e. therefore N-M 〉=1 will begin to carry out following work:

(1) from the fixed close record cell 401 of the information of the fixed close administration module of classified information 0001, read classified information 0001 when the predetermination confidential information, generate one and decide confidential information historical record sInfo_log, this record content comprises: decide confidential information historical record numbering (system generates automatically), decide confidential information and know that by date when deciding the confidential information historical record (namely generate this date), information level of confidentiality Info_L, information privacy time limit Info_P, information scope gathers Info_A, decrypts information condition list Info_DC_List.With the deciding in the confidential information history list 403 of fixed close administration module that confidential information historical record sInfo_log adds classified information 0001 to of deciding that generates;

(2) the secrets numbered list 402 in the fixed close administration module of traversal classified information 0001, be index with event identification AA.01.01 and BB.04.01, the fixed close record cell 301 of item in the fixed close administration module of visit secrets AA.01.01 and BB.04.01, read out the confidential information of deciding of secrets AA.01.01 and BB.04.01 respectively, the confidential information of deciding that must read is that item is known scope set Item_A, item level of confidentiality Item_L, item produces date Item_D, item security deadline Item_P, item decryption condition Item_DC, specifically deciding the confidential information data can be referring to table 3.

(3) according to the confidential information of deciding of the above-mentioned secrets AA.01.01 that reads and BB.04.01, adjust out the confidential information of deciding of classified information 0001, concrete accounting method is: information knows that scope set Info_A knows that by the whole items that read the common factor of scope set Item_A constitutes, according to data in the table 3, the information of classified information 0001 knows that scope set Info_A is exactly { Zhang San }; Decrypts information condition list Info_DC_List is merged by the whole item decryption condition Item_DC that read and forms, and according to data in the table 3, the decrypts information condition list Info_DC_List of classified information 0001 is empty, does not namely have decryption condition; Information level of confidentiality Info_L is the High Security Level among the whole item level of confidentiality Item_L that read, and according to data in the table 3, the information level of confidentiality Info_L of classified information 0001 is secret; The accounting relative complex of information privacy time limit Info_P, according to the confidential information of deciding that reads, at first finish following calculating respectively at secrets AA.01.01 and BB.04.01, computing method are: item produces date Item_D and adds item security deadline Item_P, the information that deducts again produces date Info_D, information according to data in the table 3 and classified information 0001 produces the date, after calculating is finished, for secrets AA.01.01 and BB.04.01, can obtain a time period numerical value respectively, they are respectively 14 years and 12 years, in these two time period numerical value, resulting information privacy time limit Info_P after maximum time period numerical value is adjusted exactly, that is, the security deadline of classified information 0001 is 14 years.

(4) in the respective items in deciding of obtaining after will the adjusting fixed close record cell 401 of information of fixed close administration module that confidential information writes classified information 0001, namely information is known scope set Info_A, information level of confidentiality Info_L, information privacy time limit Info_P, decrypts information condition list Info_DC_List.

(5) the bearer number tabulation 405 of the fixed close administration module of traversal classified information 0001, be index with bearer number 000101 and 000102, confidential information Notification of Changes Note_log is decided in fixed close administration module transmission to concerning security matters carrier 000101 and 000102, this content of announcement comprises: the confidential information historical record of deciding among the confidential information historical record sInfo_log of deciding that step (1) produces is numbered, and generate the date decide confidential information Notification of Changes Note_log, the present invention set this date should with decide confidential information historical record sInfo_log in to decide confidential information identical by the date.

(6) the quantitative value N that current item is decided message in the confidential information change messaging list 404 gives M, namely finishes assign operation M=N, and the currency of M is 1.

2.3, following be example with concerning security matters carrier 000101, the fixed close administration module that concerning security matters carrier 000101 is described is decided the processing done after the confidential information Notification of Changes Note_log receiving.

The fixed close administration module of concerning security matters carrier 000101 decide confidential information Notification of Changes tabulation 502 receive and preserve decide confidential information Notification of Changes Note_log in, can send to confidential information change processing unit 504 at once and trigger message, it is produced decide confidential information Notification of Changes list 503, the advice note main contents are: name of the information Info_N (does not provide in this example, but do not influence explanation main contents of the present invention), bearer number 000101, carrier keeping organization---" A of unit ", classified information that carrier carries 0001 current up-to-date decided confidential information, be that information level of confidentiality Info_L is secret, information privacy time limit Info_P is 14 years, information knows that scope set Info_A is { Zhang San }, decrypts information condition list Info_DC_List is empty, and the up-to-date effective date of deciding confidential information, the effective date is formulated and is filled in by the fixed close person liable of our unit before deciding confidential information Notification of Changes single transmit.

System is after confidential information Notification of Changes list is decided in generation, and unit can mail advice note to the carrier keeping, and unit---" A of unit ", the A of unit can in time take care of the adjustment of measure to the concerning security matters carrier 000101 of its preservation behind notified list.

Above process is utilized system of the present invention exactly, unit is decided confidential information change a series of processing of doing.

According to embodiments of the invention, be used for realizing that computer system of the present invention can comprise, particularly, central processor CPU, storer and I/O interface.Computer system usually by I/O interface and display with link to each other such as this type of various input equipments of mouse and keyboard, support circuit can comprise the fast buffer memory of image height, power supply, clock circuit and the such circuit of communication bus.Storer can comprise random access memory ram, read only memory ROM, disc driver, magnetic tape station etc., or their combination.Computer platform also comprises operating system and micro-instruction code.Various process described herein and function can be by the micro-instruction code of operating system execution or the part of application program (or their combination).In addition, various other peripherals can be connected to this computer platform, as additional data storage device and printing device.

Claims

1. a tandem type is decided the confidential information synchronization processing method, it is characterized in that: adopt tandem type to decide the synchronous disposal system of confidential information, this system comprises: the fixed close administration module of secrets, for the confidential information of deciding that records and safeguard secrets; The fixed close administration module of classified information is for the confidential information of deciding that records and safeguard classified information; The fixed close administration module of concerning security matters carrier is used for the essential information of record concerning security matters carrier, and handles from what the fixed close administration module of classified information sended over and decide the confidential information Notification of Changes;

Be man-to-man relation between the fixed close administration module of described concerning security matters carrier and the concerning security matters carrier, comprise: the carrier information record cell, for the essential information of record concerning security matters carrier; Decide confidential information Notification of Changes tabulation, be used for receiving and preserve by what the fixed close administration module of classified information decide that confidential information adjusts automatically that the unit sends over and decide the confidential information Notification of Changes, send triggering message and make its generation decide confidential information Notification of Changes list to decide confidential information change processing unit; Decide confidential information and change processing unit, be used for when receiving the triggering message of deciding confidential information Notification of Changes tabulation transmission, from the fixed close record cell of information, read the confidential information of deciding of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list being decided in generation; Decide confidential information Notification of Changes list, produce by deciding confidential information change processing unit, be used for concerning security matters classified information that carrier carries up-to-date decided the keeping unit that confidential information sends to the concerning security matters carrier;

Adopt following steps again:

The step 1) initialization: at first every the secrets that relates to for unit is created the fixed close administration module of a secrets respectively, and the system manager will every secrets decides in the fixed close record cell of item that confidential information is entered into the fixed close administration module of corresponding secrets;

3-4, decide confidential information change processing unit and receiving when deciding triggering message that the tabulation of confidential information Notification of Changes sends, by information encoding, from the fixed close record cell of information, read the confidential information of deciding of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list is decided in generation;

The confidential information of deciding of a3, the classified information that obtains after will adjusting writes respective items in the fixed close record cell of information, and namely information is known scope set, information level of confidentiality, information privacy time limit and decrypts information condition list;

Describedly decide confidential information and adjust the unit automatically and be provided with two variable M and T; Wherein M represents to finish last when decide confidential information and adjusting automatically, and item is decided the quantity that confidential information changes message in the messaging list, and M is positive integer, and first duration is 0; T represents to decide the work period that confidential information is adjusted the unit automatically, and T is natural number, and unit is fate;

2. tandem type according to claim 1 is decided the confidential information synchronization processing method, it is characterized in that: describedly decide confidential information and adjust the work period T of unit automatically less than 30.