CN105787375A - Privilege control method of encryption document in terminal and terminal - Google Patents
Privilege control method of encryption document in terminal and terminal Download PDFInfo
- Publication number
- CN105787375A CN105787375A CN201410821863.5A CN201410821863A CN105787375A CN 105787375 A CN105787375 A CN 105787375A CN 201410821863 A CN201410821863 A CN 201410821863A CN 105787375 A CN105787375 A CN 105787375A
- Authority
- CN
- China
- Prior art keywords
- file
- permission
- module
- user
- document management
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides a privilege control method of an encryption document in a terminal and the terminal. The method comprises that a file filter drive obtains the user identifier of a current user and a file header containing the file identifier of the current to-be-opened file of the user; when the file header comprises a file encryption identifier, the file filter drive sends a file privilege request instruction containing the user identifier and the file identifier to a file management module; the file management module sends received file privilege request instruction to a privilege management server, receives file privileges sent by the privilege management server and finally sends the file privileges to a file privilege control module; and the operations of the current user carried out to the file are controlled according to the file privileges, wherein the file management module sends the received file privileges sent by the privilege management server to the file privilege control module, thus enabling the privilege control module to control the privileges of the application layer needing to be carried out to the file currently by the user, and the processing demand of the user on the file is satisfied.
Description
Technical field
The present invention relates to information security technology, particularly relate to authority control method and the terminal of encrypted document in a kind of terminal.
Background technology
File transparent encryption technology is a kind of file ciphering technology including demand application and life for enterprise document; described transparent; refer to that encryption process will not be noticeable for a user; when user opens or during editing protected file; unencrypted file will be encrypted by system automatically; to the file decryption encrypted; file stores with ciphertext form on hard disk; internal memory is then expressly; environment is used once change; cannot open owing to automatic decryption services cannot be obtained, thus reaching the purpose of protection file content.
The requirement of user adopts the above-mentioned mode utilizing filter Driver on FSD that file permission is controlled, according to file type, the authority of file can only be controlled, and access limit can only be controlled, and cannot be carried out controlling to the authority of application layer, thus cannot be met.
Summary of the invention
The embodiment of the present invention provides authority control method and the terminal of the encrypted document in a kind of terminal, to solve cannot the authority of application layer be controlled thus the problem that cannot meet user's request.
First aspect present invention provides the authority control method of the encrypted document in a kind of terminal, and described terminal includes: filter Driver on FSD, document management module, file permission control module, and described method includes:
Described filter Driver on FSD obtains the ID of active user;
Described filter Driver on FSD obtains file header, and described file header includes the file identification of described active user file to be opened;
When described file header includes file encryption mark, described filter Driver on FSD sends file permission request instruction to described document management module, and described file permission request instruction includes described ID and described file identification;
Described document management module sends the described ID and described file identification that receive to right management server;
Described document management module receives the file permission that described right management server sends, and described file permission is for indicating the user couple operation executable with the file that described file identification identifies that described ID identifies;
Described document management module controls module to described file permission and sends described file permission;
Described file permission controls module and controls, according to the described file permission received, the operation that file is performed by active user.
In conjunction with first aspect, in the first possible implementation of first aspect, described file permission includes replicating operating right, and described duplication operating right includes the reproducible byte number of user that described ID identifies;
Described file permission controls module and controls, according to described file permission, the operation that file is performed by active user, including:
Described file permission controls module and replicates the greatest length of the content in the file that described file identification identifies according to user's reproducible byte number restriction active user that the described ID in described duplication operating right identifies.
In conjunction with the first possible implementation of first aspect, in the implementation that the second of first aspect is possible, described document management module also includes before receiving File Open instruction:
Described file permission controls module and registers shearing filter in the shear plate of the operating system of described terminal;
Described file permission also includes after controlling the module described duplication operating right of reception:
Described file permission controls module and is added in described shearing filter by described duplication operating right.
In conjunction with any one the possible implementation in the implementation that the first and the second of first aspect, first aspect are possible, in the third possible implementation of first aspect, described file permission includes printing authority, and described printing authority includes the number of pages that user that described ID identifies is printable;
The operation that file is performed by described file permission control module according to described file permission control active user includes:
Described file permission controls the printable number of pages restriction active user of user that module identifies according to the described ID in described printing authority and prints the maximum number of pages of the content in the file that described file identification identifies.
In conjunction with the third possible implementation of first aspect, in the 4th kind of possible implementation of first aspect, described document management module also includes before receiving File Open instruction:
Described file permission controls module and registers printing filter in the system print application programming interfaces API of the operating system of described terminal;
Described file permission also includes after controlling the module described printing authority of reception:
Described file permission controls module and described printing authority is added in printing filter.
In conjunction with first aspect, in the 5th kind of possible implementation of first aspect, described filter Driver on FSD also includes before obtaining file header:
Described document management module receives File Open instruction, and described File Open instruction includes the file path of described active user file to be opened;
Described file path is sent to described filter Driver on FSD by described document management module.
Second aspect present invention provides a kind of terminal, including: filter Driver on FSD, document management module, file permission control module, wherein,
Described filter Driver on FSD is for obtaining the ID of active user;
Described filter Driver on FSD is additionally operable to obtain file header, and described file header includes the file identification of described active user file to be opened;
When described file header includes file encryption mark, described filter Driver on FSD is additionally operable to send file permission request instruction to described document management module, and described file permission request instruction includes described ID and described file identification;
Described document management module for sending the described ID and described file identification received to right management server;
Described document management module is additionally operable to receive the file permission that described right management server sends, and described file permission is for indicating the user couple operation executable with the file that described file identification identifies that described ID identifies;
Described document management module is additionally operable to control module to described file permission and sends described file permission;
Described file permission controls module for controlling, according to the described file permission received, the operation that file is performed by active user.
In conjunction with second aspect, in the first possible implementation of second aspect, described file permission includes replicating operating right, and described duplication operating right includes the reproducible byte number of user that described ID identifies;
Described file permission control module specifically for: the user's reproducible byte number restriction active user identified according to the described ID in described duplication operating right replicates the greatest length of the content in the file that described file identification identifies.
The first possible implementation in conjunction with second aspect, in the implementation that the second of second aspect is possible, described document management module is additionally operable to: before receiving File Open instruction, and in the shear plate of the operating system of described terminal, filter is sheared in registration;
Described file permission controls module and is additionally operable to: after receiving described duplication operating right, be added in described shearing filter by described duplication operating right.
In conjunction with second aspect, second aspect the first to any one the possible implementation in the possible implementation of the second, in the third possible implementation of second aspect, also including printing authority in described file permission, described printing authority includes the number of pages that user that described ID identifies is printable;
Described file permission controls module and controls the printable number of pages restriction active user of user that module identifies according to the described ID in described printing authority specifically for: described file permission and print the maximum number of pages of the content in the file that described file identification identifies..
The third possible implementation in conjunction with second aspect, in the 4th kind of possible implementation of second aspect, described document management module is additionally operable to: before receiving File Open instruction, and in the system print application programming interfaces API of the operating system of described terminal, registration prints filter;
Described file permission controls module and is additionally operable to: after receiving described printing authority, described printing authority is added in printing filter.
In conjunction with second aspect, in the 4th kind of possible implementation of second aspect, described document management module is additionally operable to: before described filter Driver on FSD obtains file header, receives File Open instruction, and described File Open instruction includes the file path of described active user file to be opened;
Described file path is sent to described filter Driver on FSD.
In the present invention, filter Driver on FSD obtains the ID of active user, also obtain the file header of the file identification including active user's file to be opened, when file header includes file encryption mark, filter Driver on FSD sends the file permission request instruction including ID and file identification to document management module, document management module sends the ID and file identification that receive to right management server, then the user couple being used for indicating ID to identify of right management server transmission and the file permission of the executable operation of the file that file identification identifies are received, document management module controls module to file permission and sends file permission, file permission controls module and controls, according to the file permission received, the operation that file is performed by active user.Wherein, document management module is sent to file permission control module by the file permission that the right management server that will receive sends, so that file permission controls module control active user needs file is performed the authority of application layer, effectively meet user's requirement to file process.
Accompanying drawing explanation
In order to be illustrated more clearly that the technical scheme in the embodiment of the present invention, below the accompanying drawing used required during embodiment is described is briefly described, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
The flow chart of the authority control method of the encrypted document in the terminal that Fig. 1 provides for the embodiment of the present invention;
The structural representation of a kind of terminal that Fig. 2 provides for the embodiment of the present invention;
The structural representation of a kind of terminal that Fig. 3 provides for another embodiment of the present invention.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is explicitly described.
nullPresent invention could apply to that there is Microsoft's Window (English: the MicrosoftWindows) terminal of operating system,And terminal includes: filter Driver on FSD、Document management module、File permission controls module,Wherein,Filter Driver on FSD is (English: Filefilterdriver) for driving existing in Windows operating system,Itself and function-driven collectively constitute the driving of Windows operating system,And function-driven is for processing real business,And filter Driver on FSD is the driving of upper strata or the lower floor hanging over function-driven,Calling of all functions all can through topmost paper filtration drive,Arrive function-driven again,Arrive underlying file filtration drive again,Funcall can be processed and judge by filter Driver on FSD,Thus deciding whether to continue going down.And document management module is (English: Filemanagementmodule) for the module in the application layer in Windows operating system, the authority of information (such as: filename) and file for the managing file write permission of file (read right of file), and document management module involved in the embodiment of the present invention can also expand to the authority controlling application layer, for instance: control the duplication authority of file, control the print right etc. of file).And application layer control of authority module is (English: authorizationcontrolmoduleoftheapplicationlayer) to be the module increased newly in Windows operating system application layer, for for must being controlled in the authority that application layer controls, including with the present invention in use shear plate filter, print filter communicate, receive the application layer authority of specified file, and this authority is sent to shear plate filter, prints filter.
The flow chart of the authority control method of the encrypted document in the terminal that Fig. 1 provides for the embodiment of the present invention, as it is shown in figure 1, the method for the present embodiment may include that
Step 101, filter Driver on FSD obtain the ID of active user.
Concrete, due at company or group internal, file can be had different processing authority by different departments, different positions, therefore, the different departments of company or group internal, different position staff have an ID that can identify oneself identity.After terminal is opened, using the active user of terminal can input the ID of distribution, now filter Driver on FSD will get the ID of active user.
Step 102, filter Driver on FSD obtain file header, and file header includes the file identification of active user's file to be opened.
Optionally, before filter Driver on FSD obtains file header, also include:
Document management module receives File Open instruction, and File Open instruction includes the file path of active user's file to be opened, and file path is sent to filter Driver on FSD by document management module.
Wherein, when active user needs to open some file, first the document management module in terminal applies layer can receive a path containing active user's file to be opened, then the path of file to be opened for active user can be sent to the filter Driver on FSD driven in layer by document management module, filter Driver on FSD obtains the file header of active user's file to be opened according to the path of the active user received file to be opened from the correspondence disk of path, this file header can include the file identification of active user's file to be opened, if this file is encrypted, file header then will also include file encryption mark.
Step 103, when file header include file encryption mark time, filter Driver on FSD to document management module send file permission request instruction, file permission request instruction includes ID and file identification.
Wherein, after filter Driver on FSD gets the file header of active user's file to be opened, can judge whether file header has file encryption identify, if had, then illustrate that this file is encrypted, need demand file authority, if filter Driver on FSD judges to have in file header encryption identification, now, filter Driver on FSD also can extract the file identification of active user's file to be opened from file header, then file permission request instruction is sent to the document management module in application layer, file permission request instruction includes ID and the file identification of active user, so that document management module can obtain the file permission of active user's file to be opened from right management server.
Step 104, document management module send the ID and file identification that receive to right management server.
Step 105, document management module receive the file permission that right management server sends, and file permission is for indicating the user couple operation executable with the file that file identification identifies that ID identifies.
Step 106, document management module control module to file permission and send file permission.
Step 107, file permission control module and control, according to the file permission received, the operation that file is performed by active user.
Optionally, file permission includes replicating operating right, replicate operating right and include the reproducible byte number of user that ID identifies, also included before step 102: file permission controls module and registers shearing filter in the shear plate of the operating system of terminal, and after document management module controls module transmission duplication operating right to file permission, file permission controls module and can be added in shearing filter by replicating operating right, so that file permission controls module replicates the greatest length of the content in the file that file identification identifies according to the reproducible byte number restriction active user of user that the ID replicated in operating right identifies.
The present embodiment file control of authority module replicates the greatest length of the content in the file that file identification identifies according to the reproducible byte number restriction active user of user that the ID replicated in operating right identifies, can be shear filter to realize this process, wherein, this shears filter can be utilize the hook in existing Windows operating system (English: the program that principle HOOK) is write, further, shear filter and be actually a program segment processing message, called by system, it is linked into system.Send whenever active user replicates the message of the file that file identification identifies, will the function of calling system shear plate, and now shear filter and just first catch the message of this duplication, namely shear filter and first obtain control.At this moment shear filter and can replicate the greatest length of the content in the file that file identification identifies according to the reproducible byte number restriction active user of the user that the ID that the file permission control module received sends identifies, if the byte number that the reproducible byte number of user that ID identifies replicates the content in the file that file identification identifies with active user is identical, then perform to replicate operation.
Such as, when user needs 50 bytes in this document are replicated, and the authority items in shear plate filter is to replicate 20 words, then user does not replicate the authority of 50 bytes, then terminal can point out user's authority that you do not replicate or directly interrupt operation.
Optionally, file permission also includes printing authority, printing authority includes the number of pages that user that ID identifies is printable, also included before step 102: file permission controls the module system print application programming interfaces (applicationprogramminginterface in the operating system of terminal, abbreviation: in API), registration prints filter, and after document management module controls module transmission printing authority to file permission, file permission controls module and can printing authority be added in printing filter, so that file permission controls the maximum number of pages of the content in the file that the printable number of pages restriction active user's mimeograph documents of user that module identifies according to the ID in printing authority identify.
The maximum number of pages of the content in the file that the printable number of pages restriction active user's mimeograph documents of user that the present embodiment file control of authority module identifies according to the ID in printing authority identify, this process can be realized for printed filter fly sequence, this crosses and prints the program that the principle of the equally possible HOOK for utilizing in existing Windows operating system of filter fly sequence is write, further, print filter and be actually a program segment processing message, called by system, it is linked into system.The message of the file identified whenever active user's mimeograph documents sends, and will print the function of API by calling system, and now prints filter and will first catch the message of this duplication, namely prints filter and first obtain control.At this moment print filter and can limit the maximum number of pages of the content in the file that active user's mimeograph documents identify according to the number of pages that the user that the ID that the file permission control module received sends identifies is printable, if the printable number of pages of the user that ID identifies is identical with the number of print pages in the file that file identification is identified by active user's request, then perform printing.
The authority control method of the encrypted document in the terminal that the embodiment of the present invention provides, including: filter Driver on FSD obtains the ID of active user, also obtain the file header of the file identification including active user's file to be opened, when file header includes file encryption mark, filter Driver on FSD sends the file permission request instruction including ID and file identification to document management module, document management module sends the ID and file identification that receive to right management server, then the user couple being used for indicating ID to identify of right management server transmission and the file permission of the executable operation of the file that file identification identifies are received, document management module controls module to file permission and sends file permission, file permission controls module and controls, according to the file permission received, the operation that file is performed by active user.Wherein, document management module is sent to file permission control module by the file permission that the right management server that will receive sends, so that file permission control module can control active user needs the authority to the application layer that file performs, effectively meet user's requirement to file process.
The structural representation of a kind of terminal that Fig. 2 provides for the embodiment of the present invention, as in figure 2 it is shown, terminal 200 may include that filter Driver on FSD 201, document management module 202, file permission control module 203, wherein,
Filter Driver on FSD 201 is for obtaining the ID of active user;
Filter Driver on FSD 201 is additionally operable to obtain file header, and file header includes the file identification of active user's file to be opened;
When file header includes file encryption mark, filter Driver on FSD 201 is additionally operable to send file permission request instruction to document management module 202, and file permission request instruction includes ID and file identification;
Document management module 202 for sending the ID and file identification received to right management server;
Document management module 202 is additionally operable to receive the file permission that right management server sends, and file permission is for indicating the user couple operation executable with the file that file identification identifies that ID identifies;
Document management module 202 is additionally operable to control module 203 to file permission and sends file permission;
File permission controls module 203 for controlling, according to the file permission received, the operation that file is performed by active user.
Optionally, file permission includes replicating operating right, replicates operating right and includes the reproducible byte number of user that ID identifies;
File permission control module 203 specifically for: the reproducible byte number restriction active user of user identified according to the ID replicated in operating right replicates the greatest length of the content in the file that file identification identifies.
Further, document management module 202 is additionally operable to: before receiving File Open instruction, and in the shear plate of the operating system of terminal, filter is sheared in registration;
File permission controls module 203 and is additionally operable to: after receiving duplication operating right, is added into by duplication operating right in shearing filter.
Optionally, also including printing authority in file permission, printing authority includes the number of pages that user that ID identifies is printable;
File permission controls module 203 and controls the maximum number of pages of content in the file that the printable number of pages restriction active user's mimeograph documents of user that module 203 identifies according to the ID in printing authority identify specifically for: file permission.
Further, document management module 202 is additionally operable to: before receiving File Open instruction, and in the system print application programming interfaces API of the operating system of terminal, registration prints filter;
File permission controls module 203 and is additionally operable to: after receiving printing authority, printing authority is added in printing filter.
Optionally, document management module 202 is additionally operable to: before filter Driver on FSD 201 obtains file header, receives File Open instruction, and File Open instruction includes the file path of active user's file to be opened;
File path is sent to filter Driver on FSD 201.
The terminal of the present embodiment, it is possible to for performing the technical scheme of embodiment of the method shown in Fig. 1, it is similar with technique effect that it realizes principle, repeats no more herein.
The structural representation of a kind of terminal that Fig. 3 provides for another embodiment of the present invention, as it is shown on figure 3, this terminal can be computer, this terminal 300 may include that
Interface 301, memorizer 302 and processor 303.Wherein, interface 301, connected by communication bus 304 between memorizer 302 and processor 303.
Interface 301 can be one or more of: be provided with network interface controller (English: networkinterfacecontroller, the abbreviation: NIC), for instance Ethernet NIC of line interface;The NIC of wave point is provided, for instance and WLAN (English: wirelesslocalareanetwork, abbreviation: WLAN) NIC.This terminal can be passed through interface 301 and sends to right management server and receive message.
Memorizer 302, stores program code, and storage forwards instruction message, and the program code of storage is transferred to processor 303.
Memorizer 302, it is possible to be that volatile memory is (English: volatilememory), for instance random access memory (English: random-accessmemory, abbreviation: RAM);Or nonvolatile memory is (English: non-volatilememory), such as flash memory is (English: flashmemory), hard disk is (English: harddiskdrive, abbreviation: HDD) or solid state hard disc (English: solid-statedrive, abbreviation: SSD);Or the combination of the memorizer of mentioned kind.
Processor 303 can be central processing unit (English: centralprocessingunit, abbreviation: CPU).
Processor 303, it is thus achieved that the program code of storage in memorizer 303, and generate filter Driver on FSD, document management module and file permission control module according to the program code obtained.Wherein, filter Driver on FSD obtains ID and the file header of active user, file header includes the file identification of active user's file to be opened, when file header includes file encryption mark, filter Driver on FSD sends file permission request instruction to document management module, file permission request instruction includes ID and file identification, then, document management module sends ID and file identification to right management server, document management module receives the file permission that right management server sends, file permission is for indicating the user couple operation executable with the file that file identification identifies that ID identifies, finally, document management module controls module to file permission and sends file permission, file permission controls module and controls, according to the file permission received, the operation that file is performed by active user.
Optionally, file permission includes replicating operating right, replicates operating right and includes the reproducible byte number of user that ID identifies;
File permission controls module and controls, according to file permission, the operation that file is performed by active user, including:
File permission controls module and replicates the greatest length of the content in the file that file identification identifies according to the reproducible byte number restriction active user of user that the ID replicated in operating right identifies.
Optionally, document management module also includes before receiving File Open instruction:
File permission controls module and registers shearing filter in the shear plate of the operating system of terminal;
File permission also includes after controlling module reception duplication operating right:
File permission controls module and is added into by duplication operating right in shearing filter.
Optionally, also including printing authority in file permission, printing authority includes the number of pages that user that ID identifies is printable;
The operation that file is performed by file permission control module according to file permission control active user includes:
File permission controls the maximum number of pages of the content in the file that the printable number of pages restriction active user's mimeograph documents of user that module identifies according to the ID in printing authority identify.
Optionally, document management module also includes before receiving File Open instruction:
File permission controls module and registers printing filter in the system print application programming interfaces API of the operating system of terminal;
File permission also includes after controlling module reception printing authority:
File permission controls module and printing authority is added in printing filter.
Further, filter Driver on FSD also includes before obtaining file header:
Document management module receives File Open instruction, and File Open instruction includes the file path of active user's file to be opened;
File path is sent to filter Driver on FSD by document management module.
The terminal of the present embodiment, it is possible to for performing the technical scheme of embodiment of the method shown in Fig. 1, it is similar with technique effect that it realizes principle, repeats no more herein.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can be completed by the hardware that programmed instruction is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program upon execution, performs to include the step of above-mentioned each embodiment of the method;And aforesaid storage medium includes: read only memory (English: read-onlymemory, ROM) or the various media that can store program code such as RAM, magnetic disc or CD abbreviation:.
Last it is noted that various embodiments above is only in order to illustrate technical scheme, it is not intended to limit;Although the present invention being described in detail with reference to foregoing embodiments, it will be understood by those within the art that: the technical scheme described in foregoing embodiments still can be modified by it, or wherein some or all of technical characteristic is carried out equivalent replacement;And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of the claims in the present invention.
Claims (12)
1. an authority control method for the encrypted document in terminal, described terminal includes: filter Driver on FSD, document management module, file permission control module, it is characterised in that described method includes:
Described filter Driver on FSD obtains the ID of active user;
Described filter Driver on FSD obtains file header, and described file header includes the file identification of described active user file to be opened;
When described file header includes file encryption mark, described filter Driver on FSD sends file permission request instruction to described document management module, and described file permission request instruction includes described ID and described file identification;
Described document management module sends described ID and described file identification to right management server;
Described document management module receives the file permission that described right management server sends, and described file permission is for indicating the user couple operation executable with the file that described file identification identifies that described ID identifies;
Described document management module controls module to described file permission and sends described file permission;
Described file permission controls module and controls, according to the described file permission received, the operation that file is performed by active user.
2. method according to claim 1, it is characterised in that described file permission includes replicating operating right, and described duplication operating right includes the reproducible byte number of user that described ID identifies;
Described file permission controls module and controls, according to described file permission, the operation that file is performed by active user, including:
Described file permission controls module and replicates the greatest length of the content in the file that described file identification identifies according to user's reproducible byte number restriction active user that the described ID in described duplication operating right identifies.
3. method according to claim 2, it is characterised in that described document management module also includes before receiving File Open instruction:
Described file permission controls module and registers shearing filter in the shear plate of the operating system of described terminal;
Described file permission also includes after controlling the module described duplication operating right of reception:
Described file permission controls module and is added in described shearing filter by described duplication operating right.
4. the method according to any one of claims 1 to 3, it is characterised in that also include printing authority in described file permission, described printing authority includes the number of pages that user that described ID identifies is printable;
The operation that file is performed by described file permission control module according to described file permission control active user includes:
Described file permission controls the printable number of pages restriction active user of user that module identifies according to the described ID in described printing authority and prints the maximum number of pages of the content in the file that described file identification identifies.
5. method according to claim 4, it is characterised in that described document management module also includes before receiving File Open instruction:
Described file permission controls module and registers printing filter in the system print application programming interfaces API of the operating system of described terminal;
Described file permission also includes after controlling the module described printing authority of reception:
Described file permission controls module and described printing authority is added in printing filter.
6. method according to claim 1, it is characterised in that described filter Driver on FSD also includes before obtaining file header:
Described document management module receives File Open instruction, and described File Open instruction includes the file path of described active user file to be opened;
Described file path is sent to described filter Driver on FSD by described document management module.
7. a terminal, it is characterised in that including: filter Driver on FSD, document management module, file permission control module, wherein,
Described filter Driver on FSD is for obtaining the ID of active user;
Described filter Driver on FSD is additionally operable to obtain file header, and described file header includes the file identification of described active user file to be opened;
When described file header includes file encryption mark, described filter Driver on FSD is additionally operable to send file permission request instruction to described document management module, and described file permission request instruction includes described ID and described file identification;
Described document management module for sending the described ID and described file identification received to right management server;
Described document management module is additionally operable to receive the file permission that described right management server sends, and described file permission is for indicating the user couple operation executable with the file that described file identification identifies that described ID identifies;
Described document management module is additionally operable to control module to described file permission and sends described file permission;
Described file permission controls module for controlling, according to the described file permission received, the operation that file is performed by active user.
8. terminal according to claim 7, it is characterised in that described file permission includes replicating operating right, and described duplication operating right includes the reproducible byte number of user that described ID identifies;
Described file permission control module specifically for: the user's reproducible byte number restriction active user identified according to the described ID in described duplication operating right replicates the greatest length of the content in the file that described file identification identifies.
9. terminal according to claim 8, it is characterised in that described document management module is additionally operable to: before receiving File Open instruction, in the shear plate of the operating system of described terminal, filter is sheared in registration;
Described file permission controls module and is additionally operable to: after receiving described duplication operating right, be added in described shearing filter by described duplication operating right.
10. the terminal according to any one of claim 7 to 9, it is characterised in that also include printing authority in described file permission, described printing authority includes the number of pages that user that described ID identifies is printable;
Described file permission controls module and controls the printable number of pages restriction active user of user that module identifies according to the described ID in described printing authority specifically for: described file permission and print the maximum number of pages of the content in the file that described file identification identifies.
11. terminal according to claim 10, it is characterised in that described document management module is additionally operable to: before receiving File Open instruction, in the system print application programming interfaces API of the operating system of described terminal, registration prints filter;
Described file permission controls module and is additionally operable to: after receiving described printing authority, described printing authority is added in printing filter.
12. terminal according to claim 7, it is characterized in that, described document management module is additionally operable to: before described filter Driver on FSD obtains file header, receives File Open instruction, and described File Open instruction includes the file path of described active user file to be opened;
Described file path is sent to described filter Driver on FSD.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410821863.5A CN105787375A (en) | 2014-12-25 | 2014-12-25 | Privilege control method of encryption document in terminal and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410821863.5A CN105787375A (en) | 2014-12-25 | 2014-12-25 | Privilege control method of encryption document in terminal and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105787375A true CN105787375A (en) | 2016-07-20 |
Family
ID=56377806
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410821863.5A Pending CN105787375A (en) | 2014-12-25 | 2014-12-25 | Privilege control method of encryption document in terminal and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105787375A (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200025A (en) * | 2017-12-26 | 2018-06-22 | 华中科技大学同济医学院附属协和医院 | A kind of shared file management system of office automatic |
| CN109388966A (en) * | 2018-10-08 | 2019-02-26 | 北京北信源信息安全技术有限公司 | File permission control method and device |
| CN110971580A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | Authority control method and device |
| CN111159758A (en) * | 2019-12-18 | 2020-05-15 | 深信服科技股份有限公司 | Identification method, device and storage medium |
| CN112182605A (en) * | 2020-09-24 | 2021-01-05 | 建信金融科技有限责任公司 | Operation request processing method and device, electronic equipment and readable storage medium |
| CN115292740A (en) * | 2022-10-09 | 2022-11-04 | 北京时代亿信科技股份有限公司 | Method and device for managing clipboard and nonvolatile storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822014A (en) * | 2006-03-23 | 2006-08-23 | 沈明峰 | Protecting method for security files under cooperative working environment |
| US20100162347A1 (en) * | 2008-12-22 | 2010-06-24 | Ian Barile | Adaptive data loss prevention policies |
| CN201682524U (en) * | 2010-04-19 | 2010-12-22 | 北京时代亿信科技有限公司 | Document transfer authority control system based on document filtering driver |
| CN101960465A (en) * | 2008-03-03 | 2011-01-26 | 日本电气株式会社 | Classified information leakage prevention system and classified information leakage prevention method |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
-
2014
- 2014-12-25 CN CN201410821863.5A patent/CN105787375A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1822014A (en) * | 2006-03-23 | 2006-08-23 | 沈明峰 | Protecting method for security files under cooperative working environment |
| CN101960465A (en) * | 2008-03-03 | 2011-01-26 | 日本电气株式会社 | Classified information leakage prevention system and classified information leakage prevention method |
| US20100162347A1 (en) * | 2008-12-22 | 2010-06-24 | Ian Barile | Adaptive data loss prevention policies |
| CN201682524U (en) * | 2010-04-19 | 2010-12-22 | 北京时代亿信科技有限公司 | Document transfer authority control system based on document filtering driver |
| CN103530570A (en) * | 2013-09-24 | 2014-01-22 | 国家电网公司 | Electronic document safety management system and method |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108200025A (en) * | 2017-12-26 | 2018-06-22 | 华中科技大学同济医学院附属协和医院 | A kind of shared file management system of office automatic |
| CN110971580A (en) * | 2018-09-30 | 2020-04-07 | 北京国双科技有限公司 | Authority control method and device |
| CN110971580B (en) * | 2018-09-30 | 2022-05-17 | 北京国双科技有限公司 | Authority control method and device |
| CN109388966A (en) * | 2018-10-08 | 2019-02-26 | 北京北信源信息安全技术有限公司 | File permission control method and device |
| CN111159758A (en) * | 2019-12-18 | 2020-05-15 | 深信服科技股份有限公司 | Identification method, device and storage medium |
| CN112182605A (en) * | 2020-09-24 | 2021-01-05 | 建信金融科技有限责任公司 | Operation request processing method and device, electronic equipment and readable storage medium |
| CN115292740A (en) * | 2022-10-09 | 2022-11-04 | 北京时代亿信科技股份有限公司 | Method and device for managing clipboard and nonvolatile storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105787375A (en) | Privilege control method of encryption document in terminal and terminal | |
| US8032464B2 (en) | Server printing apparatus and its control method, and computer program | |
| US8286231B2 (en) | System and method for information sharing between non-secure devices | |
| CN104025544B (en) | Sensitive information leakage prevention system, and sensitive information leakage prevention method | |
| JP2019220230A (en) | Data processing method and data processing device | |
| US8261055B2 (en) | Information processing apparatus and system and data communication method pertaining to the information processing system | |
| CN105337831B (en) | The implementation method and client device of Virtual Private Network | |
| CN104715209B (en) | A kind of outgoing document encryption protecting method | |
| DE112014000337T5 (en) | Secure execution of software modules on a computer | |
| US8302206B2 (en) | Appropriate control of access right to access a document within set number of accessible times | |
| US10331372B1 (en) | Application and system settings configuration filtering during physical to virtual hard disk conversion | |
| JP4516598B2 (en) | How to control document copying | |
| EP3270322B1 (en) | Encrypting system level data structures | |
| JP2007110298A (en) | Information processing apparatus, print system, print job generating method, and program | |
| CN104123371A (en) | Transparent Windows kernel file filtering method based on hierarchical file system | |
| JP2007128234A (en) | Image formation apparatus, method for setting security function, computer program for setting security function and recording medium | |
| US11750558B2 (en) | System and method for managing network connected devices | |
| US20160117135A1 (en) | Apparatus and method for processing information on file or job | |
| KR20130079004A (en) | Mobile data loss prevention system and method for providing virtual security environment using file system virtualization on smart phone | |
| US10140431B2 (en) | File management system and user terminal in file management system | |
| CN105208115B (en) | A kind of network-based file separation storage and transmission and management system and method | |
| US11182116B2 (en) | Information processing apparatus and non-transitory computer readable medium | |
| KR101028149B1 (en) | File managing device of client apparatus, method thereof and recorded medium recorded with program thereof | |
| KR101028150B1 (en) | File managing device of client apparatus, method thereof and recorded medium recorded with program thereof | |
| US20240171528A1 (en) | Information processing method and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160720 |
|
| RJ01 | Rejection of invention patent application after publication |