CN102419835B

CN102419835B - Cascade-type secrete-level setting information synchronic processing system

Info

Publication number: CN102419835B
Application number: CN201110332415.5A
Authority: CN
Inventors: 黄锐
Original assignee: China Ship Development and Design Centre
Current assignee: China Ship Development and Design Centre
Priority date: 2011-10-28
Filing date: 2011-10-28
Publication date: 2014-07-09
Anticipated expiration: 2031-10-28
Also published as: CN102419835A

Abstract

The invention discloses a cascade-type secrete-level setting information synchronic processing system, which is characterized in that: corresponding relation among secrete items, confidential information and confidential carriers as well as difference on the aspect of the quantity level are adequately considered, the management and the maintenance of the secrete-level setting information run through the secrete items, the confidential information and the confidential carriers. By adopting the management system, and the change of the secrete-level information is required to operate on the level of the minimal-quantity level secrete item. For the confidential information with large quantity level and the confidential information of the confidential carriers, an automatic accounting function and a synchronically updating function are provided, so the complicated work for synchronously maintaining and managing a great amount of confidential information and secrete-level setting information of the confidential carriers can be alleviated for institution staffs. On the basis of the content of the processing system, confidential information synchronous processing system software also can be developed, so the secrete-level setting working efficiency and the standardization of the secrete-level setting work can be enhanced, and an important practical significance can be realized.

Description

A kind of Cascade-type secrete-level setting information synchronic processing system

Technical field

The invention belongs to secret science and technology field, be specifically related to a kind of Cascade-type secrete-level setting information synchronic processing system.

Background technology

Security work is related to national security, and conservative state secret relates to core national interests such as safeguarding national politics, economy, military affairs.At present, national government at all levels, army, each military enterprise unit etc. are equipped with special security work mechanism.Fixed close work is that unit is in an important step of carrying out in security work, the object of fixed close work determines which information is state secret exactly, which information is not state secret, and after only having clearly defined secret object, security work could reasonably be carried out.

The content of fixed close work specifically, be exactly that unit produces voluntarily information to it and first judges whether concerning security matters, if concerning security matters, will be to the level of confidentiality of classified information, know that scope, security deadline or decryption condition clearly define, and level of confidentiality, know that scope, security deadline or decryption condition are just referred to as and determine confidential information.Unit will, according to determining confidential information, drop into corresponding secret cost, and classified information is taked to corresponding safeguard measure.In the past in reality, determine that to what determine confidential information often randomness is larger, conventionally lack foundation, determine confidential information not accurate enough, simultaneously also clear and definite not to the responsibility of close work surely.For the fixed close work of standard, in the Law of the People's Republic of China on Guarding State Secrets chapter 2 that on October 1st, 2010, new revision was issued, amount to 12 rules and clearly stipulated the requirements of fixed close work.

Word content, the detail of design etc. of what the classified information unit of typically referring to produced voluntarily relate to state secret, classified information can not exist without foundation, must occur with the form of certain medium, for people's reading or.The medium of carrying classified information is commonly referred to concerning security matters carrier, and concerning security matters carrier can have the forms such as paper medium, light medium, magnetic medium, and for example, the file made of paper of a carrying classified information is exactly a concerning security matters carrier; The CD of a carrying classified information is also a concerning security matters carrier.This shows, concerning security matters carrier is the approach in kind that obtains classified information, and the keeping to concerning security matters carrier and use always are an emphasis of security work.Concerning security matters carrier determine the confidential information of determining that confidential information is exactly its classified information carrying, the safeguard measure that concerning security matters carrier is taked should meet it and determine the requirement that confidential information embodies.

At present, for the fixed close work of standard, make surely close foundation to some extent, thereby clearly fixed close responsibility, unit should be first clear and definite self related state secret scope, in secret scope, listed every state secret item that our unit relates to, for every secrets, unit must determine that it determine confidential information,, the level of confidentiality of every secrets, knows scope, security deadline or decryption condition that is.All secrets and determine confidential information and finally manage with the form of catalogue, this catalogue is commonly called secrets detailed catalogue.Secrets detailed catalogue will be carried out surely close foundation to all classified informations that produce as our unit.In the time producing a classified information, it is determined determining of confidential information and must be determined according to the confidential information of determining of related secrets in this classified information.The not concerning security matters of most contents of a information, as long as but have place's content to relate to a certain state secret item, this part of information has been exactly classified information so.Why unit works out secrets detailed catalogue, wish exactly the various classified informations that produce are voluntarily carried out when surely close, can obtain the confidential information of determining of unified standard, even if avoid in the past surely close to carrying out with a classified information, different personnel may make the different generations of confidential information situation of determining.

The state secret item relating to along with unit and the concerning security matters carrier of generation constantly increase, and will be hard works to determining the maintenance of confidential information.In the Article 18 money of new edition privacy act chapter 2, clearly " level of confidentiality, the security deadline of state secret and know scope should according to circumstances change timely change to regulation.Level of confidentiality, the security deadline of state secret and know scope change, should notify the office, unit or the personnel that know in scope in time in writing ".Change in time and mean that unit need to dynamically safeguard and determine confidential information alteration, and corresponding alteration is notified in time to keeping or the applying unit of concerning security matters carrier.

Can find out from the above, the fixed close work of unit has related to three kinds of objects, is respectively secrets, classified information and concerning security matters carrier.Unit can be implemented in any aspect in these three kinds of objects the synchronous processing of determining confidential information, in any object aspect, carry out determining the synchronous processing of confidential information, this just needs us to be further analyzed relation and the order of magnitude between these three kinds of objects of secrets, classified information and concerning security matters carrier actually.

Secrets is the key element composition that relates to state secret in classified information, be also referred to as " close point ", in a classified information, may comprise many different secrets, and same secrets may appear in many parts of different classified informations, therefore, between secrets and classified information, may be the corresponding relation of " multi-to-multi "; On the other hand, by means such as duplicating, copies, unit may adopt the carrier of multiple differences (or medium not of the same race) to carry with a classified information, therefore, between classified information and concerning security matters carrier, may be the corresponding relation of " one-to-many ".In accompanying drawing 1, list the above-mentioned relation between secrets, classified information and concerning security matters carrier three.

Conventionally, the quantity of a related state secret item of unit is relatively-stationary within a period of time, but, the classified information quantity that unit produces according to its secrets may be but a large amount of, the secrets that a classified information comprises may be any number of independent assortment of whole secrets in secrets detailed catalogue, therefore to classified information, on the order of magnitude, may be, the process of a combination multiplication by secrets; In addition, because unit can adopt many parts of concerning security matters carriers to carry with a classified information by copying or copying conventionally, therefore, to concerning security matters carrier, on the order of magnitude, be, at least the process of linear multiplier by classified information.

In real work in the past, the security work of unit is often confined in the aspect of concerning security matters carrier determining administering and maintaining of confidential information, classified information and concerning security matters carrier are not made clear and definite differentiation and peeled off, seriously ignored corresponding relation between secrets, classified information and this three of concerning security matters carrier and the difference on the order of magnitude.Get off for a long time, the quantity of the classified information that office or unit possess and concerning security matters carrier is more and more, once want the confidential information of determining of certain state secret item to change, the confidential information of determining of the classified information that it is involved and concerning security matters carrier carries out synchronously, and the work facing will be intricate and heavy.

Summary of the invention

The technical problem to be solved in the present invention is: a kind of Cascade-type secrete-level setting information synchronic processing system is provided, realizes rationally effectively dynamic management and maintenance to determining confidential information.

The present invention for solving the problems of the technologies described above taked technical scheme is: a kind of Cascade-type secrete-level setting information synchronic processing system, is characterized in that: it comprises: the fixed close administration module of secrets, for recording and safeguard the confidential information of determining of secrets; The fixed close administration module of classified information, for recording and safeguard the confidential information of determining of classified information; The fixed close administration module of concerning security matters carrier, for recording the essential information of concerning security matters carrier, and process send over from the fixed close administration module of classified information determine confidential information Notification of Changes;

The fixed close administration module of described secrets and secrets are one-one relationship, comprising: the fixed close record cell of item, for recording the confidential information of determining of secrets; Classified information numbered list, for recording the information encoding of all classified informations that relate to secrets; Determine confidential information and change trigger element, determine confidential information change message and determine to complete secrets the change processing of confidential information for the fixed close record cell of item read and write to processings, transmission item; The content that item is determined confidential information change message mainly comprises: event identification, item are determined confidential information Date Of Change, item is determined confidential information changed content; Item is determined confidential information changed content and is comprised result and after changing result before changing simultaneously;

Between the fixed close administration module of described classified information and classified information, be man-to-man relation, comprise: the fixed close record cell of information, for recording the confidential information of determining of classified information; Secrets numbered list, for recording the event identification of all secrets that classified information relates to; Determine confidential information history list, determine confidential information historical record for what preserve classified information, historical record is automatically adjusted unit and is produced by determining confidential information; Item is determined confidential information and is changed messaging list, determine confidential information and changes the item that trigger element sends over and determine confidential information change message for receiving and preserve the fixed close administration module of secrets of all secrets that related to by classified information; Bearer number list, for the bearer number of all concerning security matters carriers of recording carrying classified information; And determine confidential information and automatically adjust unit, for according to the confidential information of determining of the related secrets of classified information, automatically adjust and the same confidential information of determining of walking out of classified information;

Between the fixed close administration module of described concerning security matters carrier and concerning security matters carrier, be man-to-man relation, comprise: carrier information record cell, for recording the essential information of concerning security matters carrier; Determine the list of confidential information Notification of Changes, for receiving and preserve determine by the fixed close administration module of classified information that confidential information adjusts that unit sends over automatically determine confidential information Notification of Changes, change processing unit and send and trigger message and make its generation determine confidential information Notification of Changes list to determining confidential information; Determine confidential information and change processing unit, in the time receiving the triggering message of determining confidential information Notification of Changes list transmission, from the fixed close record cell of information, read the confidential information of determining of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list is determined in generation; Determine confidential information Notification of Changes list, change processing unit and produce by determining confidential information, send to the keeping unit of concerning security matters carrier for concerning security matters classified information that carrier carries up-to-date determined to confidential information.

Press such scheme, the confidential information of determining of the secrets of the fixed close recording unit records of described item specifically comprises that event identification, item title, item know that scope set, item level of confidentiality, item produce date, item security deadline and item decryption condition.

Press such scheme, the confidential information of determining of the classified information of the fixed close recording unit records of described information comprises that information encoding, name of the information, information knows that scope set, information level of confidentiality, information produce date, information privacy time limit and decrypts information condition list.

Press such scheme, the essential information of the concerning security matters carrier of described carrier information recording unit records comprises that information encoding, the carrier of bearer number, the classified information that carries are made the date and carrier is taken care of organization.

Press such scheme, describedly determine confidential information Notification of Changes list content and comprise: name of the information, bearer number, carrier keeping organization, the current up-to-date of classified information that carrier carries are determined confidential information and up-to-date effective date of determining confidential information; Effective date, before determining confidential information Notification of Changes single transmit, is formulated and is filled in by the fixed close person liable of our unit; Classified information that carrier carries current up-to-date determined confidential information and comprised that information level of confidentiality, information privacy time limit, information knows scope set and decrypts information condition list.

A kind of cascade secret determination information synchronous disposal route, is characterized in that: it comprises the following steps:

Step 1) initialization: adopt Cascade-type secrete-level setting information synchronic processing system, first every the secrets relating to for unit creates respectively the fixed close administration module of a secrets, and system manager determines in the fixed close record cell of item that confidential information is entered into the fixed close administration module of corresponding secrets every secrets;

After initialization, it is initial fixed close that unit adopts Cascade-type secrete-level setting information synchronic processing system to carry out the classified information producing voluntarily and carrier thereof as required, and to determining the later stage Dynamic Maintenance of confidential information;

Step 2) carry out initial fixed close to the classified information producing voluntarily and carrier thereof: in the time that unit produces some concerning security matters carriers of a classified information and correspondence thereof voluntarily, the corresponding fixed close administration module of a classified information and the corresponding fixed close administration module of several concerning security matters carriers of creating of system, step operation in the following order:

In 2-1, the fixed close record cell of information in the fixed close administration module of the classified information creating, entry information numbering and information produce the date;

In 2-2, secrets numbered list in the fixed close administration module of the classified information creating, input the event identification of all secrets that classified information relates to;

2-3, the information encoding of classified information is added in the fixed close administration module of all secrets that classified information relates in classified information numbered list;

2-4, in the fixed close administration module of corresponding concerning security matters carrier, complete the Data Enter of carrier information record cell;

2-5, the bearer number of determining all concerning security matters carriers of this classified information of input carrying in the bearer number list in close administration module at the classified information creating;

2-6, the confidential information of determining starting in the fixed close administration module of classified information are adjusted unit automatically, it is completed the confidential information of determining of classified information is carried out to the initial work of adjusting;

Step 3) to determining the later stage Dynamic Maintenance of confidential information: unit need to be when determining confidential information and change, can only operate by the fixed close administration module of the secrets in system of the present invention, to guarantee that all secrets that are associated keep in the content of determining confidential information with classified information synchronizeing, specific as follows:

3-1, change the secrets of determining confidential information for needs, in the fixed close administration module of its corresponding secrets, the confidential information of determining that needs are changed submits to given confidential information to change trigger element; According to wanting changed content, determine confidential information change trigger element reads out corresponding result before changing and preserves from the fixed close record cell of item, then the result after changing of submitting to is write in the respective items in the fixed close record cell of item, finally determining confidential information change trigger element travels through classified information numbered list, take information encoding as index, send respectively an item to the fixed close administration module of all classified informations that relate to this secrets and determine confidential information change message, determine confidential information by corresponding item and change messaging list reception and preserve;

3-2, determine confidential information automatically adjust unit to classified information determine after confidential information completes initial calculation work enter periodic duty pattern, to there is to change by the confidential information of determining of secrets the situation that confidential information generation is changed of determining that causes classified information, that determines that confidential information adjusts that unit calculates classified information termly automatically automatically up-to-dately determines confidential information, and sends and determine confidential information Notification of Changes to the confidential information Notification of Changes list of determining in the fixed close administration module of corresponding concerning security matters carrier;

3-3, determine the list of confidential information Notification of Changes and receive and preserve and determine confidential information Notification of Changes, and change processing unit and send triggering message to determining confidential information;

3-4, determine confidential information change processing unit receive determine the list of confidential information Notification of Changes send triggering message time, by information encoding, from the fixed close record cell of information, read the confidential information of determining of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list is determined in generation.

Press such scheme, described determine confidential information and automatically adjust the initial accounting of unit and comprise the following steps:

A1, traversal secrets numbered list, be numbered index with secrets, item close record cell calmly in fixed close administration module corresponding to every secrets relating to of access classified information, afterwards read out the confidential information of determining of every secrets relating in secrets numbered list, the confidential information of determining of secrets comprises that item knows that scope set, item level of confidentiality, item produce date, item security deadline and item decryption condition;

A2, according to the confidential information of determining of read whole secrets, calculate the confidential information of determining of classified information, concrete accounting method is known scope set for: information and is known that by the item of read whole secrets the common factor of scope set forms; Decrypts information condition list forms after being merged by the item decryption condition of read whole secrets; High Security Level in the item level of confidentiality that information level of confidentiality is read whole secrets; The accounting in information privacy time limit is according to the confidential information of determining of read whole secrets, first complete respectively following calculating for every the secrets relating in secrets numbered list: the item generation date adds item security deadline, the information that deducts again produces the date, after calculating completes, for each secrets relating in secrets numbered list, all can obtain accordingly a time period numerical value, in these time period numerical value, maximum time period numerical value is exactly the information privacy time limit obtaining after adjusting;

A3, by the respective items in the fixed close record cell of confidential information writing information of determining of the classified information that obtains after adjusting, information is known scope set, information level of confidentiality, information privacy time limit and decrypts information condition list.

Press such scheme, described determine confidential information and automatically adjust unit and be provided with two variable M and T; Wherein M has represented lastly when determine confidential information and automatically adjusting, and item is determined the quantity of message in confidential information change messaging list, and M is positive integer, and first duration is 0; T represents to determine confidential information and automatically adjusts the work period of unit, and T is natural number, and unit is number of days;

Under periodic duty pattern, determine confidential information and automatically adjust unit take T as the work period, regularly read item and determine the quantitative value N of message current preserved in confidential information change messaging list, and judgement: if M=N is left intact; If N-M >=1, starts following steps:

B1, from the fixed close record cell of information, read classified information current determine confidential information, generate one and determine confidential information historical record, this records content and comprises: determine confidential information historical record numbering, determine confidential information expired date, information level of confidentiality, information privacy time limit, information know scope set, decrypts information condition list; The confidential information historical record of determining generating is added to and determined in confidential information history list;

B2, according to the step in initial accounting, complete the work that confidential information is again automatically adjusted and write of determining to classified information;

B3, traversal bearer number list, take bearer number as index, determine confidential information Notification of Changes to the fixed close administration module transmission of the each concerning security matters carrier in bearer number list; The content of determining confidential information Notification of Changes comprises: the confidential information historical record of determining of determining in confidential information historical record is numbered, and generates the date of determining confidential information Notification of Changes;

B4, current item is determined to confidential information change the quantitative value N of message in messaging list and give M, complete assign operation M=N.

Described determine confidential information and automatically adjust the work period T of unit and be less than 30.

The date of determining confidential information Notification of Changes generating in described b3 step with determine in confidential information historical record to determine confidential information expired date identical.

Beneficial effect of the present invention is:

1, this system has taken into full account corresponding relation between secrets, classified information and concerning security matters carrier three and the difference on the order of magnitude, will determine the administering and maintaining in secrets, classified information and three aspects of concerning security matters carrier of confidential information.

2, in secrets, classified information and three aspects of concerning security matters carrier, carried out determining the interlock of confidential information due to native system, only need be at the enterprising line operate of aspect of this order of magnitude minimum of secrets to the change of determining confidential information, to the confidential information of determining of the larger classified information of the order of magnitude and concerning security matters carrier, the invention provides automatic accounting and the synchronous function of upgrading, thereby reduced the loaded down with trivial details work of determining confidential information carry out synchronous maintenance and management of working unit personnel to a large amount of classified informations and concerning security matters carrier.

3, utilize native system, to improving surely close work efficiency and strengthening the standardization of determining close work, there is important practice significance.

Accompanying drawing explanation

Fig. 1 is fixed close work main object and graph of a relation.

Fig. 2 is the logic relation picture between three modules in the present invention.

Fig. 3 is the fixed close administration module system construction drawing of secrets.

Fig. 4 is the fixed close administration module system construction drawing of classified information.

Fig. 5 is the fixed close administration module system construction drawing of concerning security matters carrier.

Fig. 6 is the fixed closely knit example of certain unit.

Fig. 7 is the example structure figure that the present invention is directed to Fig. 6.

Embodiment

Below in conjunction with accompanying drawing and concrete embodiment, describe in detail and how to utilize system of the present invention to carry out Dynamic Maintenance and management to determining confidential information.

A kind of Cascade-type secrete-level setting information synchronic processing system comprises: the fixed close administration module of secrets, for recording and safeguard the confidential information of determining of secrets; The fixed close administration module of classified information, for recording and safeguard the confidential information of determining of classified information; The fixed close administration module of concerning security matters carrier, for recording the essential information of concerning security matters carrier, and process send over from the fixed close administration module of classified information determine confidential information Notification of Changes.Fig. 2 is the logic relation picture between three modules in the present invention.

The fixed close administration module of described secrets and secrets are one-one relationship, structural drawing as shown in Figure 3, comprise: the fixed close record cell 301 of item, for recording the confidential information of determining of secrets, the confidential information of determining of secrets specifically comprises that event identification Item_ID, item title Item_N, item know that scope set Item_A, item level of confidentiality Item_L, item produce date Item_D, item security deadline Item_P and item decryption condition Item_DC; Classified information numbered list 302, for recording the information encoding of all classified informations that relate to secrets; Determine confidential information and change trigger element 303, determine confidential information change message and determine to complete secrets the change processing of confidential information for the fixed close record cell of item read and write to processings, transmission item.The content that item is determined confidential information change message Item_Msg mainly comprises: event identification Item_ID, item are determined confidential information Date Of Change, item is determined confidential information changed content (should simultaneously comprise result and after changing result before changing).

When system manager is during to the determining confidential information and change of secrets, as item known to scope set Item_A, item level of confidentiality Item_L, item security deadline Item_P, when a few items in item decryption condition Item_DC change, first result is after changing submitted to given confidential information to change trigger element 303, according to wanting changed content, determine confidential information change trigger element 303 reads out corresponding result before changing and preserves from the fixed close record cell 301 of item, then the result after changing of submitting to is write in the respective items in the fixed close record cell 301 of item, finally determining confidential information change trigger element 303 travels through classified information numbered list 302, take information encoding Info_ID as index, sending respectively an item to the fixed close administration module of all classified informations that relates to secrets determines confidential information and changes message Item_Msg.The content that this item is determined confidential information change message Item_Msg mainly comprises: event identification Item_ID, item are determined confidential information Date Of Change, item is determined confidential information changed content (should simultaneously comprise result and after changing result before changing).

Between the fixed close administration module of described classified information and classified information, it is man-to-man relation, structural drawing as shown in Figure 4, comprise: the fixed close record cell 401 of information, for recording the confidential information of determining of classified information, the confidential information of determining of classified information mainly comprises that information encoding Info_ID, name of the information Info_N, information knows that scope set Info_A, information level of confidentiality Info_L, information produce date Info_D, information privacy time limit Info_P, decrypts information condition list Info_DC_List; Secrets numbered list 402, for recording the event identification of all secrets that classified information relates to; Determine confidential information history list 403, determine confidential information historical record for what preserve classified information, historical record is automatically adjusted unit and is produced by determining confidential information; Item is determined confidential information and is changed messaging list 404, determine confidential information and changes the item that trigger element sends over and determine confidential information change message for receiving and preserve the fixed close administration module of secrets of all secrets that related to by classified information; Bearer number list 405, for the bearer number of all concerning security matters carriers of recording carrying classified information; And determine confidential information and automatically adjust unit 406, for according to the confidential information of determining of the related secrets of classified information, automatically calculate the confidential information of determining of classified information.

Determining confidential information automatically adjusts the mode of operation of unit 406 and has following two kinds:

1, when system generates the fixed close administration module of a classified information for certain part of concrete classified information is initial and carry out determining first when close for this classified information, determine confidential information and automatically adjust unit 406 and only the confidential information of determining of classified information is adjusted automatically, do not do other processing.Concrete accounting step is as follows:

(1) traversal secrets numbered list 402, take secrets numbering Item_ID as index, access the fixed close record cell 301 of item in fixed close administration module corresponding to every secrets, read out the confidential information of determining of every secrets relating in secrets numbered list 402, the confidential information of determining that must read is that item knows that scope set Item_A, item level of confidentiality Item_L, item produce date Item_D, item security deadline Item_P, item decryption condition Item_DC.

(2) according to the confidential information of determining of read whole secrets, calculate the confidential information of determining of classified information, concrete accounting method for: information knows that scope set Info_A knows that by read whole items the common factor of scope set Item_A forms; Decrypts information condition list Info_DC_List forms after being merged by read whole item decryption condition Item_DC; Information level of confidentiality Info_L is the High Security Level in read whole item level of confidentiality Item_L; The accounting relative complex of information privacy time limit Info_P, according to the read confidential information of determining, first complete respectively following calculating for every the secrets relating in secrets numbered list 402, computing method are: item produces date Item_D and adds item security deadline Item_P, then the information that deducts produces date Info_D.After calculating completes, for each secrets relating in secrets numbered list 402, all can obtain accordingly a time period numerical value, in these time period numerical value, maximum time period numerical value is exactly the information privacy time limit Info_P obtaining after adjusting.(explanatory notes: if the information privacy time limit Info_P obtaining is a negative, illustrate that current classified information is in time without having maintained secrecy again, whether continuation is maintained secrecy, only need be referring to the existence that whether also has decryption condition in decrypts information condition list Info_DC_List, if also there is decryption condition, showing still needs classified information to maintain secrecy.)

(3) by the respective items in the fixed close record cell 401 of confidential information writing information of determining of the classified information obtaining after adjusting, information is known scope set Info_A, information level of confidentiality Info_L, information privacy time limit Info_P, decrypts information condition list Info_DC_List.

2, when complete to classified information determine first confidential information adjust after, determining confidential information automatically adjusts unit 406 and will enter periodic duty pattern, the confidential information generation of determining because of secrets is in the future changed to the situation that confidential information generation is changed of determining that causes classified information, determine confidential information and automatically adjust unit 406 and up-to-dately determine confidential information by what automatically calculate termly classified information, keep synchronizeing in time with the confidential information of determining of secrets with the confidential information of determining of guaranteeing classified information.For this reason, the present invention is provided with two variablees in automatically adjusting unit 406 determining confidential information, is respectively M and T, wherein M is last when determining confidential information and automatically adjusting for record, and item is determined the quantity of message in confidential information change messaging list 404, in the present invention, M is positive integer, and first duration is 0; T is for setting the work period of determining confidential information and automatically adjust unit 406, and in the present invention, T is natural number, and unit is number of days, and the value of T should be less than 30 days conventionally.

Determine confidential information and automatically adjust unit and entering after periodic duty pattern, will, take T as the time interval, regularly complete following specific works:

Read item and determine the quantitative value N (being the current length of list) of message current preserved in confidential information change messaging list 404, and do to judge, if M equals N, be left intact; If N-M >=1, starts to carry out following work:

(1) from the fixed close record cell 401 of information, read classified information current determine confidential information, generate one and determine confidential information historical record sInfo_log, this records content and comprises: determine confidential information historical record numbering (system generates automatically), determine confidential information expired date while determining confidential information historical record (generate this date), information level of confidentiality Info_L, information privacy time limit Info_P, information is known scope set Info_A, decrypts information condition list Info_DC_List.The confidential information historical record of determining generating is added to and determined in confidential information history list 403;

(2) according to (1), (2), (3) step in 1, complete the work that confidential information is again automatically adjusted and write of determining to classified information;

(3) traversal bearer number list 405, take bearer number Carrier_ID as index, send and determine confidential information Notification of Changes Note_log to the fixed close administration module of the each concerning security matters carrier in bearer number list 405, the content of determining confidential information Notification of Changes Note_log comprises: the confidential information historical record of determining of determining in confidential information historical record sInfo_log is numbered, and generate the date of determining confidential information Notification of Changes, the present invention set this date should with determine in confidential information historical record sInfo_log to determine confidential information expired date identical;

(4) the quantitative value N that current item is determined to message in confidential information change messaging list 404 gives M, completes assign operation M=N.

Between the fixed close administration module of described concerning security matters carrier and concerning security matters carrier, it is man-to-man relation, structural drawing as shown in Figure 5, comprise: carrier information record cell 501, for recording the essential information of concerning security matters carrier, the essential information of concerning security matters carrier comprises that information encoding Info_ID, the carrier of bearer number Carrier_ID, the classified information that carries are made date Carrier_D and carrier is taken care of organization; Determine confidential information Notification of Changes list 502, for receiving and preserve determine by the fixed close administration module of classified information that confidential information adjusts that unit sends over automatically determine confidential information Notification of Changes, change processing unit 504 and send and trigger message and make its generation determine confidential information Notification of Changes list 503 to determining confidential information; Determine confidential information and change processing unit 504, for receiving while determining triggering message that confidential information Notification of Changes list 502 sends, from the fixed close record cell 401 of information, read the confidential information of determining of concerning security matters classified information that carrier carries, and confidential information Notification of Changes list 503 is determined in generation; Determine confidential information Notification of Changes list 503, change processing unit 504 and produce by determining confidential information, send to the keeping unit of concerning security matters carrier for concerning security matters classified information that carrier carries up-to-date determined to confidential information.

System can, using information encoding Info_ID as index, read the confidential information of determining of classified information in the fixed close administration module of corresponding classified information, and this determines the confidential information of determining that confidential information is exactly concerning security matters carrier.

Determining confidential information Notification of Changes list 503 contents mainly comprises: name of the information Info_N, bearer number Carrier_ID, carrier keeping organization, the current up-to-date of classified information that carrier carries are determined confidential information (being that information level of confidentiality Info_L, information privacy time limit Info_P, information are known scope set Info_A, decrypts information condition list Info_DC_List) and up-to-date effective date of determining confidential information, effective date, before determining 503 transmissions of confidential information Notification of Changes list, is formulated and is filled in by the fixed close person liable of our unit.

More than for determining the detailed description of each module in confidential information System of Synchronous Processing, in the time of application system of the present invention, every secrets that first system can relate to for unit creates respectively the fixed close administration module of a secrets, and system manager determines in the fixed close record cell 301 of item that confidential information is entered into the fixed close administration module of secrets every secrets.Complete after this work, classified information and carrier thereof that unit can start producing voluntarily carry out surely close work, and to determining the later stage Dynamic Maintenance of confidential information, groundwork will be completed automatically by system of the present invention.

A kind of cascade secret determination information synchronous disposal route, it comprises the following steps:

Produce and determine after confidential information Notification of Changes list, what system manager or other staff can regularly produce system determines the keeping unit of confidential information Notification of Changes single-shot toward corresponding carrier.

Described determine confidential information and automatically adjust the initial accounting of unit and comprise the following steps:

Described determine confidential information and automatically adjust unit and be provided with two variable M and T; Wherein M has represented lastly when determine confidential information and automatically adjusting, and item is determined the quantity of message in confidential information change messaging list, and M is positive integer, and first duration is 0; T represents to determine confidential information and automatically adjusts the work period of unit, and T is natural number, and unit is number of days;

Fig. 6 has provided the fixed closely knit example of certain unit, and wherein secrets has two, and numbering is respectively AA.01.01 and BB.04.01; Classified information has two parts, numbering is respectively 0001 and 0002, and classified information 0001 relates to two secrets, i.e. AA.01.01 and BB.04.01, it is as shown in table 1 that the item of secrets AA.01.01 and BB.04.01 is determined confidential information, and classified information 0002 only relates to secrets AA.01.01; Concerning security matters carrier has three parts, and numbering is respectively 000101,000102,000201, and wherein concerning security matters carrier 000101 and 000102 is all for carrying classified information 0001, and concerning security matters carrier 000201 carries classified information 0002.Fig. 7 is the example structure figure that the present invention is directed to Fig. 6.Describe as an example of classified information in Fig. 6 0001 and carrier 000101 and 000102 thereof example, can do similar processing to classified information 0002 and its carrier 000201.

The item of table 1. secrets AA.01.01 and BB.04.01 is determined confidential information

1, the initially fixed close embodiment of classified information and carrier thereof:

1.1, in the fixed close record cell 401 of the information in the fixed close administration module of classified information 0001, entry information numbering 0001 and information produce the date, and this example is decided to be in January, 2011;

1.2, in the secrets numbered list 402 of the fixed close administration module of classified information 0001, input transaction numbering AA.01.01 and BB.04.01.

1.3, input message numbering 0001 and 0002 in the classified information numbered list 302 of the fixed close administration module of secrets AA.01.01; Input message numbering 0001 in the classified information numbered list 302 of the fixed close administration module of secrets BB.04.01.

1.4, the every carrier information of the interior typing of carrier information record cell 501 in the fixed close administration module of concerning security matters carrier 000101 and 000102 respectively.Concrete entry information is referring to following table 2:

The information of table 2. concerning security matters carrier 000101 and 000102

1.5, in the bearer number list 405 of the fixed close administration module of classified information 0001, input the numbering 000101 and 000102 of concerning security matters carrier.

1.6, the confidential information of determining triggering in the fixed close administration module of classified information 0001 is adjusted singly 406 automatically, it is completed classified information 0001 initial determined to the automatic calculation work of confidential information.Its concrete calculation process is as follows:

(1) the secrets numbered list 402 in the fixed close administration module of traversal classified information 0001, take event identification AA.01.01 and BB.04.01 as index, the fixed close record cell 301 of item in the fixed close administration module of access secrets AA.01.01 and BB.04.01, read out respectively the confidential information of determining of secrets AA.01.01 and BB.04.01, the confidential information of determining that must read is that item is known scope set Item_A, item level of confidentiality Item_L, item produces date Item_D, item security deadline Item_P, item decryption condition Item_DC, specifically determining confidential information data can be referring to table 1.

(2) according to the confidential information of determining of the above-mentioned secrets AA.01.01 reading and BB.04.01, calculate the confidential information of determining of classified information 0001, concrete accounting method for: information knows that scope set Info_A knows that by read whole items the common factor of scope set Item_A forms, according to data in table 1, the information of classified information 0001 knows that scope set Info_A is exactly { Zhang San }, decrypts information condition list Info_DC_List is merged and is formed by read whole item decryption condition Item_DC, and according to data in table 1, the decrypts information condition list Info_DC_List of classified information 0001 is empty, there is no decryption condition, information level of confidentiality Info_L is for the High Security Level in read whole item level of confidentiality Item_L, and according to data in table 1, the information level of confidentiality Info_L of classified information 0001 is secret, the accounting relative complex of information privacy time limit Info_P, according to the read confidential information of determining, first complete respectively following calculating for secrets AA.01.01 and BB.04.01, computing method are: item produces date Item_D and adds item security deadline Item_P, the information that deducts again produces date Info_D, information according to data in table 1 and classified information 0001 produces the date, after calculating completes, for secrets AA.01.01 and BB.04.01, can obtain respectively a time period numerical value, they are respectively 4 years and 12 years, in these two time period numerical value, maximum time period numerical value is exactly to adjust the information privacy time limit Info_P obtaining afterwards, , the security deadline of classified information 0001 is 12 years.

(3), by determining of obtaining after the adjusting information of fixed close administration module that confidential information writes classified information 0001 calmly in the respective items in close record cell 401, information is known scope set Info_A, information level of confidentiality Info_L, information privacy time limit Info_P, decrypts information condition list Info_DC_List.

Above process, utilizes system of the present invention exactly, and classified information and carrier thereof that unit is produced carry out initially determining close process.

2, determine confidential information and change implementation Process example:

To determining the change of confidential information, can be that any one that the item of secrets is known to scope set Item_A, item level of confidentiality Item_L, item security deadline Item_P and item decryption condition Item_DC modified.System embodiment of the present invention for convenience of description, only changes to example with the item security deadline Item_P to secrets AA.01.01 here, by original 10 years (in table 1), is extended for 20 years.

The concrete implementation of system is as follows:

2.1, first by the up-to-date numerical value of the item security deadline Item_P of secrets AA.01.01 20 years, the confidential information of determining of submitting to the fixed close administration module of secrets AA.01.01 changes trigger element 303, determine the numerical value (10 years) that confidential information change trigger element 303 reads out former item security deadline Item_P from the fixed close record cell 301 of item of the fixed close administration module of secrets AA.01.01, and temporarily preserve, then by the up-to-date numerical value of item security deadline Item_P 20 years of submitting to, write in the fixed close record cell 301 of item of fixed close administration module of secrets AA.01.01, finally, the classified information numbered list 302 of the fixed close administration module of traversal secrets AA.01.01, traversing result is 0001 and 0002, send an item to the fixed close administration module of classified information 0001 and 0002 respectively and determine confidential information change message Item_Msg, the content of this message comprises: event identification AA.01.01, item is determined confidential information Date Of Change (being system current date), item is determined confidential information changed content (former item security deadline Item_P=10, item security deadline Item_P=20 after changing).In table 3, list the item of secrets AA.01.01 and BB.04.01 after changing and determined confidential information.

The table 3. after changing item of secrets AA.01.01 and BB.04.01 is determined confidential information

Now, the item of the fixed close administration module of classified information 0001 and 0002 is determined all can to receive and preserve above item in confidential information change messaging list 404 and is determined confidential information change message Item_Msg.Below explanation is mainly take classified information 0001 and carrier thereof as example.

2.2, due to after completing classified information 0001 initial fixed close, the confidential information of determining of its fixed close administration module is automatically adjusted unit 406 and will be entered periodic duty pattern, the present invention is provided with two variablees in automatically adjusting unit 406 determining confidential information, respectively M and T, when wherein M determines confidential information and automatically adjusts for record the last time, item is determined the quantity of message in confidential information change messaging list 404, in the present invention, M is positive integer, just duration is 0, for classified information 0001, complete last when determining confidential information and automatically adjusting, complete initial fixed when close, the value of M is exactly initial value 0, T is for setting the work period of determining confidential information and automatically adjust unit 406, and in the present invention, T is natural number, and unit is number of days, and the value of T should be less than 30 days conventionally.The fixed closely knit example of unit in Fig. 6, suppose the value of T to be made as 7 days, so, when classified information 0001 complete initial fixed close after, the confidential information of determining in its fixed close administration module is automatically adjusted unit 406 meetings and be completed following work every 7 days:

Read the item of the fixed close administration module of classified information 0001 and determine current preserved message count value N (being the current length of list) in confidential information change messaging list 404, and do to judge, if M equals N, be left intact; If N-M >=1, starts to carry out the synchronous working of determining confidential information.For this example, current N=1, M=0, i.e. N-M >=1, therefore will start to carry out following work:

(1) from the fixed close record cell 401 of information of the fixed close administration module of classified information 0001, read classified information 0001 when predetermination confidential information, generate one and determine confidential information historical record sInfo_log, this records content and comprises: determine confidential information historical record numbering (system generates automatically), determine confidential information expired date while determining confidential information historical record (generate this date), information level of confidentiality Info_L, information privacy time limit Info_P, information is known scope set Info_A, decrypts information condition list Info_DC_List.By the determining in confidential information history list 403 of fixed close administration module of determining confidential information historical record sInfo_log and add to classified information 0001 generating;

(2) the secrets numbered list 402 in the fixed close administration module of traversal classified information 0001, take event identification AA.01.01 and BB.04.01 as index, the fixed close record cell 301 of item in the fixed close administration module of access secrets AA.01.01 and BB.04.01, read out respectively the confidential information of determining of secrets AA.01.01 and BB.04.01, the confidential information of determining that must read is that item is known scope set Item_A, item level of confidentiality Item_L, item produces date Item_D, item security deadline Item_P, item decryption condition Item_DC, specifically determining confidential information data can be referring to table 3.

(3) according to the confidential information of determining of the above-mentioned secrets AA.01.01 reading and BB.04.01, calculate the confidential information of determining of classified information 0001, concrete accounting method for: information knows that scope set Info_A knows that by read whole items the common factor of scope set Item_A forms, according to data in table 3, the information of classified information 0001 knows that scope set Info_A is exactly { Zhang San }, decrypts information condition list Info_DC_List is merged and is formed by read whole item decryption condition Item_DC, and according to data in table 3, the decrypts information condition list Info_DC_List of classified information 0001 is empty, there is no decryption condition, information level of confidentiality Info_L is for the High Security Level in read whole item level of confidentiality Item_L, and according to data in table 3, the information level of confidentiality Info_L of classified information 0001 is secret, the accounting relative complex of information privacy time limit Info_P, according to the read confidential information of determining, first complete respectively following calculating for secrets AA.01.01 and BB.04.01, computing method are: item produces date Item_D and adds item security deadline Item_P, the information that deducts again produces date Info_D, information according to data in table 3 and classified information 0001 produces the date, after calculating completes, for secrets AA.01.01 and BB.04.01, can obtain respectively a time period numerical value, they are respectively 14 years and 12 years, in these two time period numerical value, maximum time period numerical value is exactly to adjust the information privacy time limit Info_P obtaining afterwards, , the security deadline of classified information 0001 is 14 years.

(4), by determining of obtaining after the adjusting information of fixed close administration module that confidential information writes classified information 0001 calmly in the respective items in close record cell 401, information is known scope set Info_A, information level of confidentiality Info_L, information privacy time limit Info_P, decrypts information condition list Info_DC_List.

(5) the bearer number list 405 of the fixed close administration module of traversal classified information 0001, take bearer number 000101 and 000102 as index, send and determine confidential information Notification of Changes Note_log to the fixed close administration module of concerning security matters carrier 000101 and 000102, this content of announcement comprises: the confidential information historical record of determining of determining in confidential information historical record sInfo_log of step (1) generation is numbered, and generate determine confidential information Notification of Changes Note_log date, the present invention set this date should with determine in confidential information historical record sInfo_log to determine confidential information expired date identical.

(6) the quantitative value N that current item is determined to message in confidential information change messaging list 404 gives M, completes assign operation M=N, and the currency of M is 1.

2.3,, below take concerning security matters carrier 000101 as example, the fixed close administration module that concerning security matters carrier 000101 is described is determined the processing done after confidential information Notification of Changes Note_log receiving.

The fixed close administration module of concerning security matters carrier 000101 determine confidential information Notification of Changes list 502 in receiving and preserving and determine confidential information Notification of Changes Note_log, can change processing unit 504 to confidential information at once and send triggering message, it is produced and determine confidential information Notification of Changes list 503, advice note main contents are: name of the information Info_N (does not provide in this example, but do not affect explanation main contents of the present invention), bearer number 000101, carrier keeping organization---" A of unit ", classified information that carrier carries 0001 current up-to-date determined confidential information, be that information level of confidentiality Info L is secret, information privacy time limit Info_P is 14 years, information knows that scope set Info_A is for { Zhang San }, decrypts information condition list Info_DC_List is empty, and the up-to-date effective date of determining confidential information, effective date is formulated and is filled in by the fixed close person liable of our unit determining before confidential information Notification of Changes single transmit.

System is determined after confidential information Notification of Changes list in generation, and unit can mail advice note to carrier keeping unit---" A of unit ", and the A of unit, after notified list, can take care of the adjustment of measure in time to the concerning security matters carrier 000101 of its preservation.

Above process, utilizes system of the present invention exactly, unit is determined to confidential information and change done a series of processing.

According to embodiments of the invention, can comprise for realizing computer system of the present invention, particularly, central processor CPU, storer and I/O interface.Computer system conventionally by I/O interface and display be connected such as this type of various input equipments of mouse and keyboard, support circuit can comprise the circuit as high-speed cache, power supply, clock circuit and communication bus.Storer can comprise random access memory ram, read only memory ROM, disc driver, magnetic tape station etc., or their combination.Computer platform also comprises operating system and micro-instruction code.Various process described herein and function can be the micro-instruction code carried out by operating system or a part for application program (or their combination).In addition, various other peripherals can be connected to this computer platform, as additional data storage device and printing device.

Claims

1. a Cascade-type secrete-level setting information synchronic processing system, is characterized in that: it comprises: the fixed close administration module of secrets, for recording and safeguard the confidential information of determining of secrets; The fixed close administration module of classified information, for recording and safeguard the confidential information of determining of classified information; The fixed close administration module of concerning security matters carrier, for recording the essential information of concerning security matters carrier, and process send over from the fixed close administration module of classified information determine confidential information Notification of Changes;

The fixed close administration module of described secrets and secrets are one-one relationship, comprising: the fixed close record cell of item, for recording the confidential information of determining of secrets; Classified information numbered list, for recording the information encoding of all classified informations that relate to secrets; Determine confidential information and change trigger element, determine confidential information change message and determine to complete secrets the change processing of confidential information for the fixed close record cell of item read and write to processings, transmission item; The content that item is determined confidential information change message mainly comprises: event identification, item are determined confidential information Date Of Change, item is determined confidential information changed content; Item is determined confidential information changed content and is comprised result and after changing result before changing;

Between the fixed close administration module of described classified information and classified information, be man-to-man relation, comprise: the fixed close record cell of information, for recording the confidential information of determining of classified information, secrets numbered list, for recording the event identification of all secrets that classified information relates to, determine confidential information history list, determine confidential information historical record for what preserve classified information, historical record is automatically adjusted unit and is produced by determining confidential information, item is determined confidential information and is changed messaging list, determine confidential information and changes the item that trigger element sends over and determine confidential information change message for receiving and preserve the fixed close administration module of secrets of all secrets that related to by classified information, bearer number list, for the bearer number of all concerning security matters carriers of recording carrying classified information, and determine confidential information and automatically adjust unit, be used for according to the confidential information of determining of the related secrets of classified information, automatically adjust the confidential information of determining of also synchronous classified information, to classified information determine after confidential information completes initial calculation work enter periodic duty pattern, to there is to change by the confidential information of determining of secrets the situation that confidential information generation is changed of determining that causes classified information, that determines that confidential information adjusts that unit calculates classified information termly automatically automatically up-to-dately determines confidential information, and confidential information Notification of Changes is determined in the confidential information Notification of Changes list transmission of determining of determining in close administration module to corresponding concerning security matters carrier,

2. Cascade-type secrete-level setting information synchronic processing system according to claim 1, is characterized in that: the confidential information of determining of the secrets of the fixed close recording unit records of described item specifically comprises that event identification, item title, item know that scope set, item level of confidentiality, item produce date, item security deadline and item decryption condition.

3. Cascade-type secrete-level setting information synchronic processing system according to claim 1, is characterized in that: the confidential information of determining of the classified information of the fixed close recording unit records of described information comprises that information encoding, name of the information, information knows that scope set, information level of confidentiality, information produce date, information privacy time limit and decrypts information condition list.

4. Cascade-type secrete-level setting information synchronic processing system according to claim 1, is characterized in that: the essential information of the concerning security matters carrier of described carrier information recording unit records comprises that information encoding, the carrier of bearer number, the classified information that carries are made the date and carrier is taken care of organization.

5. Cascade-type secrete-level setting information synchronic processing system according to claim 1, is characterized in that: describedly determine confidential information Notification of Changes list content and comprise: name of the information, bearer number, carrier keeping organization, the current up-to-date of classified information that carrier carries are determined confidential information and up-to-date effective date of determining confidential information; Classified information that carrier carries current up-to-date determined confidential information and comprised that information level of confidentiality, information privacy time limit, information knows scope set and decrypts information condition list.