TW201324232A - Method for recording file use historical information - Google Patents
Method for recording file use historical information Download PDFInfo
- Publication number
- TW201324232A TW201324232A TW100145504A TW100145504A TW201324232A TW 201324232 A TW201324232 A TW 201324232A TW 100145504 A TW100145504 A TW 100145504A TW 100145504 A TW100145504 A TW 100145504A TW 201324232 A TW201324232 A TW 201324232A
- Authority
- TW
- Taiwan
- Prior art keywords
- file
- data
- history information
- information
- recording
- Prior art date
Links
Landscapes
- Storage Device Security (AREA)
Abstract
Description
本發明係關於一種記錄檔案使用歷程資訊的方法,特別是關於一種利用資料加密解密技術來保護資料,並產生檔案使用歷程資訊的方法。利用本方法所產生的檔案使用歷程資訊,可提供可信的檔案來源及被使用歷程資訊。The invention relates to a method for recording the history information of a file, in particular to a method for protecting data by using data encryption and decryption technology and generating information on the history of the file. The file usage history information generated by the method can provide a trusted file source and used history information.
在本案之前並無確切之技術可達到此效果。以往一般存放於電腦檔案系統上之數位檔案無一與檔案本身綁定之檔案來源及被使用歷程資訊。傳統微軟Windows作業系統上的檔案系統於檔案生成或被修改時僅記錄一些簡單的資訊,且這些資訊所能提供的信息有限、無累積保留且易被修改,故不具可靠性。若是特定應用檔案格式,檔案使用歷程資訊被藏於封閉的格式中,則只有該特定應用程式能解讀及應用該檔案相關歷程資訊,其它應用程式很難得到這些資訊去做一些原應用程式未提供的服務,如數位檔案追蹤管理。若無提供這種資訊服務的檔案格式就無法得知檔案被使用的歷史。There is no definitive technique to achieve this effect before the case. In the past, the digital files generally stored on the computer file system have no file source and usage history information bound to the file itself. The file system on the traditional Microsoft Windows operating system only records some simple information when the file is generated or modified, and the information can provide limited information, no accumulation and easy to be modified, so it is not reliable. In the case of a specific application file format, the file usage history information is hidden in a closed format, and only the specific application can interpret and apply the file related history information, and other applications have difficulty obtaining the information to do some original applications. Services such as digital file tracking management. Without the file format for providing such information services, it is impossible to know the history of the files being used.
近年來數位檔案智慧財產保護需求升高,檔案的來源及使用追蹤資訊為數位內容智慧財產保護方法中的一環。鑑於數位內容智慧財產保護追蹤管理之重要性,實需一具可靠性及可應用於各種檔案格式之記錄檔案使用歷程資訊的方法。由此可見,上述習用方式仍有諸多不足,實非一良善之設計,而亟待加以改良。In recent years, the demand for intellectual property protection of digital archives has increased, and the source of archives and the use of tracking information are part of the digital content intellectual property protection method. In view of the importance of digital content intellectual property protection tracking management, there is a need for a method of reliability and application history information that can be applied to various file formats. It can be seen that there are still many shortcomings in the above-mentioned methods of use. It is not a good design and needs to be improved.
本案發明人鑑於上述習用方式所衍生的各項缺點,乃亟思加以改良創新,並經苦心孤詣潛心研究後,終於成功研發完成本件一種基於相似度比對的內容分析方法。In view of the shortcomings derived from the above-mentioned conventional methods, the inventor of the present invention has improved and innovated, and after painstaking research, finally successfully developed a content analysis method based on similarity comparison.
本發明之目的即在於提供一種具可靠性且無須綁定特定檔案格式之一種記錄檔案使用歷程資訊的方法,係將原數位檔案資料以數位資料加密技術加密,並藏入數位檔案使用歷程資訊。加密技術之運用,可確保產生之數位檔案使用歷程資訊與檔案本身資料綁定並提供相當程度的可驗證性及可信度。若系統偵測到數位檔案使用歷程資訊或檔資料損毀、被竄改,則可控制停止解密數位資料檔案內容本身,以確保檔案及檔案使用歷程資訊的一致及正確性。本機制可經由記錄於原數位檔案內之檔案使用歷程資訊了解檔案資料的來源及被使用情形歷史。The object of the present invention is to provide a method for recording the history of the record file with reliability and without binding to a specific file format, which is to encrypt the original digital file data by digital data encryption technology and hide the digital file usage history information. The use of encryption technology ensures that the digital file usage history information is tied to the file itself and provides a considerable degree of verifiability and credibility. If the system detects that the digital file usage history information or file data is damaged or tampered with, it can control to stop decrypting the digital data file itself to ensure the consistency and correctness of the file and file usage history information. This mechanism can know the source of the archived materials and the history of the use cases through the history of the archives recorded in the original digital file.
具有上述優點之本件一種記錄檔案使用歷程資訊的方法,係採用物件導向(Object-Orientation,簡稱OO)技術設計,分為伺服端及使用者端元件網路通訊架構。伺服端元件:系統金鑰伺服器,主要功能為系統金鑰之保存、維護、管理及查詢,並提供伺服器時間資料。使用者端元件又分為Client Agent及檔案資料讀寫加解密驅動器(Cipher I/O Driver)兩部分。Client Agent採一般常駐代理程式模式執行。主要功能為系統金鑰及時間取得、收集使用終端環境資訊、監控應用程式檔案開啟事件、控制檔案資料讀寫加解密驅動器是否啟用。檔案資料讀寫加解密驅動器以驅動程式方式安裝於終端設備。主要功能為數位資料加解密及數位檔案來源及被使用歷程資訊產生、加密保護跟解密讀取等。The method having the above advantages is a method for recording the usage history information of the file, which is designed by Object-Orientation (OO) technology, and is divided into a network communication architecture of the server end and the user end element. Server component: System key server, the main function is to save, maintain, manage and query the system key, and provide server time data. The user-side components are further divided into two parts: the Client Agent and the Cipher I/O Driver. The Client Agent is executed in the normal resident agent mode. The main functions are system key and time acquisition, collecting and using terminal environment information, monitoring application file open events, and controlling whether the file data read/write encryption/decryption drive is enabled. The file data read/write encryption/decryption driver is installed in the terminal device in a driver manner. The main functions are digital data encryption and decryption, digital file source and usage history information generation, encryption protection and decryption reading.
一種記錄檔案使用歷程資訊之方法,係利用介入作業系統資料輸入輸出底層之檔案資料讀寫加解密驅動器技術,以達到非限定檔案型態之產生檔案使用歷程資訊之目的,其步驟包含:檔案創建;檔案驗證;檔案使用歷程資料新增;以及檔案使用歷程資訊查詢。其中該檔案創建時,其同時產生檔案來源資訊,並利用數位資料加密及數位指紋技術將檔案來源資訊與檔案資料內容綁定。該檔案來源資訊係包含登入者、中央處理器序號、硬碟序號、網路卡卡號、網路位址、時間、以及應用軟體版本之作業環境軟硬體資訊。該檔案創建,其同時以檔案內容資料及歷程資料計算數位指紋,並加密處理造成檔案內容與檔案使用歷程資料綁定以達到驗證效果。該檔案創建,其該檔案內容資料、該檔案來源資訊、及所計算出數位指紋資料均加密保護。該檔案驗證步驟包含:先使用一機制比對原先儲存於檔案中之數位指紋與實際計算所得是否相同;再判別檔案內之該檔案內容資料及使用歷程資訊是否均為該檔案所有;該檔案內容資料及使用該歷程資訊是否均無遭受破壞;以及最後檢驗結果是否正確,若為否,則控制停止應用程式對該檔案資料讀取解密動作。其中該檔案使用歷程資訊新增步驟包含:先使用一機制,當舊檔案***作後,產生對應之欲記錄之使用歷程資訊;計算使用該歷程資訊及該操作完成後檔案內容資料之數位指紋;並以數位資料加密技術將新增之使用該歷程資訊及所計算的數位指紋資料加密儲存;以及最後該檔案***作前,執行檔案驗證,若驗證失敗則禁止該操作。其中該欲記錄之使用歷程資訊之操作事件係包含檔案開啟、檔案修改、檔案內容複製及檔案列印等。該檔案使用歷程資訊查詢步驟包含:使用一機制取得欲查詢檔案路徑後進行檔案驗證;若驗證成功以數位資料解密技術解讀檔案內記錄之檔案使用歷程資訊給與提出需求者;以及若驗證失敗則回應檔案毀損訊息。該機制係為使用者端代理程式。A method for recording the history information of a file is to use the data of the input and output file of the intervention operation system to input and output the underlying file data read/write encryption/decryption drive technology, so as to achieve the purpose of generating the file usage history information of the unrestricted file type, and the steps include: file creation ; file verification; file usage history data added; and file usage history information query. When the file is created, it simultaneously generates the file source information, and uses the digital data encryption and digital fingerprint technology to bind the file source information with the file data content. The file source information includes the login environment, the serial number of the CPU, the serial number of the hard disk, the network card number, the network address, the time, and the operating environment software and hardware information of the application software version. The file is created, and the digital fingerprint is calculated by the file content data and the history data, and the encryption process is used to bind the file content and the file usage history data to achieve the verification effect. The file is created, and the file content data, the file source information, and the calculated digital fingerprint data are all encrypted and protected. The file verification step includes: firstly using a mechanism to compare whether the digital fingerprint originally stored in the file is the same as the actual calculation result; and determining whether the file content data and the usage history information in the file are all owned by the file; Whether the data and the information used in the process are not damaged; and whether the final test result is correct, if not, the control stops the application to read and decrypt the file data. The step of adding the history information of the file includes: firstly using a mechanism, when the old file is operated, generating corresponding usage history information to be recorded; calculating a digital fingerprint using the history information and the file content data after the operation is completed; The digital data encryption technology is used to encrypt and store the newly used digital information and the calculated digital fingerprint data; and finally, before the file is operated, the file verification is performed, and if the verification fails, the operation is prohibited. The operation events of the usage history information to be recorded include file opening, file modification, file content copying, and file printing. The file usage history information query step includes: using a mechanism to obtain a file path to be queried for file verification; if the verification is successful, the digital data decryption technology is used to interpret the file usage history information recorded in the file to the requester; and if the verification fails Respond to file corruption messages. This mechanism is a client-side agent.
本發明所提供之一種記錄檔案使用歷程資訊的方法,具有下列之優點:The method for recording the use history information of the file provided by the invention has the following advantages:
1. 可套用於任何檔案格式,產生檔案使用歷程資訊。1. Can be applied to any file format to generate information on the history of the file.
2. 檔案資料本身與檔案使用歷程資訊透過加密及數位指紋技術綁定,若被破壞可被偵測。2. The file data itself and the file usage history information are bound by encryption and digital fingerprint technology, and can be detected if it is destroyed.
3. 檔案使用歷程資訊具可驗證性。若遭更改或破壞可停止後續檔案資料的存取。3. The file usage history information is verifiable. If it is changed or destroyed, the access to subsequent files can be stopped.
4. 可同時產生保護檔案資料內容的作用。4. The role of protecting the contents of the archives can be generated at the same time.
5. 所產生之檔案使用歷程資訊可清處了解檔案被使用的過程,利於檔案的使用追蹤。5. The generated file usage history information can be used to understand the process of using the file and facilitate the tracking of the use of the file.
請參閱圖一所示,為本發明一種記錄檔案使用歷程資訊的方法之系統元件架構圖。本機制之運作實施需先完成系統金鑰伺服器600架設,並於使用者端電腦200安裝Client Agent程式400及檔案資料讀寫加解密驅動器300。完成安裝設定後,使用者100以被允許之帳號登入使用者端電腦。Please refer to FIG. 1 , which is a structural diagram of a system component of a method for recording history information of a file. The operation of the mechanism needs to complete the installation of the system key server 600, and install the Client Agent program 400 and the file data read/write encryption/decryption driver 300 on the user terminal computer 200. After the installation settings are completed, the user 100 logs in to the user's computer with the allowed account.
虛線左邊為本件一種記錄檔案使用歷程資訊的方法之伺服器端,由系統金鑰伺服器600組成。右邊為一般使用者端元件,組成元件有Client Agent程式400、檔案資料讀寫加解密驅動器300以及檔案資料儲存體500。The left side of the dotted line is the server end of the method for recording the history information of the file, and is composed of the system key server 600. The right side is a general user terminal component, and the component components include a Client Agent program 400, an archive data read/write encryption/decryption driver 300, and an archive data storage body 500.
請參閱圖二所示,為本發明一種記錄檔案使用歷程資訊的方法之新檔案生成流程圖,分成(A)新檔案生成、(B)檔案驗證、(C)檔案使用歷程資訊查詢、(D)舊檔案資料讀寫等四部分;各部分之詳細運作流程如下:Please refer to FIG. 2, which is a flow chart of a new file generation method for recording the history of the file usage history, which is divided into (A) new file generation, (B) file verification, (C) file usage history information query, (D) The four parts of the old file data read and write; the detailed operation process of each part is as follows:
(A)新檔案生成:(A) New file generation:
1. Client Agent程式400向系統金鑰伺服器600取得系統金鑰及伺服器時間401,其中系統金鑰係為一字串元;1. The Client Agent program 400 obtains the system key and the server time 401 from the system key server 600, wherein the system key is a string of characters;
2. Client Agent程式400收集使用者端電腦資訊,如登入者、CPU序號、硬碟序號、網路卡卡號、網路IP、伺服器時間、應用軟體版本......等欲記錄於檔案使用歷程資料內之作業環境軟硬體資訊402;2. The Client Agent program 400 collects information about the user's computer, such as the registrant, CPU serial number, hard disk serial number, network card number, network IP, server time, application software version, etc. The operating environment software and hardware information 402 in the file usage history data;
3. Client Agent程式400確認使用者端電腦環境條件符合規定,例如進行使用者身份認證,電腦環境驗證等,啟動檔案資料讀寫加解密驅動器300並監控檔案生成事件;3. The Client Agent program 400 confirms that the environment condition of the user terminal computer meets the requirements, for example, performing user identity authentication, computer environment verification, etc., starting the file data read/write encryption/decryption driver 300 and monitoring the file generation event;
4.終端電腦應用程式(Application)創建新檔案,並進行儲存動作500;4. The terminal computer application (Application) creates a new file and performs a storage action 500;
5.檔案資料讀寫加解密驅動器300判定為新檔案生成並依以下步驟動作:5. The file data read/write encryption/decryption driver 300 determines that the new file is generated and operates according to the following steps:
產生隨機一把檔案內容加密金鑰301,其中加密金鑰係為一字串元;產生檔案第一筆檔案歷程資訊302,既檔案來源資訊可包含Client Agent所收集到的作業環境軟硬體資訊及其它相關需記錄之檔案創建資訊;用Content Key加密新生成之數位檔案內容資料及第一筆檔案歷程資訊303,並以加密資料取代原欲寫入檔案儲存體之未加密資料,所使用之加密演算法可為一般習知之加解密演算法,如AES Advanced Encryption Standard、DES Data Encryption Standard、或3DES Triple Data Encryption Standard等;利用數位指紋演算法305,如MD5(Message-Digest Algorithm 5),計算檔案,包含檔案內容資料及檔案歷程資訊資料之數位指紋資訊;將上述304所得之數位指紋運用Content Key加密後置入加密檔案中305,所使用之加密演算法可為一般悉知之加解密演算法,如:AES、DES、或3DES等;用Server Key將Content Key加密並將加密後的Content Key或E-Content Key置入加密檔案中306,所使用之加密演算法可為一般悉知之加解密演算法,如:AES、DES、或3DES等。A random file content encryption key 301 is generated, wherein the encryption key is a string of characters; the first file history information 302 of the file is generated, and the file source information may include the working environment software and hardware information collected by the client agent. And other related file creation information to be recorded; use the Content Key to encrypt the newly generated digital file content data and the first file history information 303, and replace the unencrypted data originally written to the file storage with the encrypted data. The encryption algorithm can be a conventional encryption and decryption algorithm, such as AES Advanced Encryption Standard, DES Data Encryption Standard, or 3DES Triple Data Encryption Standard; using a digital fingerprint algorithm 305, such as MD5 (Message-Digest Algorithm 5), to calculate The file contains digital fingerprint information of the file content data and the file history information; the digital fingerprint obtained by the above 304 is encrypted by the Content Key and placed in the encrypted file 305, and the encryption algorithm used can be a generally known encryption and decryption algorithm. Such as: AES, DES, or 3DES, etc.; encrypt the Content Key with the Server Key and add Content Key or the E-Content Key file 306 into encrypted, the encryption algorithm used for the encryption and decryption algorithms may be kept informed of ships, such as: AES, DES, 3DES, or the like.
請參閱圖三所示,為本發明一種記錄檔案使用歷程資訊之方法之檔案驗證流程圖;(B)檔案驗證,其目的為檢驗檔案資料之正確性,可確保檔案歷程資訊之可信任性,步驟如下:Please refer to FIG. 3, which is a flowchart for verifying the file usage history information of the present invention; (B) file verification, the purpose of which is to verify the correctness of the file data, and to ensure the trustworthiness of the file history information. Proceed as follows:
1. Client Agent程式400向系統金鑰伺服器取得系統金鑰及伺服器時間401;1. The Client Agent program 400 obtains the system key and the server time 401 from the system key server;
2. Client Agent程式400收集使用者端電腦資訊,如登入者、中央處理器序號、硬碟序號、網路卡卡號、網路位址等使用者端作業環境軟硬體資訊402;2. The Client Agent program 400 collects user terminal computer information, such as the registrant, the central processor serial number, the hard disk serial number, the network card number, the network address, and the like, and the user operating environment software and hardware information 402;
3. Client Agent程式400確認使用者端電腦環境條件符合規定,啟動檔案資料讀寫加解密驅動器300;3. The Client Agent program 400 confirms that the environment condition of the user terminal computer meets the requirements, and starts the file data read/write encryption/decryption driver 300;
4. Client Agent程式400取得目標檔案路徑名稱;4. The Client Agent program 400 obtains the target file path name;
5. Client Agent通知檔案資料讀寫加解密驅動器300讀取目標檔案記錄檔案數位指紋資訊部份資料500;5. Client Agent notification file data read/write encryption/decryption driver 300 reads the target file record file digital fingerprint information part data 500;
6. 檔案資料讀寫加解密驅動器300收到目標檔案路徑及檔案驗證需求後。以相對之解密金鑰解出記錄之數位指紋資訊;步驟如下所示:使用系統金鑰(Server Key)對欲查詢檔案之E-Content Key進行解密307,取得檔案之Content Key;使用Content Key對已加密之數位指紋資訊進行解密308;並將解密後之資料傳到Client Agent。6. The file data read/write encryption/decryption driver 300 receives the target file path and the file verification request. The digital fingerprint information of the record is solved by the relative decryption key; the steps are as follows: the E-Content Key of the file to be queried is decrypted 307 using the Server Key to obtain the Content Key of the file; The encrypted digital fingerprint information is decrypted 308; and the decrypted data is transmitted to the Client Agent.
7. Client Agent程式400,讀取檔案資料計算檔案數位指紋403;7. Client Agent program 400, reading the file data to calculate the file digital fingerprint 403;
8. 對上述步驟6及7所得之值進行404比對;若比對結果不同表示檔案資料有損毀或遭竄改,Client Agent可停止應用程式後續對該檔案之存取需求。8. Perform 404 comparison on the values obtained in steps 6 and 7 above; if the comparison result indicates that the file data is damaged or falsified, the Client Agent can stop the application from subsequently accessing the file.
請參閱圖四所示,為本發明一種記錄檔案使用歷程資訊之方法之檔案使用歷程資訊查詢流程圖;(C)檔案使用歷程資訊查詢,步驟如下:Please refer to FIG. 4, which is a flow chart of the file usage history information of the method for recording the history of the file usage history; (C) the file usage history information query, the steps are as follows:
1. Client Agent程式400向系統金鑰伺服器取得系統金鑰及伺服器時間401;1. The Client Agent program 400 obtains the system key and the server time 401 from the system key server;
2. Client Agent程式400收集使用者端電腦資訊,如登入者、中央處理器序號、硬碟序號、網路卡卡號、網路位址等使用者端作業環境軟硬體資訊402;2. The Client Agent program 400 collects user terminal computer information, such as the registrant, the central processor serial number, the hard disk serial number, the network card number, the network address, and the like, and the user operating environment software and hardware information 402;
3. Client Agent程式400確認使用者端電腦環境條件符合規定,啟動檔案資料讀寫加解密驅動器300;3. The Client Agent program 400 confirms that the environment condition of the user terminal computer meets the requirements, and starts the file data read/write encryption/decryption driver 300;
4. 終端電腦應用程式201(Application)產生查詢檔案使用歷程資訊需求,並提供欲查詢之檔案路徑名稱給Client Agent程式400;4. The terminal computer application 201 (Application) generates a query file usage history information request, and provides the file path name to be queried to the Client Agent program 400;
5. Client Agent通知檔案資料讀寫加解密驅動器讀取欲查詢檔案有關檔案使用歷程資訊部份資料500;5. Client Agent notifies the file data read/write encryption/decryption drive to read the file to be inquired about the file usage history information part 500;
6. 檔案資料讀寫加解密驅動器300收到指定檔案路徑名稱及檔案使用歷程資訊查詢需求後。以相對之解密金鑰解出置入之檔案使用歷程資訊;步驟如下所示。6. The file data read/write encryption/decryption driver 300 receives the specified file path name and the file usage history information query request. The recorded file usage history information is solved by the relative decryption key; the steps are as follows.
使用系統金鑰(Server Key)對欲查詢檔案之E-Content Key進行解密307,取得檔案之Content Key;使用Content Key對已加密之檔案之使用歷程資訊進行解密309。Use the System Key to decrypt the E-Content Key of the file to be queried 307, obtain the Content Key of the file; use the Content Key to decrypt the used history information of the encrypted file 309.
7. 檔案資料讀寫加解密驅動器300將解出之歷程資訊傳給應用程式。7. The file data read/write encryption/decryption driver 300 transmits the information of the solved process to the application.
請參閱圖五、圖六以及圖七所示,為本發明一種記錄檔案使用歷程資訊之方法之檔案資料讀取流程圖、檔案資料寫入更新流程圖以及檔案使用歷程資料新增流程圖;(D)舊檔案資料存取使用;經(A)步驟處理後之數位檔案,之後對其檔案開啟讀寫之處理作業為:Client Agent偵測到電腦應用程式(Application)檔案開啟事件後,可先行對其進行(B)檔案驗證程序;若驗證失敗,則Client Agent控制停止應用程式後續對該檔案資料的存取,若通過驗證,後續檔案資料存取、使用歷程資料新增作業如下:Please refer to FIG. 5, FIG. 6 and FIG. 7 , which are a flow chart for reading the archive data, a flowchart for writing and updating the archive data, and a new flow chart for the use of the archives of the method for recording the history of the use of the archives; D) access to the old file data; the digital file processed by the (A) step, and then the processing of reading and writing the file is: After the Client Agent detects the computer application (Application) file open event, it can be used first. The (B) file verification program is performed; if the verification fails, the Client Agent controls to stop the application from subsequently accessing the file data. If the verification is completed, the subsequent file data access and usage history data are added as follows:
(a)檔案資料讀取:(a) Reading of archives:
1. 應用程式發出檔案內容資料讀取需求;1. The application issues the file content data reading requirements;
2. 檔案資料讀寫加解密驅動器300收到需求後讀取需求檔案內容加密資料;2. The file data read/write encryption/decryption driver 300 reads the content file encrypted data after receiving the demand;
3. 檔案資料讀寫加解密驅動器300進行欲讀取資料之解密500;步驟如下所示;3. The file data read/write encryption/decryption driver 300 performs decryption 500 of the data to be read; the steps are as follows;
使用系統金鑰(Server Key)對欲讀取檔案之E-Content Key進行解密取得檔案之Content Key307;使用Content Key對欲讀取之已加密之檔案內容資料進行解密310;Using the system key (Server Key) to decrypt the E-Content Key of the file to be retrieved to obtain the Content Key307 of the file; using the Content Key to decrypt the encrypted file content data to be read 310;
4. 將解密後檔案內容資料回傳應用程式。4. Return the decrypted file content data to the application.
(b)檔案寫入:(b) File writing:
1. 應用程式發出檔案內容資料寫入需求;1. The application issues the file content data write request;
2. 檔案資料讀寫加解密驅動器300進行欲寫入檔案內容資料之加密500;2. The file data read/write encryption/decryption driver 300 performs encryption 500 to write the file content data;
讀出檔案之E-Content Key,並使用系統金鑰(Server Key)對E-Content Key進行解密取得檔案之Content Key307;2.2使用Content Key對欲寫入之檔案內容資料進行加密311;Read the E-Content Key of the file, and use the System Key to decrypt the E-Content Key to obtain the Content Key307 of the file; 2.2 use the Content Key to encrypt the file content data to be written 311;
3. 將加密後之檔案內容資料寫入檔案資料儲存體500。3. Write the encrypted file content data to the archive data store 500.
(c)檔案使用歷程資料新增:(c) File usage history information added:
1. 應用程式對檔案動作,Client Agent程式400偵測到系統定義需記錄使用歷程資料事件。例如:檔案開啟、檔案修改、檔案列印等;1. The application detects the file action, and the Client Agent program 400 detects that the system definition needs to record the usage history data event. For example: file opening, file modification, file printing, etc.;
2. Client Agent程式400對檔案資料讀寫加解密驅動器300提出記錄歷程資料需求並告知事件型態及記錄所需之資訊;2. The Client Agent program 400 presents the record data read/write decryption driver 300 with the record history data requirement and informs the event type and the information required for the record;
3. 檔案資料讀寫加解密驅動器300收到記錄歷程資料需求後。進行如下步驟:3. The file data read/write encryption/decryption driver 300 receives the record history data request. Perform the following steps:
產生檔案使用歷程資訊312,歷程資訊可包含事件資訊、伺服器時間、Client Agent所收集到的使用者端電腦資訊、及其它相關欲記錄資訊;使用系統金鑰(Server Key)對欲寫入歷程資料檔案之E-Content Key進行解密313,取得檔案之Content Key;將檔案使用歷程資訊運用Content Key加密後置入檔案中314;重新計算檔案數位指紋資訊315,含當下檔案內容資料及所有檔案歷程資訊資料;將新數位指紋資訊運用Content Key加密後取代原檔案中的數位指紋資訊316。The file usage history information 312 is generated, and the history information may include event information, server time, user computer information collected by the client agent, and other related information to be recorded; use the system key (Server Key) to write the history The E-Content Key of the data file is decrypted 313 to obtain the Content Key of the file; the file usage history information is encrypted by the Content Key and placed in the file 314; the file digital fingerprint information 315 is recalculated, including the current file content data and all file records. Information material; the new digital fingerprint information is encrypted by Content Key to replace the digital fingerprint information 316 in the original file.
上列詳細說明乃針對本發明之一可行實施例進行具體說明,惟該實施例並非用以限制本發明之專利範圍,凡未脫離本發明技藝精神所為之等效實施或變更,均應包含於本案之專利範圍中。The detailed description of the present invention is intended to be illustrative of a preferred embodiment of the invention, and is not intended to limit the scope of the invention. The patent scope of this case.
綜上所述,本案不僅於技術思想上確屬創新,並具備習用之傳統方法所不及之上述多項功效,已充分符合新穎性及進步性之法定發明專利要件,爰依法提出申請,懇請 貴局核准本件發明專利申請案,以勵發明,至感德便。To sum up, this case is not only innovative in terms of technical thinking, but also has many of the above-mentioned functions that are not in the traditional methods of the past. It has fully complied with the statutory invention patent requirements of novelty and progressiveness, and applied for it according to law. Approved this invention patent application, in order to invent invention, to the sense of virtue.
100...使用者100. . . user
200...使用者電腦設備200. . . User computer equipment
201...終端電腦應用程式:Application201. . . Terminal PC application: Application
300...檔案資料讀寫加解密驅動器:Cipher I/O Driver300. . . File data read/write encryption and decryption drive: Cipher I/O Driver
301...產生檔案內容加密金鑰301. . . Generate file content encryption key
302...產生第一筆檔案歷程資訊302. . . Generate the first file history information
303...使用檔案內容加密金鑰將檔案資料及第一筆檔案歷程資訊加密303. . . Encrypt the file data and the first file history information using the file content encryption key
304...計算檔案數位指紋304. . . Calculate file digital fingerprint
305...使用檔案內容加密金鑰將數位指紋資料加密305. . . Encrypt digital fingerprint data with file content encryption key
306...使用系統金鑰將檔案內容加密金鑰加密306. . . Encrypt the file content encryption key using the system key
307...使用系統金鑰解開經系統金鑰加密保護之檔案內容加密金鑰307. . . Use the system key to unlock the file content encryption key protected by system key encryption
308...使用檔案內容加密金鑰解開記錄的檔案數位指紋資訊308. . . Use the file content encryption key to unlock the recorded digital fingerprint information
309...使用檔案內容加密金鑰解開歷程資訊309. . . Use the file content encryption key to unlock the history information
310...使用檔案內容加密金鑰解開加密檔案內容資料310. . . Unlock the encrypted file content data by using the file content encryption key
311...使用檔案內容加密金鑰加密檔案內容資料311. . . Encrypt file content data using file content encryption key
312...產生檔案歷程資料312. . . Generate file history data
313...使用系統金鑰解開經系統金鑰加密保護之檔案內容加密金鑰313. . . Use the system key to unlock the file content encryption key protected by system key encryption
314...使用檔案內容加密金鑰將檔案歷程資訊加密314. . . Encrypt file history information using file content encryption key
315...計算檔案數位指紋315. . . Calculate file digital fingerprint
316...用檔案內容加密金鑰將數位指紋資料加密316. . . Encrypt digital fingerprint data with file content encryption key
400...使用者端代理程式:Client Agent400. . . Client Agent: Client Agent
401...取得系統金鑰及時間401. . . Get the system key and time
402...收集環境資訊402. . . Collect environmental information
403...計算檔案數位指紋403. . . Calculate file digital fingerprint
404...比對計算出的與記錄的數位指紋404. . . Compare calculated and recorded digital fingerprints
500...檔案資料儲存體500. . . Archive data storage
600...系統金鑰伺服器600. . . System key server
700...系統金鑰700. . . System key
請參閱有關本發明之詳細說明及其附圖,將可進一步瞭解本發明之技術內容及其目的功效;有關附圖為:Please refer to the detailed description of the present invention and the accompanying drawings, and the technical contents of the present invention and its effects can be further understood; the related drawings are:
圖一、為本發明一種記錄檔案使用歷程資訊之方法之系統元件架構圖。FIG. 1 is a structural diagram of a system component of a method for recording usage history information of a file according to the present invention.
圖二、為本發明一種記錄檔案使用歷程資訊之方法之新檔案生成流程圖。FIG. 2 is a flow chart of generating a new file of a method for recording the history of the use of the file according to the present invention.
圖三、為本發明一種記錄檔案使用歷程資訊之方法之檔案驗證流程圖。FIG. 3 is a flowchart of a file verification method for recording a history of use of a file according to the present invention.
圖四、為本發明一種記錄檔案使用歷程資訊之方法之檔案使用歷程資訊查詢流程圖。FIG. 4 is a flowchart of a file usage history information query method for recording a history of use of a file according to the present invention.
圖五、為本發明一種記錄檔案使用歷程資訊之方法之檔案資料讀取流程圖。FIG. 5 is a flow chart of reading the archive data of the method for recording the history of the use of the file according to the present invention.
圖六、為本發明一種記錄檔案使用歷程資訊之方法之檔案資料寫入更新流程圖。FIG. 6 is a flow chart of writing and updating the archive data of the method for recording the history of the use of the file according to the present invention.
圖七、為本發明一種記錄檔案使用歷程資訊之方法之檔案使用歷程資料新增流程圖。FIG. 7 is a flow chart of adding a file usage history data of a method for recording the history of the use of the file according to the present invention.
100...使用者100. . . user
200...使用者電腦設備200. . . User computer equipment
300...檔案資料讀寫加解密驅動器:Cipher I/O Driver300. . . File data read/write encryption and decryption drive: Cipher I/O Driver
400...使用者端代理程式:Client Agent400. . . Client Agent: Client Agent
500...檔案資料儲存體500. . . Archive data storage
600...系統金鑰伺服器600. . . System key server
700...系統金鑰700. . . System key
Claims (10)
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW100145504A TW201324232A (en) | 2011-12-09 | 2011-12-09 | Method for recording file use historical information |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| TW100145504A TW201324232A (en) | 2011-12-09 | 2011-12-09 | Method for recording file use historical information |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| TW201324232A true TW201324232A (en) | 2013-06-16 |
Family
ID=49032976
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| TW100145504A TW201324232A (en) | 2011-12-09 | 2011-12-09 | Method for recording file use historical information |
Country Status (1)
| Country | Link |
|---|---|
| TW (1) | TW201324232A (en) |
-
2011
- 2011-12-09 TW TW100145504A patent/TW201324232A/en unknown
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210294879A1 (en) | Securing executable code integrity using auto-derivative key | |
| US8726407B2 (en) | Authentication of computing and communications hardware | |
| US9716594B2 (en) | Attestation of data sanitization | |
| Halcrow | eCryptfs: An enterprise-class encrypted filesystem for linux | |
| US9990511B1 (en) | Using encrypted backup to protect files from encryption attacks | |
| US9633183B2 (en) | Modular software protection | |
| US8856521B2 (en) | Methods and systems for performing secure operations on an encrypted file | |
| US20040039932A1 (en) | Apparatus, system and method for securing digital documents in a digital appliance | |
| US20110060915A1 (en) | Managing Encryption of Data | |
| US20120110343A1 (en) | Trustworthy timestamps on data storage devices | |
| US20110093503A1 (en) | Computer Hardware Identity Tracking Using Characteristic Parameter-Derived Data | |
| US20080052537A1 (en) | Storage device, write-back method, and computer product | |
| US11601281B2 (en) | Managing user profiles securely in a user environment | |
| CN101925913A (en) | Method and system for encrypted file access | |
| US9824231B2 (en) | Retention management in a facility with multiple trust zones and encryption based secure deletion | |
| US7818567B2 (en) | Method for protecting security accounts manager (SAM) files within windows operating systems | |
| US9202074B1 (en) | Protection of shared data | |
| NL2033097B1 (en) | Method for remotely monitoring host based on chip-level privacy-preserving computation (ppc) | |
| US20220269807A1 (en) | Detecting unauthorized encryptions in data storage systems | |
| JP2018522320A (en) | Protecting data files | |
| US10754979B2 (en) | Information management terminal device | |
| US9292698B1 (en) | Method and system for remote forensic data collection | |
| US9860230B1 (en) | Systems and methods for digitally signing executables with reputation information | |
| KR101497067B1 (en) | Electric document transfer method and apparatus based digital forensic | |
| JP4857199B2 (en) | Information asset management system, log analysis device, and log analysis program |