CN103281304A - Information safety processing method and system - Google Patents
Information safety processing method and system Download PDFInfo
- Publication number
- CN103281304A CN103281304A CN2013101562054A CN201310156205A CN103281304A CN 103281304 A CN103281304 A CN 103281304A CN 2013101562054 A CN2013101562054 A CN 2013101562054A CN 201310156205 A CN201310156205 A CN 201310156205A CN 103281304 A CN103281304 A CN 103281304A
- Authority
- CN
- China
- Prior art keywords
- targeted customer
- source user
- information
- management center
- center server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 12
- 238000000034 method Methods 0.000 claims abstract description 13
- 238000004891 communication Methods 0.000 claims description 12
- 230000005540 biological transmission Effects 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 description 4
- 238000005259 measurement Methods 0.000 description 3
- 230000003247 decreasing effect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000737 periodic effect Effects 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention provides an information safety processing method and system. The method comprises the following steps that a source user establishes accessing limiting information and sends an encryption request to an algorithm controller; the algorithm controller receives the encryption request and a strategy is selected according to a pre-set algorithm according to an encryption algorithm comparison table; an encryption algorithm of the accessing limiting information is determined and the encryption algorithm is sent to the source user; the source user encrypts the accessing limiting information according to the encryption algorithm and sends a calling request to a management central server; after the management central server obtains a target user access authority, the source user binds the target user access authority and the accessing limiting information, and sends a distribution strategy request to the controller; the controller feeds back a distribution strategy response to the source user; the source user sends the bound target user access authority and accessing limiting information to a target user according to a distribution strategy; and after the target user is approved by the management central server, the target user processes the information according to a received decryption rule.
Description
Technical field
The invention belongs to network communication field, relate in particular to a kind of processing method and system of information security.
Background technology
In network communication field, the information safety protection of electronic document is a very important aspect.Current, need the scheme of highly effective badly for the information safety protection of electronic document.
Summary of the invention
The invention provides a kind of processing method and system of information security, to address the above problem.
The invention provides a kind of processing method of information security.Said method may further comprise the steps: source user is created the visit limited information, and sends the request of encryption to algorithmic controller, and wherein, visit limited information level of confidentiality is carried in the request of encryption; Algorithmic controller receives the request of encryption, and according to the cryptographic algorithm table of comparisons, chooses strategy according to preset algorithm, determines the cryptographic algorithm of visit limited information, and cryptographic algorithm is sent to source user; Source user is according to cryptographic algorithm encrypted access limited information, and sends call request to management center server, wherein, carries entity type information under visit limited information level of confidentiality and the targeted customer in the call request; After management center server obtains targeted customer's access rights, source user bound targets access privilege and visit limited information also send the distribution policy request to controller, wherein, carry source user, the affiliated entity type information of targeted customer in the distribution policy request; Controller wherein, carries distribution policy in the distribution policy response to the response of source user feedback distribution policy; Source user is sent to the targeted customer according to distribution policy with targeted customer's access rights and the visit limited information of binding; After the targeted customer authenticated by management center server, the deciphering rule that management center server notice algorithmic controller will be visited the cryptographic algorithm correspondence of limited information was sent to the targeted customer; The targeted customer handles described information according to the deciphering rule that receives.Wherein, the accident rate that externally transmission information of controller cycle statistics source user causes, and according to accident rate and the tactful term of validity of adjusting the visit limited information in the external delegated strategy table in the management center server of term of validity adjustment.The cpu busy percentage of timeslice distributor supervision and management center server, if the cpu busy percentage of management center server reaches preset value, the timeslice distributor carries out poll according to the timeslice of source user level allocation management center server.
The present invention also provides a kind for the treatment of system of information security, comprises source user, targeted customer, management center server, communication server, controller, algorithmic controller and timeslice distributor.Management center server connects source user, targeted customer, timeslice distributor, controller and algorithmic controller respectively, communication server connects source user and targeted customer, controller connects source user and management center server, and algorithmic controller connects source user and targeted customer.Source user is created the visit limited information, and sends the cryptographic algorithm request to algorithmic controller, and wherein, visit limited information level of confidentiality is carried in the request of encryption.Algorithmic controller receives the request of encryption, and according to the cryptographic algorithm table of comparisons, chooses strategy according to preset algorithm, determines the cryptographic algorithm of visit limited information, and cryptographic algorithm is sent to source user.Source user is according to cryptographic algorithm encrypted access limited information, and sends call request to management center server, wherein, carries entity type information under visit limited information level of confidentiality and the targeted customer in the call request.After management center server obtains targeted customer's access rights, source user bound targets access privilege and visit limited information also send the distribution policy request to controller, wherein, carry source user, the affiliated entity type information of targeted customer in the distribution policy request.Controller wherein, carries distribution policy in the distribution policy response to the response of source user feedback distribution policy.Source user is sent to the targeted customer according to distribution policy with targeted customer's access rights and the visit limited information of binding.After the targeted customer authenticated by management center server, the deciphering rule that management center server notice algorithmic controller will be visited the cryptographic algorithm correspondence of limited information was sent to the targeted customer, and the targeted customer handles described information according to the deciphering rule that receives.The accident rate that externally transmission information of controller cycle statistics source user causes, and adjust the term of validity that strategy is adjusted the visit limited information in the external delegated strategy table in the management center server according to accident rate and the term of validity.The cpu busy percentage of timeslice distributor supervision and management center server, if the cpu busy percentage of management center server reaches preset value, the timeslice distributor carries out poll according to the timeslice of source user level allocation management center server.
Compared to prior art, according to processing method and the system of information security provided by the invention, the cryptographic algorithm encrypted access limited information that the source user basis obtains from algorithmic controller, thus guarantee information security.And after management center server obtained targeted customer's access rights, source user obtained distribution policy according to entity type under the targeted customer from controller, according to distribution policy, bound targets access privilege and visit limited information was sent to the targeted customer.So, realize the safety certification of information, thereby guaranteed information security.In addition, the accident rate that externally transmission information of controller cycle statistics source user causes, and according to accident rate and the tactful term of validity of adjusting the visit limited information in the external delegated strategy table in the management center server of term of validity adjustment.So, can adjust safeguard measure in real time according to actual conditions.In addition, the cpu busy percentage of timeslice distributor supervision and management center server, if the cpu busy percentage of management center server reaches preset value, the timeslice distributor carries out poll according to the timeslice of source user level allocation management center server.So, avoid cpu load excessive, thereby guaranteed communication security.
Description of drawings
Accompanying drawing described herein is used to provide further understanding of the present invention, constitutes the application's a part, and illustrative examples of the present invention and explanation thereof are used for explaining the present invention, do not constitute improper restriction of the present invention.In the accompanying drawings:
Figure 1 shows that the flow chart of the processing method of the information security that preferred embodiment according to the present invention provides;
Figure 2 shows that the schematic diagram of the treatment system of the information security that preferred embodiment according to the present invention provides.
Embodiment
Hereinafter will describe the present invention with reference to the accompanying drawings and in conjunction with the embodiments in detail.Need to prove that under the situation of not conflicting, embodiment and the feature among the embodiment among the application can make up mutually.
Figure 1 shows that the flow chart of the processing method of the information security that preferred embodiment according to the present invention provides.As shown in Figure 1, the processing method of the information security that provides of preferred embodiment of the present invention comprises step 101~108.
In step 101, source user is created the visit limited information, and sends the request of encryption to algorithmic controller, and wherein, visit limited information level of confidentiality is carried in described encryption request.Wherein, the visit limited information for example comprises top-secret information, confidential information and secret information.Yet the present invention does not limit this.In practical application, can specifically arrange the visit limited information as required.
In step 102, described algorithmic controller receives described encryption request, and according to the cryptographic algorithm table of comparisons, chooses strategy according to preset algorithm, determines the cryptographic algorithm of described visit limited information, and described cryptographic algorithm is sent to described source user.Particularly, the algorithmic controller storage encryption algorithm table of comparisons.The cryptographic algorithm table of comparisons comprises visits the corresponding relation that limited information level of confidentiality, cryptographic algorithm and preset algorithm are chosen strategy, and in this, cryptographic algorithm table of comparisons example is as shown in table 1.
Table 1
Wherein, the complexity of cryptographic algorithm 1~3 is greater than cryptographic algorithm 4~5, and the complexity of cryptographic algorithm 4~5 is greater than cryptographic algorithm 6~7.In addition, preset algorithm choose strategy for example comprise picked at random, the order choose, choose by half.In this, only for giving an example, the present invention does not limit this setting in the table 1.As shown in table 1, top-secret information corresponding preset algorithm picks strategy is for choosing by half, particularly, if visit limited information level of confidentiality is top-secret information, then select the order of cryptographic algorithm to be: cryptographic algorithm 2, cryptographic algorithm 1, cryptographic algorithm 3, perhaps order is: cryptographic algorithm 2, cryptographic algorithm 3, cryptographic algorithm 1, namely, the cryptographic algorithm of at first selecting sequence number to mediate is more successively according to the selective sequential cryptographic algorithm of sequence number increasing or decreasing.Picked at random namely represents to select at random corresponding cryptographic algorithm.Selective sequential is namely represented to choose successively according to the order of cryptographic algorithm sequence number increasing or decreasing.The present invention does not limit this.
In addition, in present embodiment, algorithmic controller is also stored the deciphering rule of all cryptographic algorithm correspondences.In addition, when the cryptographic algorithm that will visit limited information in algorithmic controller was sent to source user, the corresponding relation of algorithmic controller storage source user information, visit limited information and cryptographic algorithm was for follow-up use.
In step 103, described source user is encrypted described visit limited information according to described cryptographic algorithm, and sends call request to management center server, wherein, carries the affiliated entity type information of visit limited information level of confidentiality and targeted customer in the call request.In present embodiment, after source user receives the cryptographic algorithm of determining from algorithmic controller, according to described cryptographic algorithm encrypted access limited information.In addition, under the targeted customer entity for example comprise the board of directors of our company, Finance Department of our company, Legal Service of our company, technology department of our company, our company cooperation unit, do not have cooperative relationship and non-competing adversary's unit, the benign competition adversary of our company and the vicious competitor of our company with our company.Yet the present invention does not limit this.In practical application, can specifically arrange entity under the targeted customer as required.
In step 104, after described management center server obtains described targeted customer's access rights, described source user is bound described targeted customer's access rights and is visited limited information and send the distribution policy request to controller, wherein, carry source user, the affiliated entity type information of targeted customer in the described distribution policy request.
In present embodiment, the management center server storage targeted customer access rights table of comparisons, and targeted customer's access rights table of comparisons comprises the corresponding relation of the affiliated entity type of targeted customer, visit limited information and access rights.In this, targeted customer's access rights table of comparisons example is as shown in table 2.Yet the present invention is not limited thereto.
Table 2
In this, targeted customer's access rights table of comparisons can be preset.Management center server obtains targeted customer's access rights according to table 2, and targeted customer's access rights of obtaining are returned to source user.Yet the present invention does not limit this.In other embodiment, management center server for example only obtains the template of targeted customer's access rights, and described template returned to source user, source user can be set required targeted customer's access rights according to described template, thereby obtains the final objective access privilege.
In present embodiment, after source user obtained targeted customer's access rights, bound targets access privilege and visit limited information also sent the distribution policy request to controller.Wherein, carry source user, the affiliated entity type information of targeted customer in the distribution policy request.
In step 105, described controller wherein, carries distribution policy in the described distribution policy response to the response of described source user feedback distribution policy.
In step 106, described source user is sent to described targeted customer according to described distribution policy with described targeted customer's access rights and the visit limited information of binding.Wherein, source user with targeted customer's access rights of binding and the visit limited information after the encryption, is sent to targeted customer by communication server according to distribution policy.
In present embodiment, safe class or the priority level of entity under the controller storage user; Distribution policy.Particularly, if source user and targeted customer belong to same company, and priority level or the safe class of entity is higher under the targeted customer, and distribution policy is: source user is sent to all targeted customers with targeted customer's access rights and visit limited information; If priority level or the safe class of entity is lower under the targeted customer, distribution policy is: source user is sent to the keeper of entity under the targeted customer with described targeted customer's access rights and visit limited information, is sent to all targeted customers by the keeper.In addition, if source user and targeted customer belong to different company, and the safe class of entity is higher under the targeted customer, and distribution policy is: source user is sent to the keeper of entity under the targeted customer with targeted customer's access rights and visit limited information, is sent to all targeted customers by the keeper; If the safe class of entity is lower under the targeted customer, distribution policy is: source user is sent to all targeted customers with targeted customer's access rights and visit limited information.
For example, if source user and targeted customer belong to same company, and entity comprises the board of directors of our company, Finance Department of our company, Legal Service of our company and technology department of our company under the targeted customer, and the priority level of entity from height to low order is under the targeted customer: the board of directors of our company, Legal Service of our company, Finance Department of our company, technology department of our company.At this moment, if entity is the board of directors of our company under the targeted customer, then according to distribution policy, source user can directly be sent to the directors of our company (that is targeted customer) with targeted customer's access rights and visit limited information.In addition, if source user and targeted customer belong to different company, under the targeted customer entity comprise our company cooperation unit, do not have cooperative relationship and non-competing adversary's unit, the benign competition adversary of our company and the vicious competitor of our company with our company, and the safe class of entity from height to low order is under the targeted customer: the cooperation unit of our company, do not have cooperative relationship and non-competing adversary's unit, the benign competition adversary of our company, the vicious competitor of our company with our company.At this moment, if entity is the cooperation unit of our company under the targeted customer, then according to distribution policy, source user can and be visited the keeper that limited information is sent to the cooperation unit of our company with targeted customer's access rights, is sent to the targeted customer of cooperation unit of our company by the keeper.
In step 107, after described targeted customer authenticated by described management center server, described management center server notified described algorithmic controller that the deciphering rule of the cryptographic algorithm correspondence of described visit limited information is sent to described targeted customer.Particularly, after targeted customer's access rights that targeted customer's reception sources user sends and the visit limited information, can send authentication request to management center server.Wherein, authentication request for example comprises targeted customer's information.Management center server receives described authentication request, and by behind targeted customer's the authentification of message, sends announcement information to algorithmic controller.Wherein, announcement information carries source user information, visit limited information and targeted customer's information.Behind the announcement information of algorithmic controller receiving management central server, from the corresponding relation of the source user information of its storage, visit limited information and cryptographic algorithm, obtain cryptographic algorithm and the corresponding deciphering rule of visit limited information, and the deciphering rule of correspondence is sent to the targeted customer.
In step 108, described targeted customer handles described information according to the described deciphering rule that receives.Particularly, the targeted customer is after algorithmic controller receiving and deciphering rule, according to deciphering rule deciphering visit limited information, simultaneously according to the visit limited information after the corresponding authority operation deciphering that obtains (for example, checking the visit limited information).
In addition, in present embodiment, if targeted customer and described source user do not belong to same company, then management center server determines that according to external delegated strategy table source user externally sends the delegated strategy of information.Wherein, external delegated strategy table comprises the corresponding relation of the term of validity of source user rank, the affiliated entity type of targeted customer, delegated strategy, visit limited information level of confidentiality, access rights and visit limited information.In this, externally delegated strategy table example is as shown in table 3, yet the present invention does not limit this.
Table 3
In practical application, the content of table 3 can arrange according to company's actual needs.In this, the source user rank comprises president, general manager and director, minister's rank, section chief's rank and clerk's rank.According to other difference of source user level, source user externally sends the authority difference of information, and at different other unit is visited limited information level of confidentiality, access rights and has time limit all different.So, guarantee fail safe that external information is sent.
In addition, in present embodiment, the accident rate that externally transmission information of controller cycle statistics source user causes, and adjust the term of validity that strategy is adjusted the visit limited information in the external delegated strategy table in the management center server according to accident rate and the term of validity.In this, externally delegated strategy table example is as shown in table 4, yet the present invention does not limit this.
| Accident rate | The term of validity of visit limited information is adjusted strategy |
| 0-5% | Preset value |
| 5%-10% | Reduce by 10% |
| 10%-20% | Reduce by 20% |
| More than 20% | Refusal sends |
Table 4
For example, if because externally transmission information of source user causes having an accident, and the accident rate in a measurement period for example be 7%(wherein, accident rate equals the ratio that accident frequency that the external transmission information in the measurement period causes and source user externally send the information total degree), then according to table 3 as can be known, what controller can be adjusted all-access limited information in the table 3 of management center server storage has a time limit (that is, reducing by 10%).So, can adjust safeguard measure in real time according to actual conditions.
Concrete implementation is: controller sends term of validity adjustment request to management center server, wherein, carries the term of validity of visit limited information in the described term of validity adjustment request and adjusts policy information; After management center server is received term of validity adjustment request, carry out the term of validity of visit limited information and adjust strategy.0~5%, then term of validity adjustment request can not trigger as if the accident rate in the measurement period, and the term of validity is still according to original preset value.
In addition, in present embodiment, the cpu busy percentage of timeslice distributor Real-time Monitor Management central server, if the cpu busy percentage of management center server reaches preset value, the timeslice distributor carries out poll according to the timeslice of source user level allocation management center server.In this, the timeslice distributor arranges the timeslice poll strategy table of comparisons, and example is as shown in table 5, yet the present invention does not limit this.
Table 5
Particularly, the timeslice distributor periodically detects the cpu busy percentage of management center server, when if the cpu busy percentage of management center server reaches respective threshold, the timeslice distributor can be with the work slice of management center server, the mode by poll, distributes.For example, when the cpu busy percentage of management center server reached 80%, the timeslice distributor distributed request to management center server transmitting time sheet, wherein, carried timeslice poll policy information in the described timeslice distribution request.After described management center server receives that described timeslice is distributed request, time of implementation sheet poll strategy; At this moment, management center server is controlled its work slice, by the mode of poll, distributes to other request work of president, general manager and director, minister's rank and section chief's level, and suspends other work of clerk's level.In like manner, if the cpu busy percentage of management center server is more high, then corresponding work slice by the mode of poll, is left the more high source user of rank for.So, be responsible for the work slice of allocation manager central server according to the cpu busy percentage situation of management center server by the timeslice distributor, guaranteed higher-level user's request, promoted higher-level user's experience, simultaneously, avoid cpu load excessive, guaranteed communication security.
Figure 2 shows that the schematic diagram of the treatment system of the information security that preferred embodiment according to the present invention provides.As shown in Figure 2, the treatment system of the information security that provides of preferred embodiment of the present invention comprises source user 10, targeted customer 13, management center server 12, communication server 11, controller 15, algorithmic controller 14 and timeslice distributor 16.Management center server 12 connects source user 10, targeted customer 13, timeslice distributor 16, algorithmic controller 14 and controller 15 respectively, communication server 11 connects source user 10 and targeted customer 13, controller 15 connects source user 10 and management center server 12, and algorithmic controller 14 connects source user 10 and targeted customer 13.
In present embodiment, source user 10 is created the visit limited information, and sends the cryptographic algorithm request to algorithmic controller 14, and wherein, visit limited information level of confidentiality is carried in the request of encryption.Algorithmic controller 14 receives the request of encryption, and according to the cryptographic algorithm table of comparisons, chooses strategy according to preset algorithm, determines the cryptographic algorithm of visit limited information, and cryptographic algorithm is sent to source user 10.Source user 10 is according to cryptographic algorithm encrypted access limited information, and sends call request to management center server 12, wherein, carries entity type information under visit limited information level of confidentiality and the targeted customer in the call request.After management center server 12 obtains targeted customer's access rights, source user 10 bound targets access privileges and visit limited information also send the distribution policy requests to controller 15, wherein, carry source user, the affiliated entity type information of targeted customer in the distribution policy request.Controller 15 wherein, carries distribution policy in the distribution policy response to source user 10 feedback distribution policy responses.Source user 10 is sent to targeted customer 13 according to distribution policy with targeted customer's access rights and the visit limited information of binding.After targeted customer 13 authenticated by management center server 12, the deciphering rule that management center server 12 notice algorithmic controllers 14 will be visited the cryptographic algorithm correspondence of limited information was sent to targeted customer 13.Targeted customer 13 handles described information according to the deciphering rule that receives.The accident rate that controller 15 periodic statistics source users 10 external transmission information cause, and adjust the term of validity that strategy is adjusted the visit limited information in the external delegated strategy table in the management center server 12 according to accident rate and the term of validity.The cpu busy percentage of timeslice distributor 16 supervision and management center servers 12, if the cpu busy percentage of management center server 12 reaches preset value, timeslice distributor 16 carries out poll according to the timeslice of source user level allocation management center server 12.Specific operation process about said system is described with above-mentioned method, so repeat no more in this.
In sum, the processing method of the information security that preferred embodiment provides according to the present invention and system, the cryptographic algorithm encrypted access limited information that the source user basis obtains from algorithmic controller, thus guarantee information security.And after management center server obtained targeted customer's access rights, source user obtained distribution policy according to entity type under the targeted customer from controller, according to distribution policy, bound targets access privilege and visit limited information was sent to the targeted customer.So, realize the safety certification of information, thereby guaranteed information security.In addition, the accident rate that externally transmission information of controller cycle statistics source user causes, and according to accident rate and the tactful term of validity of adjusting the visit limited information in the external delegated strategy table in the management center server of term of validity adjustment.So, can adjust safeguard measure in real time according to actual conditions.In addition, the cpu busy percentage of timeslice distributor supervision and management center server, if the cpu busy percentage of management center server reaches preset value, the timeslice distributor carries out poll according to the timeslice of source user level allocation management center server.So, avoid cpu load excessive, thereby guaranteed communication security.
The above is the preferred embodiments of the present invention only, is not limited to the present invention, and for a person skilled in the art, the present invention can have various changes and variation.Within the spirit and principles in the present invention all, any modification of doing, be equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (10)
1. the processing method of an information security is characterized in that, may further comprise the steps:
Source user is created the visit limited information, and sends the request of encryption to algorithmic controller, and wherein, visit limited information level of confidentiality is carried in described encryption request;
Described algorithmic controller receives described encryption request, and according to the cryptographic algorithm table of comparisons, chooses strategy according to preset algorithm, determines the cryptographic algorithm of described visit limited information, and described cryptographic algorithm is sent to described source user;
Described source user is encrypted described visit limited information according to described cryptographic algorithm, and sends call request to management center server, wherein, carries the affiliated entity type information of visit limited information level of confidentiality and targeted customer in the call request;
After described management center server obtains described targeted customer's access rights, described source user is bound described targeted customer's access rights and is visited limited information and send the distribution policy request to controller, wherein, carry source user, the affiliated entity type information of targeted customer in the described distribution policy request;
Described controller wherein, carries distribution policy in the described distribution policy response to the response of described source user feedback distribution policy;
Described source user is sent to described targeted customer according to described distribution policy with described targeted customer's access rights and the visit limited information of binding;
After described targeted customer authenticated by described management center server, described management center server notified described algorithmic controller that the deciphering rule of the cryptographic algorithm correspondence of described visit limited information is sent to described targeted customer;
Described targeted customer handles described information according to the described deciphering rule that receives,
Wherein, the accident rate that externally transmission information of the described source user of described controller cycle statistics causes, and according to accident rate and the tactful term of validity of adjusting the visit limited information in the external delegated strategy table in the described management center server of term of validity adjustment,
The timeslice distributor is monitored the cpu busy percentage of described management center server, if the cpu busy percentage of described management center server reaches preset value, described timeslice distributor carries out poll according to the timeslice of the described management center server of source user level allocation.
2. method according to claim 1, it is characterized in that, the described management center server storage targeted customer access rights table of comparisons, described targeted customer's access rights table of comparisons comprises the corresponding relation of the affiliated entity type of targeted customer, visit limited information and access rights.
3. method according to claim 1 and 2 is characterized in that, described visit limited information comprises top-secret information, confidential information and secret information.
4. method according to claim 1, it is characterized in that, if source user and targeted customer belong to same company, and priority level or the safe class of entity are higher under the targeted customer, and described distribution policy is: described source user is sent to all targeted customers with described targeted customer's access rights and visit limited information;
If priority level or the safe class of entity are lower under the targeted customer, described distribution policy is: described source user is sent to the keeper of entity under the targeted customer with described targeted customer's access rights and visit limited information, is sent to all targeted customers by described keeper.
5. method according to claim 1, it is characterized in that, if source user and targeted customer belong to different company, and the safe class of entity is higher under the targeted customer, described distribution policy is: described source user is sent to the keeper of entity under the targeted customer with described targeted customer's access rights and visit limited information, is sent to all targeted customers by described keeper;
If the safe class of entity is lower under the targeted customer, described distribution policy is: described source user is sent to all targeted customers with described targeted customer's access rights and visit limited information.
6. method according to claim 1 is characterized in that, if targeted customer and described source user do not belong to same company, then described management center server determines that according to described external delegated strategy table described source user externally sends the delegated strategy of information.
7. method according to claim 6, it is characterized in that described external delegated strategy table comprises the corresponding relation of the term of validity of source user rank, the affiliated entity type of targeted customer, delegated strategy, visit limited information level of confidentiality, access rights and visit limited information.
8. method according to claim 1 is characterized in that, described algorithmic controller is stored the described cryptographic algorithm table of comparisons, and wherein, the described cryptographic algorithm table of comparisons comprises visits the corresponding relation that limited information level of confidentiality, cryptographic algorithm and preset algorithm are chosen strategy.
9. according to claim 1 or 8 described methods, it is characterized in that described preset algorithm is chosen strategy and comprised: order is chosen, picked at random, is chosen by half.
10. the treatment system of an information security, it is characterized in that, comprise source user, the targeted customer, management center server, communication server, controller, algorithmic controller and timeslice distributor, described management center server connects described source user respectively, described targeted customer, described timeslice distributor, described controller and described algorithmic controller, described communication server connects described source user and described targeted customer, described controller connects described source user and described management center server, described algorithmic controller connects described source user and described targeted customer
Wherein, described source user is created the visit limited information, and sends the cryptographic algorithm request to described algorithmic controller, and wherein, visit limited information level of confidentiality is carried in described encryption request,
Described algorithmic controller receives described encryption request, and according to the cryptographic algorithm table of comparisons, chooses strategy according to preset algorithm, determines the cryptographic algorithm of described visit limited information, and described cryptographic algorithm is sent to described source user,
Described source user is encrypted described visit limited information according to described cryptographic algorithm, and sends call request to described management center server, wherein, carries the affiliated entity type information of visit limited information level of confidentiality and targeted customer in the call request,
After described management center server obtains described targeted customer's access rights, described source user is bound described targeted customer's access rights and is visited limited information and send the distribution policy request to described controller, wherein, carry source user, the affiliated entity type information of targeted customer in the described distribution policy request
Described controller wherein, carries distribution policy in the described distribution policy response to the response of described source user feedback distribution policy,
Described source user is sent to described targeted customer according to described distribution policy with described targeted customer's access rights and the visit limited information of binding,
After described targeted customer authenticated by described management center server, described management center server notified described algorithmic controller that the deciphering rule of the cryptographic algorithm correspondence of described visit limited information is sent to described targeted customer,
Described targeted customer handles described information according to the described deciphering rule that receives,
The accident rate that externally transmission information of the described source user of described controller cycle statistics causes, and adjust the term of validity that strategy is adjusted the visit limited information in the external delegated strategy table in the described management center server according to accident rate and the term of validity,
Described timeslice distributor is monitored the cpu busy percentage of described management center server, if the cpu busy percentage of described management center server reaches preset value, described timeslice distributor carries out poll according to the timeslice of the described management center server of source user level allocation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101562054A CN103281304A (en) | 2013-04-28 | 2013-04-28 | Information safety processing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2013101562054A CN103281304A (en) | 2013-04-28 | 2013-04-28 | Information safety processing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN103281304A true CN103281304A (en) | 2013-09-04 |
Family
ID=49063751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2013101562054A Pending CN103281304A (en) | 2013-04-28 | 2013-04-28 | Information safety processing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103281304A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014176899A1 (en) * | 2013-04-28 | 2014-11-06 | 苏州亿倍信息技术有限公司 | Information security management method and system |
| CN114398623A (en) * | 2021-11-04 | 2022-04-26 | 华能信息技术有限公司 | A Determining Method of Security Policy |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060190995A1 (en) * | 1999-09-29 | 2006-08-24 | Fuji Xerox Co., Ltd. | Access privilege transferring method |
| CN101320414A (en) * | 2007-06-05 | 2008-12-10 | 精品科技股份有限公司 | Electronic file information safety control and management system and method thereof |
| CN102065430A (en) * | 2010-12-28 | 2011-05-18 | 上海华御信息技术有限公司 | Method for realizing safe access of terminal of internet of thing |
| CN102087690A (en) * | 2009-12-02 | 2011-06-08 | 富士施乐株式会社 | Document management system and document management method |
-
2013
- 2013-04-28 CN CN2013101562054A patent/CN103281304A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060190995A1 (en) * | 1999-09-29 | 2006-08-24 | Fuji Xerox Co., Ltd. | Access privilege transferring method |
| CN101320414A (en) * | 2007-06-05 | 2008-12-10 | 精品科技股份有限公司 | Electronic file information safety control and management system and method thereof |
| CN102087690A (en) * | 2009-12-02 | 2011-06-08 | 富士施乐株式会社 | Document management system and document management method |
| CN102065430A (en) * | 2010-12-28 | 2011-05-18 | 上海华御信息技术有限公司 | Method for realizing safe access of terminal of internet of thing |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014176899A1 (en) * | 2013-04-28 | 2014-11-06 | 苏州亿倍信息技术有限公司 | Information security management method and system |
| CN114398623A (en) * | 2021-11-04 | 2022-04-26 | 华能信息技术有限公司 | A Determining Method of Security Policy |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11397829B2 (en) | Method for handling privacy data | |
| US11509462B2 (en) | Secure data distribution protocol using blockchains | |
| CN112069092B (en) | Method for realizing data access and device for realizing data access by requester | |
| TWI749444B (en) | Reliable user service system and method | |
| CN112152778B (en) | Node management method and device and electronic equipment | |
| DE10393847B4 (en) | Method and apparatus for finding shared confidential information without affecting non-shared confidential information | |
| CN114143108B (en) | Session encryption method, device, equipment and storage medium | |
| CN109413648B (en) | Access control method, terminal, smart card, background server and storage medium | |
| CN118194356B (en) | A data encryption system for operation and maintenance knowledge base | |
| CN117527378A (en) | Data encryption transmission method and system based on user attribute and dynamic strategy | |
| CN102546580A (en) | Method, system and device for updating user password | |
| CN108055356A (en) | A kind of information processing method, server, client and readable storage medium storing program for executing | |
| US8817988B1 (en) | Variable epoch scheduler for proactive cryptography systems | |
| CN103281302A (en) | Management method and management system for realizing information security | |
| CN103281304A (en) | Information safety processing method and system | |
| US8799983B2 (en) | Insight distribution | |
| CN103269268A (en) | Method and system for managing information safety | |
| CN106992978A (en) | Network safety managing method and server | |
| Shen et al. | An authorized identity authentication-based data access control scheme in cloud | |
| CN103051621A (en) | Method and system for authenticating and processing network conference | |
| KR20180005095A (en) | Apparatus and method for sharing information | |
| AU2012210978B2 (en) | Controlled security domains | |
| CN103186724B (en) | The dissemination method of digital content and device, terminal | |
| CN112153072B (en) | Computer network information safety control device | |
| Hieb et al. | Using bloom filters to ensure access control and authentication requirements for scada field devices |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20130904 |