Summary of the invention
The present invention seeks to: send out the limitation that the potential safety hazard that may cause in the process and prior art exist outward at e-file, the invention provides a kind of method and system of safely dispensing electronic document.This method manages the Life cycle of outgoing document, and multiple security strategy support is provided, and has made up a working environment that safety is sent out outward, and is applied widely.This method and system need not the additional hardware support, does not change user's operating habit, the cost performance height.
Another purpose of the present invention is to provide a kind of system that uses above-mentioned safely dispensing electronic document method, and this system is divided into transmitting terminal and receiving end.
According to purpose of the present invention, the method of safely dispensing electronic document, hair ring border installed platform outside computing machine is provided with, the condition that install in outer hair ring border is that computing machine is provided with the safely dispensing electronic document system, this system is divided into transmitting terminal and receiving end, and described transmitting terminal comprises:
Registered client's data module is used to register the outer take over party's customer data sent out of needs, uses during for outer request;
The outer module of sending out of request, being used to upload needs outgoing document, the protection strategy is described, the record request process;
Examine the outer module of sending out, be used for timing search and send out request outward, according to flow process strategy route, as can't route then starting trust;
Outer sending out made module, is used for being made into outgoing document automatically with examining the file that passes through;
Wherein, described receiving end comprises: outer transmitting/receiving module is used to discern outgoing document; It is characterized in that outer the sending out of e-file comprises the steps:
The file of sending out protection outside transmit leg will need sets in advance and is cryptograph files;
When transmit leg is sent out request outside receiving, examine strategy, start workflow according to outer sending out; Issuer is sent out outside receiving and is examined by making outgoing document after the information automatically; Outgoing document is a cryptograph files still, and is added into issuer information, take over party's information and file operation strategy; Wherein the default action strategy comprises and forbids copy, forbids copying screen etc.; Whether whether optional operation strategy comprise and allow to open time range, allow to open number of times, allow to print, allow to revise etc.;
The take over party needs according to the policy installation receiving tool, and mounting strategy is divided into according to password to be installed, install according to machine, and this strategy is set by issuer; The receiving tool mounting strategy has two kinds: a kind of is to install by password, and this Installation Modes level of confidentiality is higher, when mounted must the input licencing key.After the successful installation, just can browse corresponding outgoing document.Another kind is to install according to the device authentication coding mode.
Outgoing document is a cryptograph files, and implants issuer information, take over party's information and file operation strategy, comprises the application of policies of multiple symmetry algorithm and asymmetric algorithm in the manufacturing process; Receiving end comprises: outer transmitting/receiving module, as service operation, be used to discern outgoing document, and according to the operation of file operation policy control take over party, comprise regularly or fixed inferior application of policies of reading file.
Receiving tool identification outgoing document and usable range, this process is transparent to the user.Validated user is sent out the range operation that strategy allows outside, does not change user's custom at all.
From such scheme as can be seen, the present invention carries out control and management to outer of e-file.From the transmit leg to take over party, each link, multiple security strategy, all linked with one another.Encryption and decryption process, information implantation process do not change user's operating habit to user transparent.Use intuitively, simple operation, widely applicable.
Embodiment
Below by a simple example, in conjunction with the accompanying drawings the present invention is described in more detail, but is not construed as limiting the invention.
The present invention is to outer the method for controlling of e-file, from the transmit leg to take over party, and each link, the flow process of multiple security strategy: the present invention carries out earlier client enrollment in system:
When giving client enrollment information, system generates a global unique identifier automatically in order to distinguish the client accurately.This identification code need be provided to the client, and the client imports this identification code in the hair ring border outside.This identification code can join in the file when making.
Request is outer to be sent out
When sending out outside the request, need the applicant to select the outer client who sends out, expressly whether the control option of sending out outside setting then comprise, if ciphertext, needing to set is to control the time or number of times control.If the words of time control need be selected zero-time and concluding time; If need setting, the words of number of times control allow the number of times opened.These options can enter system for the person's of examining reference.
Outer sending out examined
Each request all can circulate automatically according to pre-set approval route.The system prompting person of examining automatically has new request to examine.The file content of examining is submitted in option of setting when the person of examining can see request and reading to, if approval, just select " by "; If do not approve, just select " refusal ".All persons of examining examine by the back system can make outgoing document according to outer the option of setting automatically.
Outgoing document is made
Make outgoing document, the option of setting when at first needing from system, to extract request.
If be set at expressly outer sending out, then this document is deciphered fully, in the file except the original contents of itself without any additional parameter.
Send out outward if be set at ciphertext, needing so to understand is number of times control or time control, and the scope of control.Encrypt as file itself process that ciphertext is sent out outward, need change a kind of algorithm so when being processed into outgoing document encrypts, all simultaneously option parameter need complete being recorded in the file header, and each file all can be to global unique identification of system's application when making.This sign can be recorded in the file header equally.
Outgoing document is read
The entity or individual that outer hair ring border has been installed needs at first to start outer hair ring border when taking outgoing document and needing to read.The user when opening outgoing document outside the hair ring border can therefrom extract the global unique identification of this document and be recorded in the local system, if be set at the outgoing document of number of times control, system this moment will be adds 1 and be recorded in local outgoing document and use in the historical record with number of times, during closing of a file, outer hair ring border can be recorded in access times in this document equally.System all can remove to judge the number of times that writes down in the file and the number of times of local record when opening file at every turn, the maximum number of getting wherein compares with number of times and with limited number of times as current, if greater than limited number of times, then refuse decryption oprerations, outgoing document can't normally use, and has reached the effect of number of times control.
If be set at the outgoing document of time control, just pick up counting the time write-back that just will consume at set intervals when opening so.In closing of a file, can note the time of consumption equally.Can judge when opening file whether the time that has consumed has surpassed the limited time of setting at every turn.If surpassed then system's refusal deciphering, to reach the control purpose.
The user when opening file outside the hair ring border can therefrom extract the control information (whether allow copy, whether allow to copy screen, whether allow to print, whether allow modification) of this document, and according to these control informations, associative operation to the user is controlled, press to copy behind the screen key to be captured as the user and then judge whether this document allows to copy screen by outer hair ring border, if do not allow, outer hair ring border changes operation with termination; If allow, outer hair ring border will allow this operation proceed.
In the present embodiment, a virtual outer scene of sending out.Certain A of designing unit internal build a security context, all design documents are encrypt file, now need the outer B of the unit of being dealt into of the important e-file of portion (secret source file .doc), only allow to use 2 days on 1., and do not allow copy, do not allow to copy screen, do not allow to print, do not allow modification at designated computer.The approval process of this file as shown in Figure 2.
Install in outer hair ring border
Outer hair ring border is divided into unrestricted installation, and password is installed, and hardware binding is installed.
The unrestricted installation: hair ring border outside any entity or individual that takes outer hair ring border can install on any machine
Password is installed: hair ring border outside can being somebody's turn to do to any machine installation under the prerequisite of any entity or individual hair ring border password outside knowing this.The installation password that need input this outer hair ring border during installation is in order to carry out password authentification
Hardware binding is installed: at first need to extract from the machine of client's designated mounting the hardware information of this machine during installation, comprise hard disk sequence number, mainboard number, net card number, CPU number.Obtain the installation authorization code (border supplier transports issue by outer hair ring) of this machine through the displacement computing according to these hardware informations.The client should take authorization code synchronously when taking the outer hair ring border installation procedure of binding hardware information.Need the user to import the authorization code in this outer hair ring border in the installation process, this authorization code will be verified with the hardware information of machine, if install with in full accord just permission of the hardware information that extracts.
Annotate: any entity or individual that outer hair ring border has been installed all needs to import client's global unique identifier.In order to distinguish different clients, when documenting, can add client's identification information, have only this client just can open this document so.
The function signal of transmitting terminal as shown in Figure 1.Transmitting terminal management is sent out the application end from outer, makes the whole process of outgoing document automatically.Transmitting terminal possesses following function:
An outer initialization.Needing the outer file batch setting of sending out protection is cryptograph files, and registered client's data is worked out the outer flow process strategy of sending out.
File is sent out application outward.When having file to send out demand outward, file is sent out the applicant outward and is filled in request slip, and encloses the outer file of sending out of needs.If need fill in the outer purpose addresses of items of mail of sending out by the outer words of sending out of secure e-mail.
Pending trial certification shelves notice.After sending out applicant's submit applications outside the file, system can determine whether needs examining according to rule, and whom the approver is, system can send to Request Notices on his desktop.The approver can determine whether by also submitting to according to file content.
Examined lists of documents.Having examined lists of documents is that outer the sending out of All Files that the approver examined examined inventory.Can access at any time and watch history.
Examine and finish notice.After outgoing document examining finished, system can be converted to the outer ciphertext of sending out to this cryptograph files as requested.
And notify the applicant to examine and finish.
In this enforcement scene, inner all design documents of the A of unit have been cryptograph files, need not do cryptographic operation again.If directly send, even receiving end has been installed receiving tool, can not open (whether because no decryption instructions?).
The treatment scheme of receiving end as shown in Figure 3.
In this enforcement scene, only allow on specified machine, to browse outgoing document, use outgoing document for the first time, 1. computing machine need install receiving tool.
The receiving tool mounting strategy has two kinds.A kind of is to install by password, and this Installation Modes level of confidentiality is higher, when mounted must the input licencing key.After the successful installation, just can browse corresponding outgoing document.Another kind is to install according to the device authentication coding mode (to use the software of this mounting means a lot of at present, as the AutoCAD network edition, Pro large softwares such as e, UG, Ideas all adopted the mode that hardware information carries out authorization identifying of extracting), this Installation Modes level of confidentiality is the highest, when reciever is installed, installation procedure extracts machine information, and this computing machine is done to put on record in the transmit leg system.As long as select the corresponding calculated machine, can reach and have only this calculating function to open corresponding outgoing document when file is sent out outward later on.
In this enforcement scene, 1. the B of unit goes up at computing machine by second kind of policy installation, and after the successful installation, receiving tool is reduced in the pallet.Other computing machines all can't be installed receiving tool with this installation procedure.
In this enforcement scene, transmit leg is sent out the application process example outward as shown in Figure 2.The applicant fills in request slip and uploads needs outer electricity son file, wherein: customer name selection unit second; Limit the machine choice computing machine 1.; Filled in service time 48 hours; Access times are not done to require not fill in; The secure e-mail address is not done to require not fill in; Operating right do not allow copy, do not allow to copy screen need not operation for default setting, only otherwise choose and allow to print, allow the modification option to get final product.The e-file of uploading is cryptograph files (secret source file .doc).Request slip is submitted to after filling in and finishing.
After the applicant submitted outer application to, system set approval process by scene automatically and determines that the approver is the departmental manager, according to rule Request Notices is sent on the manager's of applicant department the desktop.
The departmental manager determines whether by also submitting to according to file content.As pass through, system sets approval process by scene automatically and determines that the approver is in charge of the vice president, sends to Request Notices on the desktop of being in charge of the vice president of applicant department according to rule.As not passing through, system notifies the applicant to send out application outward automatically and is rejected.
Being in charge of the vice president determines whether by also submitting to according to file content.As pass through, system sets approval process by scene automatically and determines that flow process finishes, and notifies the applicant to send out application outward and finishes.As not passing through, system notifies the applicant to send out application outward automatically and is rejected.
After outer application finished, system will examine the documenting of passing through automatically and become outgoing document, and outgoing document is cryptograph files (secret outgoing document .doc), and implant issuer information, take over party's information and file operation strategy.In this enforcement scene, implanted unit first in the outgoing document, unit second does not allow copy, does not allow to copy screen, does not allow printing, does not allow information such as revised file operation strategy.
In this enforcement scene, the B of unit receives outgoing document (secret outgoing document .doc), and 1. this computer-chronograph is gone up receiving tool has been installed, and receiving tool contracts in pallet.If receiving tool is not installed, can not open this outgoing document.If receiving tool also has been installed on the other machines of the B of unit, no matter install, still be to install according to the device authentication coding mode by password, can not open this outgoing document.
1. double-click outgoing document (secret outgoing document .doc) at computing machine and will start the Word application program and open, if the outgoing document of extended formatting will be opened with corresponding application, operating habit is constant.In this enforcement scene, do not allow copy, file is copied on the other machines and can not be opened; Do not allow to copy screen, can not copy the screen operation; Do not allow to print, can't print; Do not allow revised file, can not preserve, save as, save as modification preservation operations such as webpage after the modification.
If the outgoing document authority is to allow to revise, then the outgoing document viewer can be saved in modification information original file, and file still is the outer ciphertext state of sending out.
If the outgoing document authority is to allow to print, then the outgoing document viewer can print outgoing document, has company's watermark but print.
If outgoing document has the access times restriction, system will lose efficacy at number of times and point out users preceding 2 times.If surpass the number of times of regulation during File Open, system prompt " surpassed number of times and limited, you can not continue to use this document ".
In this enforcement scene, outgoing document has restriction service time, and system will lose efficacy in the time and point out the user in preceding 10 minutes.If surpassed official hour during File Open, system prompt " surpassed official hour, you can not continue to use this document ".
The present invention at first carries out encryption by symmetry algorithm to the data file content, and has embedded the phase related control information in file header, and as time, number of times, control of authority, the scope of authority etc., these control informations are also carried out encryption by asymmetric arithmetic.So the encryption of communication process is required not is very high because file itself has been ciphertext state this moment in the transmission course of foreign side's file, has so reduced yet and has used threshold of the present invention.The take over party opens file by normal mode after receiving file, send out and browse that environment is moving then the associative operation to outgoing document can be taken in outer hair ring border if this moment is outer, and at first decipher the phase related control information, and according to the execution of the control information in file corresponding control logic, and decrypt symmetric key and be used for the declassified document content, guarantee normally to open encrypt file; If when not having outer hair ring border this moment owing to this document is so that ciphertext just can't be opened normal use.Typical cryptographic algorithm has multiple, all can be used for the present invention as serial algorithms such as MD2, MD4, MD5, CRC.
More than describe the present invention in detail by a concrete scene case of implementing, those skilled in the art will be understood that.In the content that does not break away from essence of the present invention, can make an amendment and be out of shape, use and system is embedded in other application systems such as peeling off of part of module, all do not exceed scope of the present invention.