[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN102306255B - Document protection method and system - Google Patents

Document protection method and system Download PDF

Info

Publication number
CN102306255B
CN102306255B CN2011102514383A CN201110251438A CN102306255B CN 102306255 B CN102306255 B CN 102306255B CN 2011102514383 A CN2011102514383 A CN 2011102514383A CN 201110251438 A CN201110251438 A CN 201110251438A CN 102306255 B CN102306255 B CN 102306255B
Authority
CN
China
Prior art keywords
document
configuration
unit
plug
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2011102514383A
Other languages
Chinese (zh)
Other versions
CN102306255A (en
Inventor
陆舟
于华章
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Feitian Technologies Co Ltd
Original Assignee
Feitian Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Feitian Technologies Co Ltd filed Critical Feitian Technologies Co Ltd
Priority to CN2011102514383A priority Critical patent/CN102306255B/en
Publication of CN102306255A publication Critical patent/CN102306255A/en
Application granted granted Critical
Publication of CN102306255B publication Critical patent/CN102306255B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Document Processing Apparatus (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses a document protection method and a document protection system. The method comprises the following steps that: a plugin encrypts the current document plaintext data by using a generated key to acquire document ciphertext data; the plugin sends the generated key and configuration information to equipment for encryption to acquire configuration ciphertext data; the plugin encapsulates and combines the document ciphertext data, a document encryption identifier, the configuration ciphertext data and a configuration ciphertext identifier into a data packet according to a preset format; the plugin sends the configuration ciphertext data acquired by analysis to equipment connected with a host for decryption; configuration plaintext data acquired by decryption is sent to the plugin if the equipment is preset decryption equipment; and the plugin decrypts the document ciphertext data acquired by analysis by using the generated key in the configuration plaintext data, and sends the document plaintext data to a document editor after the document ciphertext data is successfully decrypted. By the document protection method, documents can be encrypted and the operation authority can be set, so that the safety of the documents is further improved, and an unauthorized user is prevented from performing illegal operation.

Description

A kind of document protection method and system
Technical field
The present invention relates to the information protection field, relate in particular to a kind of document protection method and system.
Background technology
Along with the widespread use of computer technology, in all trades and professions, nearly all data and information all can be stored as document in input computer.Because computing machine generally all can be connected with the internet, and have disc driver and/or USB interface, the document that is stored in computing machine is easy to be sent on other computing machines by the internet, perhaps be copied in disk and/or USB flash disk, make the important documents that is stored in computing machine be easy to unlawfully be revealed, the possessory interests of document are on the hazard.
In order to prevent from being stored in important documents in computing machine by unauthorized access and leakage, be generally to protect content in document by preset password in prior art, needing could opening document after authentication password.Yet, password must be informed each viewer when the document of protecting need to be browsed by many people, increased the danger that password is revealed, and the viewer when accessing to your password opening document at every turn, the hacker also might intercept and capture password and crack, and there is hidden danger in document security; Secondly, may edit it after the viewer obtains the password opening document, copy, the operation such as shearing, thereby cause document content to be tampered or reveal, invade the possessory rights and interests of document.
Summary of the invention
The objective of the invention is provides a kind of document protection method and system in order to overcome the deficiencies in the prior art, and it has characteristics safe and convenient to use.
The embodiment of the present invention provides a kind of document protection method, comprises ciphering process and decrypting process, and wherein ciphering process comprises:
Comprise ciphering process and decrypting process, wherein ciphering process comprises:
Step a: when plug-in unit intercepts the first interface id information, use the generation key that the current document clear data that obtains is encrypted and obtain the document encrypt data; Described plug-in unit sends to encryption device with described generation key and configuration information; Described configuration information comprises decryption device sign and ident value thereof;
Step b: described encryption device receives described generation key and configuration information, and self key that uses storage is encrypted described generation key and configuration information and obtains configuring encrypt data, and described configuration encrypt data is sent to described plug-in unit;
Step c: described plug-in unit encapsulates the composition packet according to default form with described document encrypt data and file encryption sign, described configuration encrypt data and configuration ciphertext sign; Described plug-in unit is processed described packet, and result is sent to document editor;
Wherein, decrypting process comprises:
Steps d: when described plug-in unit intercepts the second interface id information, can judgement parse the enciphered data that meets described default form according to current document, if judged whether that decryption device is connected with main frame, that the configuration encrypt data that parsing is obtained sends to decryption device, order execution in step f, otherwise the content of described current document is sent to document editor; As can not be with as described in the content of current document send to document editor;
Step e: described decryption device receives described configuration encrypt data, use self key that described configuration encrypt data is decrypted, whether the decryption device condition as described in judging as successful decryption in the configuration encrypt data conforms to self information, will configure clear data to send to described plug-in unit, order execution in step g, otherwise execution in step f; As Decryption failures execution in step f;
Step f: described decryption device sends failure information for described plug-in unit, and described plug-in unit sends to document editor with the content of described current document;
Step g: described plug-in unit receives described configuration clear data, and use the generation key in described configuration clear data that the document encrypt data that parsing obtains is decrypted, the document clear data that deciphering is obtained as successful decryption sends to document editor, finishes as Decryption failures.
Described first interface id information comprises to be preserved the document trigger message or starts the plug-in unit trigger message.
Using the generation key that the current document clear data that obtains is encrypted in described step a obtains comprising before the document encrypt data: step a1: described plug-in unit generates numerical value and also sends it to described encryption device; Step a2: described encryption device receives described numerical value, uses preset algorithm to calculate the generation key to described numerical value, and described encryption device sends to described plug-in unit with described generation key.
Comprised before described step a1: plug-in unit has judged whether that encryption device is connected with main frame, is execution in step a1, otherwise finishes.
Described configuration information also comprises the operating right sign.
Comprised before plug-in unit described in described step a sends to encryption device with described generation key and configuration information: step a11: described plug-in unit receives configure trigger information, judges whether corresponding configuration identifier, is execution in step a12, otherwise finishes; Step a12: described plug-in unit confirmation of receipt trigger message generates configuration information; Described configuration identifier comprises decryption device sign and operating right sign.
Described plug-in unit in described step c encapsulates the formation packet according to default form with described document encrypt data and file encryption sign, described configuration encrypt data and configuration ciphertext sign, specifically comprise: described plug-in unit encapsulates described document encrypt data and default file encryption sign, described configuration encrypt data and default configuration ciphertext sign respectively according to default form, is combined into packet.
The type of described document is Word document, and the described plug-in unit in described step c is processed described packet, specifically comprises: described plug-in unit is converted into the first printable form text according to the first predetermined manner with the content of described packet.
Described plug-in unit sends to document editor with result, is specially: described plug-in unit sends to document editor with the first printable form text.
The type of described document is the Excel document, described plug-in unit in described step c is processed described packet, specifically comprise: described plug-in unit is converted into the second printable form text according to the first predetermined manner with the content of described packet, and cuts apart according to the printable form text of default large young pathbreaker described second.
Described plug-in unit sends to document editor with result, is specially: described plug-in unit will be cut apart all unit encrypt datas that obtain and send to document editor.
Can judgement comprise before parsing the data that add overstocked mistake according to current document in the steps d of described decrypting process: described plug-in unit obtains the current document displaying contents, according to the second predetermined manner, described current document displaying contents is reduced to former document content; Described the second interface id information comprises the trigger message of opening current document, and described the second predetermined manner and described the first predetermined manner are reciprocal.
It is described that can judgement parse described default formatted data according to current document, can whether be specially: judging has described file encryption sign and configuration ciphertext sign in described former document content, be parse document encrypt data and configuration encrypt data according to described file encryption sign and configuration ciphertext sign.
Judge in described step e that whether the decryption device condition in described configuration clear data conforms to self information, is specially: whether decryption device sign and ident value thereof in described decryption device judgement configuration clear data be consistent with self identification and ident value.
In described step g, successful decryption sends to document editor with the document clear data that deciphering obtains, be specially: described plug-in unit is cut apart the document clear data that deciphering obtains according to default size, will cut apart all unit clear datas that obtain and send to document editor.
Comprise after described step g: when described plug-in unit intercepts the 3rd interface id information, judging whether current document is carried out the operation of default access, is described current document to be carried out the operation of default access, otherwise finishes.
The described operation that judges whether current document is carried out default access is specially: described plug-in unit judges whether the operation in the 3rd interface id information is corresponding with the operating right sign in the configuration clear data.
The embodiment of the present invention provides again a kind of file protection system, comprises plug-in unit and equipment, and wherein plug-in unit comprises:
The first receiver module: be used for receiving generation key, configuration encrypt data and the configuration clear data that described equipment sends; Also be used for receiving confirmation trigger message and the configure trigger information that the user sends;
Acquisition module is used for intercepting and capturing the interface id information; Also be used for obtaining current document clear data and current document displaying contents;
Generation module is used for generating configuration information and generates numerical value;
Search module, be used for when described the first receiver module receives described configure trigger information, search whether corresponding configuration identifier is arranged;
The first encrypting module is used for using the described generation key that receives that the described current document clear data that gets is encrypted, and forms the document encrypt data;
Group bag module is used for according to default form default file encryption sign and described document encrypt data, receives configuration encrypt data and default configuration ciphertext and identify and encapsulate respectively, is combined into packet;
Conversion module is used for according to predetermined manner, the content of described packet being changed into printable form text at ciphering process, also is used for according to the inverse approach of described predetermined manner, the current document displaying contents being reduced to former document content at decrypting process;
Can the first judge module be used for judging according to current document parsing the enciphered data that meets described default form that the equipment that judged whether is connected with main frame;
The first deciphering module is used for using the generation key of the described configuration clear data that receives that the described document encrypt data that parsing obtains is decrypted;
The first sending module is used for sending to described equipment the described configuration encrypt data that described numerical value, generation key and configuration information, parsing obtain; Also use to document editor and send data;
Wherein, equipment comprises:
The second sending module is used for sending described generation key, configuration encrypt data and configuration clear data to described the first receiver module;
The second receiver module is used for receiving described numerical value that described the first sending module sends, generates the described configuration encrypt data that key and configuration information, parsing obtain;
Memory module is used for storage self key and preset algorithm;
The second encrypting module be used for to use preset algorithm to calculate described generation key to described numerical value, uses described self key to the described configuration information that receives and generate key to be encrypted the described configuration encrypt data of generation;
The second deciphering module is used for using described self key that the described configuration encrypt data that receives is decrypted, configuration clear data as described in obtaining as successful decryption;
The second judge module is used for judging whether the decryption device condition of described configuration clear data conforms to facility information.
The type of described document is the Excel document, and described conversion module also is used for described printable form text and deciphers the described document clear data that obtains cutting apart according to default size.
Described the first judge module comprises: the first judging unit: be used for judging whether former document content has file encryption sign and configuration ciphertext sign; Resolution unit: be used for according to described file encryption sign and configuration ciphertext sign, the former document content after described conversion being resolved and obtain described document encrypt data and configuration encrypt data; The second judging unit is used for having judged whether that equipment is connected with main frame.
Described the first judge module also comprises the 3rd judging unit, is used for judging whether described current document is carried out the operation of default access.
Described plug-in unit also comprises the quiescing module, is used for described current document is carried out the operation of described default access.
The present invention compared with prior art has the following advantages:
Document protection method provided by the invention be by be arranged on main frame plug-in unit be combined realization with the equipment that main frame connects; not only can be encrypted operation to document; can also be to a series of operating right of document setup (as forbid copying, forbid shearing, forbid preserving, forbid saving as, forbid as Email attachment etc.); improved further the security of document; prevent that unauthorized user from carrying out illegal operation, the possessory interests of document are subject to good protection.
Description of drawings
The process flow diagram that Fig. 1 sets up association process for the plug-in unit that provides in the embodiment of the present invention one and document editor;
The process flow diagram of a kind of document protection method that Fig. 2 provides for the embodiment of the present invention two;
The ciphering process process flow diagram of a kind of Word document guard method that Fig. 3 provides for the embodiment of the present invention three;
The decrypting process process flow diagram of a kind of Word document guard method that Fig. 4 provides for the embodiment of the present invention three;
The ciphering process process flow diagram of a kind of Excel document protection method that Fig. 5 provides for the embodiment of the present invention four;
The decrypting process process flow diagram of a kind of Excel document protection method that Fig. 6 provides for the embodiment of the present invention four;
The replenish step process flow diagram of a kind of document protection method that Fig. 7 provides for the embodiment of the present invention five;
The block diagram of a kind of file protection system that Fig. 8 provides for the embodiment of the present invention six.
Embodiment
For nearlyer step elaboration the present invention reaches to subscribe technological means and the effect that purpose is taked; below in conjunction with accompanying drawing and preferred embodiment; to a kind of document protection method and system that propose according to invention, its embodiment, feature and effect thereof, illustrate as after.
Embodiment one
The embodiment of the present invention one provides plug-in unit to set up related process with document editor, as shown in Figure 1, comprising:
Step 101: plug-in unit eigenwert and required function are loaded in registration table;
Concrete, in the present embodiment, required function comprises overload function, call back function, the first function; Preserve interface ID in registration table, distinct interface ID is to there being different information, the interface ID that for example Word is corresponding is that { 0x000209fe 0x0000 0x0000{0xc0 0x00 0x00 0x00 0x00 0x00 0x000x46}}, the interface ID that Excel is corresponding are { 0x00024413 0x0000 0x0000{0xc0 0x00 0x000x00 0x00 0x00 0x00 0x46}};
Step 102: when the first function of plug-in unit was called, plug-in unit obtained the document event automatically;
Concrete, in the present embodiment, document editor is by the registration table loading of plug-in, and plug-in unit obtains the document event by the advise function; The document event comprises: open, copy, the operation such as button click, shearing;
Step 103: plug-in unit is according to the interface that sets in advance, and calls toolbar or menu bar in document by registration table;
Concrete, after document is opened, increases in its toolbar or menu bar and start the plug-in unit button, document has carried out related with plug-in unit; Startup plug-in unit button in the present embodiment is the Lable button.
Embodiment two
A kind of document protection method that the embodiment of the present invention two provides is based on and realizes on the basis of embodiment one, and as shown in Figure 2, the dotted line upper and lower part is respectively the encryption and decryption process, and wherein ciphering process comprises step 201-step 207;
Step 201: when plug-in unit intercepts the first interface id information, use the generation key that the current document clear data that obtains is encrypted and obtain the document encrypt data;
Step 202: plug-in unit will generate key and configuration information sends to encryption device;
Concrete, the described configuration information in the present embodiment comprises decryption device sign and ident value thereof;
Step 203: encryption device receive to generate key and configuration information, and self key that uses storage is encrypted and obtains configuring encrypt data generating key and configuration information according to default form;
Step 204: encryption device will configure encrypt data and send to plug-in unit;
Step 205: plug-in unit encapsulates the composition packet according to default form with document encrypt data and file encryption sign, configuration encrypt data and configuration ciphertext sign;
Step 206: plug-in unit is processed described packet;
Step 207: result is sent to document editor;
Wherein, decrypting process comprises step 208-step 217;
Step 208: when plug-in unit intercepts the second interface id information, can parse according to current document judgement the enciphered data that meets described default form, if execution in step 209, as can not be the content of current document being sent to document editor;
Step 209: plug-in unit has judged whether that decryption device is connected with main frame, is execution in step 210, otherwise the content of current document is sent to document editor;
Step 210: plug-in unit sends to decryption device with the configuration encrypt data that parsing obtains;
Step 211: decryption device receives the configuration encrypt data, uses self key that described configuration encrypt data is decrypted, as successful decryption execution in step 212, as Decryption failures execution in step 214;
Step 212: whether the decryption device condition in decryption device judgement configuration clear data conforms to self information, is execution in step 215, otherwise execution in step 213;
Step 213: decryption device sends failure information to plug-in unit,
Step 214: plug-in unit sends to document editor with the content of current document;
Step 215: decryption device will configure clear data and send to plug-in unit;
Step 216: plug-in unit receives the configuration clear data, and uses the generation key in the configuration clear data that the document encrypt data that parsing obtains is decrypted, and as successful decryption execution in step 217, finishes as Decryption failures.
Step 217: plug-in unit sends to document editor with the document clear data that deciphering obtains.
The document protection method that the present embodiment provides be by be arranged on main frame plug-in unit be combined realization with the equipment that main frame connects, the security that has improved document prevents that unauthorized user from carrying out illegal operation, the possessory interests of document are subject to good protection.
Embodiment three
Be illustrated in figure 3 as the ciphering process of a kind of Word document guard method that the present embodiment three provides, be based on and realize on the basis of embodiment one, comprising:
Step 301: when plug-in unit intercepts the first interface id information, call overload function login dialog frame interface;
First interface id information in the present embodiment comprises that the user clicks the trigger message of startup plug-in unit button or the trigger message that the user preserves Word; Concrete, the overload function in the present embodiment is the GetCustomUI function;
Eject a pair of words frame behind login dialog frame interface in Word; The dialog box content that ejects comprises: operating right and deciphering device identification; Operating right comprises: forbid copying, forbid shearing, forbid preserving, forbid saving as, forbid as Email attachment etc., hardware sequence number) and/or UID (Chinese: the user arranges unique identification) different operating rights is corresponding to different signs, and the decryption device sign comprises: HID (Chinese:;
Step 302: plug-in unit receives the first configure trigger information, and whether search has corresponding configuration identifier, is execution in step 303, otherwise finishes;
In the present embodiment, configuration identifier comprises: operating right sign and deciphering device identification, and concrete, operating right copies for forbidding;
Step 303: plug-in unit confirmation of receipt trigger message generates the first configuration information and the first numerical value;
Described the first configuration information comprises decryption device sign and ident value and operating right sign; When decryption device is designated HID, can use unique equipment that the document is decrypted, when decryption device is designated UID, can use the interior arbitrary equipment of ident value scope of setting that the document is decrypted, the HID of each equipment and UID are all different; Concrete, forbid the m_bEnableMenu1 that is designated that copies in the present embodiment;
Described the first numerical value is true random number or pseudo random number, the preferred true random number that adopts in the present embodiment;
Wherein, the first configuration information and the first numerical value also can be not generating in the same time, as first generate the first numerical value in this step; Again current document is configured after the operation of the first numerical value is completed, generates the first configuration information;
Step 304: plug-in unit has judged whether that equipment is connected with main frame, is execution in step 305, otherwise finishes;
Be provided with unique UID or HID in described equipment;
Step 305: the first numerical value that plug-in unit will produce sends to equipment by main frame;
Step 306: equipment receives the first numerical value, according to preset algorithm, it is calculated first and generates key;
Preferably, in the present embodiment, self key that equipment uses storage is encrypted the first numerical value that receives and obtains first and generate key, and equipment also can use XOR, splicing computing, combinatorial operation or sum operation to calculate first to self key of storage and the first numerical value and generate key;
Step 307: equipment generates key with first and sends to plug-in unit;
Step 308: plug-in unit receives first and generates key, use the first generation key that the current Word clear data that gets is encrypted and generate the Word encrypt data, according to the first default form, Word encrypt data and default Word encryption identification are packaged into the first packet;
Concrete, also comprised before step 308: described plug-in unit obtains current Word clear data when receiving button trigger message or instruction triggers information; Preferably, in the present embodiment, current Word clear data obtains in step 301, and concrete acquisition process is: plug-in unit calls the Get_text function and reads the Word clear data, and when in Word, picture being arranged, the Get_text function is replaceable is the cut function; The file encryption sign that different Doctypes is corresponding is different, and Word encryption identification default in the present embodiment is m_bEncrypt1;
Step 309: plug-in unit generates key with first and the first configuration information sends to equipment by main frame;
Step 310: equipment receives first and generates key and the first configuration information, uses the default form of self key basis of storage to generate the first configuration encrypt data to both being encrypted;
Step 311: equipment returns to plug-in unit with the first configuration encrypt data;
Step 312: plug-in unit receives the first configuration encrypt data, according to the second default form, itself and the first configuration ciphertext sign of presetting is packaged into the second packet;
Step 313: plug-in unit forms first packet with the first packet and the second packet, and according to the first predetermined manner, the content of first packet is converted into the first printable form text;
Preferably, in the present embodiment, plug-in unit is converted into ASCII character with first packet content; Can also be converted into other and can show word, array mode is sequential combination or other array modes;
Step 314: plug-in unit sends to document editor with the first printable form text;
The Word editing machine displays it after receiving the first printable text, can call the Put_text function as the Word editing machine the first printable text is write in Word, and ciphering process finishes, and Word shows ciphertext; When in Word, picture being arranged, the Put_text function replaces with the PasteSpecial function;
With reference to figure 4, the decrypting process of a kind of Word document guard method that the present embodiment three provides comprises:
Step 401: when plug-in unit intercepts the second interface id information, obtain current Word displaying contents, and according to the second predetermined manner, current Word displaying contents is reduced to former Word content;
In the present embodiment, the second interface id information comprises the trigger message of opening current document, and the second predetermined manner and the first predetermined manner in step 313 in this step are reciprocal; Step 401 is specially: plug-in unit receives the trigger message of opening current document, calls the Get_text function and reads the first printable text that current Word shows, this first printable text is reduced to former Word content;
Step 402: whether plug-in unit judges the Word encryption identification of making an appointment in former Word content, is execution in step 403, otherwise current Word displaying contents is sent to document editor;
Word encryption identification in the present embodiment is m_bEncrypt1;
Step 403: whether plug-in unit judges the first configuration ciphertext sign in former Word content, is execution in step 404, otherwise current Word displaying contents is sent to document editor;
Step 404: plug-in unit is resolved former Word content according to Word encryption identification and the first configuration ciphertext sign and is obtained Word encrypt data and the first configuration encrypt data;
Step 405: plug-in unit has judged whether that equipment is connected with main frame, is execution in step 406, otherwise the Word encrypt data that parsing obtains is sent to document editor;
Step 406: plug-in unit sends to equipment with the first configuration encrypt data by main frame;
Step 407: equipment receives the first configuration encrypt data, and uses self key of storage that it is decrypted, and successful decryption is execution in step 408, otherwise execution in step 409;
Step 408: equipment judges whether the decryption device condition of the first configuration in clear data conforms to self information, is execution in step 411, otherwise execution in step 409;
Concrete, in the present embodiment, step 408 is specially: equipment judge that the HID value in the first configuration clear data is whether identical with self HID value and/or judge that first configures UID value scope in clear data and whether include the UID value of self;
Step 409: equipment sends failure information to plug-in unit;
Step 410: the plug-in unit information that takes defeat, the Word encrypt data that parsing is obtained sends to document editor;
Step 411: equipment sends to plug-in unit with the first configuration clear data;
In the present embodiment, this first configuration clear data comprises that first generates key and the first configuration information, and the first configuration information comprises decryption device sign and ident value and operating right sign;
Step 412: plug-in unit receives the first configuration clear data, and use the first generation key in the first configuration clear data that the Word encrypt data that parsing obtains is decrypted, as successful decryption execution in step 413, the Word encrypt data that parsing is obtained as Decryption failures sends to document editor;
Step 413: plug-in unit sends to the Word editing machine with the Word clear data that deciphering obtains;
The Word editing machine is receiving the Word clear data, calls the Put_text function Word clear data is write in Word, and Word shows expressly; When in Word, picture being arranged, the Put_text function is replaceable is the PasteSpecial function;
Step 414: when plug-in unit intercepts the 3rd interface id information, judging whether current Word is carried out the operation of default access, is execution in step 415, otherwise finishes;
Deterministic process is specially: plug-in unit judges whether the operation in the 3rd interface id information is corresponding with the operating right sign in the first configuration clear data; Concrete, in the present embodiment, being operating as in the 3rd interface id information copies Word, and plug-in unit searches whether m_bEnableMenu1 is arranged in the first configuration clear data;
Step 415: plug-in unit forbids current Word is carried out the operation of default access by calling call back function in registration table;
Concrete, in the present embodiment, plug-in unit is forbidden Word is carried out replicate run by calling the GetEnable function.
When the user carries out other operations to the Word that opens, during preservation, plug-in unit can be encrypted this Word automatically.The method of using this enforcement one to provide, the user can be encrypted and arrange limiting operation easily to Word, prevent that the disabled user from arbitrarily opening this Word, and it is carried out malicious operation, the safety of protection privacy of user and Word.
Embodiment four
The present embodiment four is to describe the specific implementation of document protection method of the present invention in detail as an example of the excel document example, and plug-in unit is set up related process as shown in Figure 1 with document editor, does not repeat them here, and ciphering process is shown in Figure 5, comprising:
Step 501: plug-in unit receives the first trigger message, produces second value;
Concrete, in the present embodiment, the first trigger message can trigger or instruction triggers plug-in unit generation second value for button, and described numerical value is true random number or pseudo random number, the preferred random number that adopts in the present embodiment;
Step 502: plug-in unit has judged whether that equipment is connected with main frame, is execution in step 503, otherwise finishes;
Be provided with unique UID or HID in described equipment;
Step 503: plug-in unit sends to equipment with the second value that produces by main frame;
Step 504: equipment receives second value, according to preset algorithm, it is calculated second and generates key;
In the present embodiment, self key that preferred equipment uses storage is encrypted algorithm to the numerical value that receives and obtains second and generate key, and equipment also can use XOR, splicing computing, combinatorial operation or sum operation to generate second to self key of storage and the numerical value that receives and generate key;
Step 505: equipment generates key with second and sends to plug-in unit;
Step 506: plug-in unit receives second and generates key, and use the second generation key to be encrypted generation Excel encrypt data to the current Excel clear data that gets, according to the first default form, Excel encrypt data and default Excel encryption identification are packaged into the 3rd packet;
Concrete, also comprised before step 506: described plug-in unit obtains current Excel clear data when receiving button trigger message or instruction triggers information, and is preferred, in the present embodiment, obtains current Excel clear data and carries out in step 501; Concrete acquisition process is: plug-in unit calls the Get_usedRange function and chooses the cell that is used in Excel, then by the Cut function, the cell content of choosing is copied in shear plate; Then plug-in unit uses the second generation key to be encrypted generation Excel encrypt data to the cell content that is stored in shear plate; Wherein, the Excel encrypt data is binary; Excel encryption identification default in the present embodiment is m_bEncrypt2;
Step 507: when plug-in unit intercepts the first interface id information, call overload function login dialog frame interface;
The operation that the operation that first interface id information in the present embodiment starts the plug-in unit button for the user clicks or user preserve Excel; Concrete, the overload function in the present embodiment is the GetCustomUI function;
Eject a pair of words frame behind login dialog frame interface in Excel; The dialog box that ejects comprises: operating right and deciphering device identification; Operating right comprises: forbid copying, forbid shearing, forbid preserving, forbid saving as, forbid as Email attachment etc., different operating rights is corresponding to different signs, and the decryption device sign comprises: HID and/or UID;
Step 508: plug-in unit receives the second configure trigger information, searches whether corresponding configuration identifier is arranged; Be execution in step 509, otherwise finish;
Concrete, in the present embodiment, configuration identifier comprises: operating right sign and deciphering device identification; Operating right in the present embodiment is sheared for forbidding;
Step 509: plug-in unit confirmation of receipt trigger message generates the second configuration information;
Described the second configuration information comprises decryption device sign and ident value and operating right sign; Concrete, forbidding in the present embodiment shears is designated m_bEnableMenu2;
Step 510: plug-in unit generates key with second and the second configuration information sends to equipment by main frame;
Step 511: equipment receives second and generates key and the second configuration information, uses the default form of self key basis of storage to generate the second configuration encrypt data to both being encrypted;
Step 512: equipment returns to plug-in unit with the second configuration encrypt data;
Step 513: plug-in unit receives the second configuration encrypt data, according to the second default form, itself and the second configuration ciphertext sign of presetting is formed the 4th packet;
Step 514: plug-in unit forms second largest packet with the 3rd packet and the 4th packet, and according to the first predetermined manner, second largest packet content is converted into the second printable form text;
Preferably, in the present embodiment, plug-in unit is converted into hexadecimal ASCII character with second largest packet content; Can also be converted into other and can show word, array mode is sequential combination or other array modes;
Step 515: plug-in unit is cut apart the second printable form text according to default size;
Concrete, default size in the present embodiment is 10,000 bytes;
Step 516: plug-in unit will be cut apart all unit encrypt datas that obtain and send to the Excel editing machine;
The Excel editing machine calls the PasteSpecial function each unit encrypt data is written in corresponding Excel cell, and ciphering process finishes, and shows ciphertext in Excel;
The decrypting process of a kind of Excel document protection method that the present embodiment four provides as shown in Figure 6, comprising:
Step 601: when plug-in unit intercepts the 3rd interface id information, obtain current Excel displaying contents, and be reduced to former Excel content according to the current Excel displaying contents that the second predetermined manner will be obtained;
In the present embodiment, described the second interface message comprises the trigger message of opening current Excel; The second predetermined manner and the first predetermined manner in step 514 in this step are reciprocal; The process of obtaining current Excel displaying contents is specially: plug-in unit calls the Get_usedRange function and chooses the cell that is used in Excel, then by the Cut function, the cell content of choosing is copied in shear plate;
Step 602: whether plug-in unit judges the Excel encryption identification of making an appointment in former Excel content, is execution in step 603, otherwise current Excel displaying contents is sent to document editor;
In the present embodiment, the Excel encryption identification is m_bEncrypt2;
Step 603: whether plug-in unit judges the second configuration ciphertext sign in former Excel content, is execution in step 604, otherwise current Excel displaying contents is sent to document editor;
Step 604: plug-in unit is resolved former Excel content according to Excel encryption identification and the second configuration ciphertext sign and is obtained Excel encrypt data and the second configuration encrypt data;
Step 605: plug-in unit has judged whether that equipment is connected with main frame, is execution in step 606, otherwise the Excel encrypt data that parsing obtains is sent to document editor;
Step 606: plug-in unit sends to equipment with the second configuration encrypt data by main frame;
Step 607: equipment receives the second configuration encrypt data, uses self key of storage that it is decrypted, and successful decryption is execution in step 608, otherwise execution in step 609;
Step 608: equipment judges whether the decryption device condition of the second configuration in clear data conforms to self information, is execution in step 611, otherwise execution in step 609;
Concrete, in the present embodiment, step 608 is specially: equipment judge that whether identical with self HID value and/or judge that second configures UID value scope in clear data and whether include the UID value of self the HID value in the second configuration clear data identical;
Step 609: equipment sends failure information to plug-in unit;
Step 610: the plug-in unit information that takes defeat, the Excel encrypt data that parsing is obtained sends to document editor;
Step 611: equipment sends to plug-in unit with the second configuration clear data;
Wherein, this second configuration clear data comprises that second generates key and the second configuration information, and the second configuration information comprises decryption device sign and ident value and operating right sign;
Step 612: plug-in unit receives the second configuration clear data, and uses the second generation key in the second configuration clear data that the Excel encrypt data that parsing obtains is decrypted, and successful decryption is execution in step 613, otherwise finishes;
Step 613: plug-in unit is cut apart the document clear data that deciphering obtains according to default size;
Concrete, default size in the present embodiment is 10,000 bytes;
Step 614: plug-in unit is cut apart with all unit clear datas that obtain and is sent to the Excel editing machine;
Concrete, in the present embodiment, the Excel editing machine calls the PasteSpecial function each unit clear data is written in corresponding Excel cell, shows in Excel expressly;
Step 615: when plug-in unit intercepts the 4th interface id information, judging whether current Excel is carried out the operation of default access, is execution in step 616, otherwise finishes;
Concrete, in the present embodiment, be operating as the operation that Excel is sheared in the 4th interface id information; Deterministic process is specially: plug-in unit searches whether m_bEnableMenu2 is arranged in the second configuration clear data;
Step 616: plug-in unit forbids current Excel is carried out the operation of default access by calling call back function in registration table;
Concrete, in the present embodiment, plug-in unit is forbidden Excel is sheared by calling the GetEnable function.
It carries out other operations to the above-mentioned Excel that opens as the user, and during preservation, plug-in unit is encrypted this Excel automatically; The method of using the embodiment of the present invention to provide can prevent that the disabled user from carrying out malice to Excel and shearing, and improves the Excel security, also can other operating rights be set to Excel, improves the security of Excel.
Embodiment five
In the described method that the present embodiment two, embodiment three and embodiment four provide, for strengthen plug-in unit and with equipment that main frame is connected between the security of communication, the embodiment of the present invention five provides a kind of replenish step of document protection method, as shown in Figure 7, comprises;
Step 701: plug-in unit produces the first random number and backs up, and the first random number is sent to equipment by main frame;
Step 702: equipment receives the first random number, produces the second random number and also backs up, and the second random number of the first random number and backup is combined into the first new numerical value and stores by preset rules;
Step 703: equipment sends to plug-in unit with the second random number;
Step 704: plug-in unit receives the second random number, and its first random number with backup is combined into the second new numerical value according to preset rules;
Step 705: plug-in unit sends to equipment with the second new numerical value by main frame;
Step 706: equipment receives the second new numerical value and compares with the first new numerical value of storing, as unanimously, returns to successfully response message to plug-in unit, and plug-in unit begins to carry out data communication by main frame and equipment; Return to failure response information to plug-in unit as inconsistent, finish.
Concrete, the method that the present embodiment provides is applied in and carries out after in Fig. 2-Fig. 6, the plug-in unit judgement has equipment and main frame is connected, and guarantees that the each communication between plug-in unit and equipment is all safe, can prevent that the data in communication process are tampered.
Embodiment six
The present embodiment six provides a kind of file protection system, as shown in Figure 8, comprises plug-in unit 1 and equipment 3; Wherein plug-in unit 1 is mounted in main frame, carries out communication by main frame and equipment 3;
Plug-in unit 1 comprises:
The first receiver module 10: be used for data and information that receiving equipment 3 sends; Also be used for confirmation of receipt trigger message and configure trigger information;
Concrete, in the present embodiment, described data and information comprise: generate key, configuration encrypt data, configuration clear data and failure information;
The first sending module 11 is used for sending data to equipment 3; Comprise: the configuration encrypt data that numerical value, generation key and configuration information, parsing obtain; Also use to document editor and send data;
Acquisition module 12 is used for intercepting and capturing the interface id information; Also be used for obtaining the current document clear data at ciphering process, obtain the current document displaying contents in decrypting process;
Group bag module 13 is used for according to default form default file encryption sign and the document encrypt data after encrypting, receives the configuration encrypt data and default configuration ciphertext sign encapsulates respectively, is combined into packet;
Conversion module 14 is used for according to predetermined manner, the content of packet being changed into printable form text at ciphering process, and the inverse approach according to predetermined manner in decrypting process is reduced to former document content with the current document displaying contents;
Concrete, when the type of document was the Excel document, conversion module 14 also was used for printable form text and deciphers the current document clear data that obtains cutting apart according to default size;
Generation module 15 is used for generating configuration information and numerical value;
Concrete, in the present embodiment, generation module 15 generates configuration information and numerical value simultaneously when synchronization receives trigger message, is not perhaps receiving in the same time trigger message generation configuration information and numerical value; Trigger message can be button trigger message or instruction triggers information, and configuration information comprises decryption device sign and ident value and operating right sign;
Search module 16, be used for when the first receiver module 10 receives configure trigger information, search whether corresponding configuration identifier is arranged;
Concrete, in the present embodiment, configuration identifier comprises: operating right sign and deciphering device identification;
Parsing module 17 is used for obtaining document encrypt data and configuration encrypt data according to file encryption sign and configuration ciphertext sign to the former document content after transforming is resolved at decrypting process;
Can the first judge module 18 be used for judging according to current document parsing the enciphered data that meets described default form, and the equipment that judged whether is connected with main frame, specifically comprises:
The first judging unit: be used for judging whether former document content has file encryption sign and configuration ciphertext sign;
Resolution unit: be used for according to file encryption sign and configuration ciphertext sign, former document content being resolved and obtain described document encrypt data and configuration encrypt data;
The second judging unit is used for having judged whether that equipment is connected with main frame;
The 3rd judging unit is used for judging whether current document is carried out the operation of default access when acquisition module 12 intercepts the 3rd interface id information;
Concrete, in the present embodiment, whether the operation in the 3rd judgment unit judges the 3rd interface id information is corresponding with the operating right sign in the configuration clear data that receives;
The first encrypting module 19 is used for using the generation key that receives that the current document clear data that gets is encrypted, and forms the document encrypt data;
The first deciphering module 20 is used for using the generation key of the configuration clear data that receives that the document encrypt data that parsing obtains is decrypted;
Quiescing module 21 is used for current document is carried out the operation of default access;
Concrete, in the present embodiment, quiescing module 21 is carried out the operation of default access by calling the call back function current document; Call back function is GetEnable;
Wherein, the equipment 3 in the present embodiment four system of providing comprises:
The second sending module 30 is used for sending the generation key, encrypting the configuration encrypt data, configuration clear data and the failure information that obtain to the first receiver module 10;
The second receiver module 31 is used for receiving numerical value, generation key and the configuration information that the first sending module 11 sends, and also is used for receiving at decrypting process and resolves the configuration encrypt data that obtains;
Memory module 32 is used for storage self key and preset algorithm;
The second encrypting module 33 be used for to use preset algorithm to calculate the generation key to the numerical value that receives, and uses self key to the configuration information that receives and generate key to be encrypted and to generate the configuration encrypt data;
The second deciphering module 34 is used for use self key the configuration encrypt data that receives is decrypted, and successful decryption obtains configuring clear data, Decryption failures failed regeneration information;
The second judge module 35 is used for judging whether the decryption device condition of described configuration clear data conforms to facility information.
The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with those skilled in the art in technical scope disclosed by the invention; the variation that can expect easily or replacement are within all should being encompassed in protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection domain of claim.

Claims (22)

1. a document protection method, is characterized in that, comprises ciphering process and decrypting process, and wherein ciphering process comprises:
Step a: when plug-in unit intercepts the first interface id information, use the generation key that the current document clear data that obtains is encrypted and obtain the document encrypt data; Described plug-in unit sends to encryption device with described generation key and configuration information; Described configuration information comprises decryption device sign and ident value thereof;
Step b: described encryption device receives described generation key and configuration information, and self key that uses storage is encrypted described generation key and configuration information and obtains configuring encrypt data, and described configuration encrypt data is sent to described plug-in unit;
Step c: described plug-in unit encapsulates the composition packet according to default form with described document encrypt data and file encryption sign, described configuration encrypt data and configuration ciphertext sign; Described plug-in unit is processed described packet, and result is sent to document editor;
Wherein, decrypting process comprises:
Steps d: when described plug-in unit intercepts the second interface id information, can judgement parse the enciphered data that meets described default form according to current document, if judged whether that decryption device is connected with main frame, that the configuration encrypt data that parsing is obtained sends to decryption device, order execution in step e, otherwise the content of described current document is sent to document editor; As can not be with as described in the content of current document send to document editor;
Step e: described decryption device receives described configuration encrypt data, use self key that described configuration encrypt data is decrypted, whether the decryption device condition as described in judging as successful decryption in the configuration encrypt data conforms to self information, will configure clear data to send to described plug-in unit, order execution in step g, otherwise execution in step f; As Decryption failures execution in step f;
Step f: described decryption device sends failure information for described plug-in unit, and described plug-in unit sends to document editor with the content of described current document;
Step g: described plug-in unit receives described configuration clear data, and use the generation key in described configuration clear data that the document encrypt data that parsing obtains is decrypted, the document clear data that deciphering is obtained as successful decryption sends to document editor, finishes as Decryption failures.
2. document protection method as claimed in claim 1, is characterized in that, described first interface id information comprises to be preserved the document trigger message or start the plug-in unit trigger message.
3. document protection method as claimed in claim 1, is characterized in that, uses the generation key that the current document clear data that obtains is encrypted in described step a and obtain comprising before the document encrypt data:
Step a1: described plug-in unit generates numerical value and sends it to described encryption device;
Step a2: described encryption device receives described numerical value, uses preset algorithm to calculate the generation key to described numerical value, and described encryption device sends to described plug-in unit with described generation key.
4. document protection method as claimed in claim 3, is characterized in that, comprised before described step a1: plug-in unit has judged whether that encryption device is connected with main frame, is execution in step a1, otherwise finishes.
5. document protection method as claimed in claim 1, is characterized in that, described configuration information also comprises the operating right sign.
6. document protection method as claimed in claim 5, is characterized in that, comprised before plug-in unit described in described step a sends to encryption device with described generation key and configuration information:
Step a11: described plug-in unit receives configure trigger information, judges whether corresponding configuration identifier, is execution in step a12, otherwise finishes;
Step a12: described plug-in unit confirmation of receipt trigger message generates configuration information;
Described configuration identifier comprises decryption device sign and operating right sign.
7. document protection method as claimed in claim 1; it is characterized in that; described plug-in unit in described step c encapsulates the formation packet according to default form with described document encrypt data and file encryption sign, described configuration encrypt data and configuration ciphertext sign, specifically comprises:
Described plug-in unit encapsulates described document encrypt data and default file encryption sign, described configuration encrypt data and default configuration ciphertext sign respectively according to default form, is combined into packet.
8. document protection method as claimed in claim 7, is characterized in that, the type of described document is Word document, and the described plug-in unit in described step c is processed described packet, specifically comprises:
Described plug-in unit is converted into the first printable form text according to the first predetermined manner with the content of described packet.
9. document protection method as claimed in claim 8, is characterized in that, described plug-in unit sends to document editor with result, is specially: described plug-in unit sends to document editor with the first printable form text.
10. document protection method as claimed in claim 7, is characterized in that, the type of described document is the Excel document, and the described plug-in unit in described step c is processed described packet, specifically comprises:
Described plug-in unit is converted into the second printable form text according to the first predetermined manner with the content of described packet, and cuts apart according to the printable form text of default large young pathbreaker described second.
11. document protection method as claimed in claim 10 is characterized in that, described plug-in unit sends to document editor with result, is specially: described plug-in unit will be cut apart all unit encrypt datas that obtain and send to document editor.
12. document protection method as described in claim 9 or 11 is characterized in that, can judgement comprise before parsing the enciphered data that meets described default form according to current document in the steps d of described decrypting process:
Described plug-in unit obtains the current document displaying contents, according to the second predetermined manner, described current document displaying contents is reduced to former document content;
Described the second interface id information comprises the trigger message of opening current document, and described the second predetermined manner and described the first predetermined manner are reciprocal.
13. document protection method as claimed in claim 12; it is characterized in that; it is described that can judgement parse the enciphered data that meets described default form according to current document; whether be specially: judging has described file encryption sign and configuration ciphertext sign in described former document content, is to parse document encrypt data and configuration encrypt data according to described file encryption sign and configuration ciphertext sign from described former document content.
14. document protection method as claimed in claim 1 is characterized in that, judges in described step e whether the decryption device condition in described configuration clear data conforms to self information, is specially:
Whether decryption device sign and ident value thereof in described decryption device judgement configuration clear data be consistent with self identification and ident value.
15. document protection method as claimed in claim 11 is characterized in that, in described step g, successful decryption sends to document editor with the document clear data that deciphering obtains, and is specially:
Described plug-in unit is cut apart the document clear data that deciphering obtains according to default size, will cut apart all unit clear datas that obtain and send to document editor.
16. document protection method as claimed in claim 6; it is characterized in that; comprise after described step g: when described plug-in unit intercepts the 3rd interface id information; judge whether current document is carried out the operation of default access; be described current document to be carried out the operation of default access, otherwise finish.
17. document protection method as claimed in claim 16; it is characterized in that; the described operation that judges whether current document is carried out default access is specially: described plug-in unit judges whether the operation in the 3rd interface id information is corresponding with the operating right sign in the configuration clear data.
18. a file protection system is characterized in that, comprises plug-in unit and equipment, wherein plug-in unit comprises:
The first receiver module: be used for receiving generation key, configuration encrypt data and the configuration clear data that described equipment sends; Also be used for receiving confirmation trigger message and the configure trigger information that the user sends;
Acquisition module is used for intercepting and capturing the interface id information; Also be used for obtaining current document clear data and current document displaying contents;
Generation module is used for generating configuration information and generates numerical value;
Search module, be used for when described the first receiver module receives described configure trigger information, search whether corresponding configuration identifier is arranged;
The first encrypting module is used for using the described generation key that receives that the described current document clear data that gets is encrypted, and forms the document encrypt data;
Group bag module is used for according to default form default file encryption sign and described document encrypt data, receives configuration encrypt data and default configuration ciphertext and identify and encapsulate respectively, is combined into packet;
Conversion module is used for according to predetermined manner, the content of described packet being changed into printable form text at ciphering process, also is used for according to the inverse approach of described predetermined manner, the current document displaying contents being reduced to former document content at decrypting process;
Can the first judge module be used for judging according to current document parsing the enciphered data that meets described default form that the equipment that judged whether is connected with main frame;
The first deciphering module is used for using the generation key of the described configuration clear data that receives that the described document encrypt data that parsing obtains is decrypted;
The first sending module is used for sending to described equipment the described configuration encrypt data that described numerical value, generation key and configuration information, parsing obtain; Also use to document editor and send data;
Wherein, equipment comprises:
The second sending module is used for sending described generation key, configuration encrypt data and configuration clear data to described the first receiver module;
The second receiver module is used for receiving described numerical value that described the first sending module sends, generates the described configuration encrypt data that key and configuration information, parsing obtain;
Memory module is used for storage self key and preset algorithm;
The second encrypting module be used for to use preset algorithm to calculate described generation key to described numerical value, uses described self key to the described configuration information that receives and generate key to be encrypted the described configuration encrypt data of generation;
The second deciphering module is used for using described self key that the described configuration encrypt data that receives is decrypted, configuration clear data as described in obtaining as successful decryption;
The second judge module is used for judging whether the decryption device condition of described configuration clear data conforms to facility information.
19. file protection system as claimed in claim 18 is characterized in that, the type of described document is the Excel document, and described conversion module also is used for described printable form text and deciphers the described document clear data that obtains cutting apart according to default size.
20. file protection system as claimed in claim 18 is characterized in that, described the first judge module comprises:
The first judging unit: be used for judging whether former document content has file encryption sign and configuration ciphertext sign;
Resolution unit: be used for according to described file encryption sign and configuration ciphertext sign, the former document content after described conversion being resolved and obtain described document encrypt data and configuration encrypt data;
The second judging unit is used for having judged whether that equipment is connected with main frame.
21. file protection system as claimed in claim 20 is characterized in that, described the first judge module also comprises the 3rd judging unit, is used for judging whether described current document is carried out the operation of default access.
22. file protection system as claimed in claim 21 is characterized in that, described plug-in unit also comprises the quiescing module, is used for described current document is carried out the operation of described default access.
CN2011102514383A 2011-08-29 2011-08-29 Document protection method and system Expired - Fee Related CN102306255B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2011102514383A CN102306255B (en) 2011-08-29 2011-08-29 Document protection method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2011102514383A CN102306255B (en) 2011-08-29 2011-08-29 Document protection method and system

Publications (2)

Publication Number Publication Date
CN102306255A CN102306255A (en) 2012-01-04
CN102306255B true CN102306255B (en) 2013-06-19

Family

ID=45380115

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2011102514383A Expired - Fee Related CN102306255B (en) 2011-08-29 2011-08-29 Document protection method and system

Country Status (1)

Country Link
CN (1) CN102306255B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102722682B (en) * 2012-04-28 2015-01-14 飞天诚信科技股份有限公司 Protection method for Excel document
CN105117378B (en) * 2015-08-05 2017-10-31 联动优势电子商务有限公司 A kind of JSON files are converted to the method and device of EXCEL file
CN106685897B (en) * 2015-11-09 2020-09-08 国民技术股份有限公司 Safe input method, device and system
CN106778166B (en) * 2016-11-30 2020-04-10 Oppo广东移动通信有限公司 Data editing method and device and terminal
CN108280353B (en) * 2017-01-05 2021-12-28 珠海金山办公软件有限公司 Method and device for judging security document operation
CN109255246A (en) * 2018-08-14 2019-01-22 平安普惠企业管理有限公司 Interface parameters encryption method, device, computer equipment and storage medium
CN112651214B (en) * 2020-08-28 2023-03-28 成都格斗科技有限公司 Method for converting data table plaintext into binary ciphertext convenient for program to read
CN112565282A (en) * 2020-12-14 2021-03-26 中国科学院信息工程研究所 Data encryption method, terminal equipment and electronic equipment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101008974A (en) * 2007-01-26 2007-08-01 北京飞天诚信科技有限公司 Protection method and system of electronic document
CN101853363A (en) * 2010-05-07 2010-10-06 北京飞天诚信科技有限公司 File protection method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101008974A (en) * 2007-01-26 2007-08-01 北京飞天诚信科技有限公司 Protection method and system of electronic document
CN101853363A (en) * 2010-05-07 2010-10-06 北京飞天诚信科技有限公司 File protection method and system

Also Published As

Publication number Publication date
CN102306255A (en) 2012-01-04

Similar Documents

Publication Publication Date Title
CN102306255B (en) Document protection method and system
CN104662870B (en) Data safety management system
EP2165284B1 (en) Method and apparatus for securing data in memory device
CN106980794A (en) TrustZone-based file encryption and decryption method and device and terminal equipment
CN101593550B (en) High strength encrypting USB flash disk for police
CN103390026A (en) Mobile intelligent terminal security browser and working method thereof
CN104270353B (en) information security transmission method and system, receiving terminal and sending terminal
CN107124279B (en) Method and device for erasing terminal data
CN106682521B (en) File transparent encryption and decryption system and method based on driver layer
CN105827574A (en) File access system, file access method and file access device
CN105786521B (en) File outgoing protection method and device
KR101625785B1 (en) Method and device for information security management of mobile terminal, and mobile terminal
CN105975867A (en) Data processing method
CN101114319A (en) Shear plate information protecting equipment and method thereof
CN104050398B (en) Multifunctional encryption lock and operating method thereof
WO2011130970A1 (en) Device and method for protecting data of mobile terminal
CN115982761A (en) Sensitive information processing method and device, electronic equipment and storage medium
CN104601820A (en) Mobile terminal information protection method based on TF password card
CN103873521A (en) Cloud architecture-based mobile phone privacy file protection system and method
CN111079170A (en) Control method and control device of solid state disk
CN112039662B (en) Symmetric encryption transmission method for sensitive data in secret related unit Web application webpage
EP3193262A1 (en) Database operation method and device
Teufl et al. iOS encryption systems: Deploying iOS devices in security-critical environments
CN110932853B (en) Key management device and key management method based on trusted module
CN101930523B (en) document protection system and method

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20130619