CN116090000A - File security management method, system, device, medium and program product - Google Patents

Abstract

The present disclosure provides a file security management method, system, device, storage medium and program product, which can be applied to the technical field of information security. The method comprises the following steps: responding to a file access request of a user, authenticating the identity of the user based on an SM9 private key, wherein the SM9 private key is generated based on a user identifier and is contained in the file access request; after the user identity authentication is passed, matching the subject attribute of the user, the object attribute of the file and the working environment information of the user based on a preset authority judging rule to obtain the file access authority of the user; when a user has the right to access a file, a CPK public key of the user is obtained based on the user identification, a CPK private key of the user is calculated based on the CPK public key, and the CPK public key and the user identification are correspondingly pre-stored in a management system; and decrypting the SM4 symmetric encryption key of the file based on the CKP private key, so that the user accesses the file based on the SM4 symmetric encryption key.

Description

File security management method, system, device, medium and program product

Technical Field

The present disclosure relates to the field of information security, and in particular, to a file security management method, system, device, medium, and program product.

Background

With the rapid development of computer technology, data security is increasingly emphasized. Common security protection measures for electronic files are to use data anti-leakage products, and leakage of files is prevented mainly by filtering transmission data at network boundaries and encrypting offline electronic files. However, if a backup of the electronic file, or an encryption key thereof, can be obtained, all rights to the electronic file can be obtained. Related products are difficult to meet the requirement of classifying, grading and managing the offline electronic files.

Common data encryption type data anti-leakage products can provide security protection for offline electronic files, but are difficult to provide finer rights management, and all management rights of the files can be obtained as long as decryption keys of the files can be obtained. Classification and hierarchical security management functions cannot be provided. For example, microsoft corporation's RMS belongs to a rights control class data leak-proof product, but the product needs to be used with microsoft's AD and Office, cannot be used in different AD domains, non-windows environments, and cannot provide protection for non-Office offline electronic files. For another example, the Jinshan corporation also provides WPS products with permission control data leakage prevention, which do not consider security factors such as working environment and the like when judging the user permission, and do not have auditing capability for file operation. Therefore, a tool and a method are needed to be designed, and through continuously performing authority control on the electronic file in an offline state, the situation that data leakage is caused by uncontrolled random modification and diffusion only by obtaining a backup of the file is avoided; and based on the classification, classification and hierarchical security management of the data are realized.

Disclosure of Invention

In view of the foregoing, the present disclosure provides a file security management method, system, device, medium, and program product that improve data security.

According to a first aspect of the present disclosure, there is provided a file security management method, including: responding to a file access request of a user, and authenticating the identity of the user based on an SM9 private key, wherein the SM9 private key is generated based on a user identifier and is contained in the file access request; when the user identity authentication passes, matching the subject attribute of the user, the object attribute of the file and the working environment information of the user based on a preset authority judging rule to obtain the file access authority of the user; when a user has the right to access a file, acquiring a CPK public key of the user based on a user identifier, and calculating a CPK private key, wherein the CPK public key and the user identifier are correspondingly pre-stored in a management system; and decrypting the SM4 symmetric encryption key of the file based on the CKP private key, so that a user accesses the file based on the SM4 symmetric encryption key.

According to an embodiment of the present disclosure, the obtaining the file access right of the user based on the preset right determination rule matching the subject attribute of the user, the object attribute of the file in the file access request, and the working environment information of the user includes: when the user identity authentication is passed, pre-stored user subject attributes and object attributes of files included in the file access request are obtained, and the working environment information of the current user is captured; based on a preset authority judging rule, judging whether the subject attribute is matched with the authorization requirement of the object attribute, and judging whether a user has the right to access the file in the current working environment; and granting the user access to the file when the user is within the access authority range of the file and has rights in the current working environment.

According to an embodiment of the present disclosure, when a user creates a file, the method includes: adding a file tag to the file, wherein the file tag comprises a tag head and a tag body, the tag head comprises object properties of the file, and the tag body is used for recording the operation of the file; generating the file tag and the digital signature of the file based on the SM9 private key of the user.

According to an embodiment of the present disclosure, when a user has access to a file, before calculating the CKP private key, the method further comprises: decrypting the digital signature of the file tag based on the SM9 private key of the user to obtain the object attribute of the file; comparing object attributes in the file access request with object attributes obtained through decryption; and when the object attribute in the file access request is consistent with the object attribute content obtained by decryption, calculating a CPK private key.

According to an embodiment of the disclosure, before decrypting the digital signature of the file based on the SM9 private key of the user and obtaining the object attribute of the file, the method further includes: generating a random number, and encrypting the random number by using an SM9 private key in the file access request; and decrypting and verifying the random number based on pre-stored user identity information to confirm the user identity.

According to an embodiment of the present disclosure, after confirming the user identity and comparing the object properties, before calculating the CKP private key, the method further comprises: judging whether the user identification of the user belongs to an encryption mark and an authorization list in the object attribute; and calculating the CKP private key when the user identification of the user belongs to the encryption mark and the authorization list in the object attribute.

According to an embodiment of the present disclosure, the method further comprises: encrypting the file based on an SM4 symmetric encryption key, wherein the object attribute comprises a CPK public key corresponding to an encryption mark, and encrypting the SM4 symmetric encryption key; the CPK public key is the CPK public key of the user or the CPK public keys of other users provided by the user based on the public key matrix.

According to an embodiment of the present disclosure, the method further comprises: updating a tag body of a file in response to a user operation on the file, the operation including modification of the file and the object properties; and when the modification is stored, re-encrypting the file by using the SM4 symmetric key, carrying out digital signature of the file and the updated file tag by using the SM9 private key of the user, and encrypting the SM4 symmetric key by using the CPK public key corresponding to the encryption mark included by the object attribute.

According to an embodiment of the present disclosure, in a process of accessing a file by a user, the method includes: the method comprises the steps of responding to the operation of a user on a file, re-reading the subject attribute, the object attribute and the working environment information, and judging whether the user has the authority to execute the operation or not based on a preset authority judging rule; executing the operation when the user has the authority to execute the operation; and terminating the operation when the user does not have the authority to execute the operation.

A second aspect of the present disclosure provides a file security management system, comprising: the terminal file management software module is used for responding to a file access request of a user and authenticating the identity of the user based on an SM9 private key, wherein the SM9 private key is generated based on a user identifier; the user management and policy center module is used for identifying the file access rights of the user based on the fact that the preset right judging rule is matched with the subject attribute of the user, the object attribute of the file and the working environment information of the user after the user identity authentication is passed; the CPK combined public key management center module is used for acquiring a CPK public key of a user and calculating a CPK private key when the user has the right to access the file, wherein the CPK public key and the user identification are correspondingly pre-stored in the management system; and the terminal file management software module is also used for decrypting the SM4 symmetric encryption key of the file based on the CKP private key, so that a user accesses the file based on the SM4 symmetric encryption key.

A third aspect of the present disclosure provides an electronic device, comprising: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the file security management method described above.

A fourth aspect of the present disclosure also provides a computer-readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described file security management method.

A fifth aspect of the present disclosure also provides a computer program product comprising a computer program which, when executed by a processor, implements the above-described file security management method.

Drawings

The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:

FIG. 1 schematically illustrates an application scenario diagram of a file security management method, apparatus, device, medium and program product according to an embodiment of the present disclosure;

FIG. 2 schematically illustrates a flow chart of a method of file security management according to an embodiment of the present disclosure;

FIG. 3 schematically illustrates a schematic diagram of a file security management system according to an embodiment of the present disclosure;

FIG. 4 schematically illustrates a schematic diagram of a user rights decision according to an embodiment of the disclosure;

FIG. 5 schematically illustrates a first decryption response mode schematic according to an embodiment of the disclosure;

FIG. 6 schematically illustrates a second decryption response mode schematic according to an embodiment of the disclosure;

FIG. 7 schematically illustrates a third decryption response mode schematic according to an embodiment of the disclosure;

FIG. 8 schematically illustrates a block diagram of a file security management system according to an embodiment of the present disclosure; and

fig. 9 schematically illustrates a block diagram of an electronic device adapted to implement a file security management method according to an embodiment of the disclosure.

Detailed Description

Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.

The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.

All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.

Where expressions like at least one of "A, B and C, etc. are used, the expressions should generally be interpreted in accordance with the meaning as commonly understood by those skilled in the art (e.g.," a system having at least one of A, B and C "shall include, but not be limited to, a system having a alone, B alone, C alone, a and B together, a and C together, B and C together, and/or A, B, C together, etc.).

It should be noted that, the file security management method and system provided by the present disclosure may be used in the application of the financial field in the information security field, and may also be used in any field other than the financial field, and the application field of the file security management method and system of the present disclosure is not limited.

In the technical scheme of the disclosure, the related processes of collecting, storing, using, processing, transmitting, providing, disclosing, applying and the like of the personal information of the user all conform to the regulations of related laws and regulations, necessary security measures are adopted, and the public order harmony is not violated.

In the technical scheme of the disclosure, the authorization or consent of the user is obtained before the personal information of the user is obtained or acquired.

Explanation will be given below on the explanation of the technical terms related to the embodiments of the present disclosure.

The UCON Usage control model was the first proposed Usage control (UCON, usagcontro 1) concept by Sandhu in 2002. UCON expands traditional access control, defines three decisive factors of Authorization (Authorization), obligation (organization) and Condition (Condition), and simultaneously provides continuity (continuity) and variability (variability) properties of access control, and before and during the access of a subject to an object, the subject is continuously detected whether corresponding rights exist or not by periodic polling or triggering of specific actions so as to determine whether the access is allowed or not. Compared with the traditional access control model, UCON is more superior in terms of flexibility and authorization policy security, and is a novel access control model, which is also called as a next generation access control model.

UCON mainly includes the following six concepts: a subject and a subject attribute, the subject being an active entity that can possess some kind of usage rights to the subject. The user can be an organization (user group) where the user is located, the user, the device terminal, a service program, a process or thread, and the like; the principal attributes identify the characteristics of the principal capabilities and are important parameters in the rights decision process. Common body attributes are: user name (unique identity of the principal), user group, role, security level, etc.; the object and the object attribute are used for receiving the passive entity accessed by the host according to the rule of the authority set. The object can be information, files, records and the like, and also can be hardware equipment and a communication terminal, wherein the object attribute identifies important information of the object and comprises a security tag, a belonging relation, a category, an anti-questioning control list and the like of the object; rights, which is a set of actions that a subject can access to a subject, define the subject's behavior of actions on the subject and the subject's conditional constraints on the subject. The rights can be classified into various types, and the operation rights of the file can be defined more specifically besides the traditional rights of reading, modifying, storing and deleting, such as: printing, re-authorization, modification of security, opening times, use duration, setting of operation conditions, etc.; an authorization rule A (authorization), which is a rule set that must be satisfied to allow a subject to use a specific authority of a subject, is a determining factor that determines whether the subject can access the subject; obligation B (obscuration), an operation that a subject must complete before or during access to an object. The services that the subject should fulfill are not statically set in advance by the administrator, but are dynamically determined according to the properties of the subject and object. Performance of obligations may change the variable properties of the subject and affect present or future decisions; condition C (condition), which is a mandatory constraint of the system or execution environment that must be satisfied before the subject obtains or exercises access rights to the object. If the user has to use a specific terminal device, the file or the like can only be read or edited within a prescribed period of time.

The SM9 algorithm is an IBC identification cryptographic algorithm IBE (Identity Based Encryption) issued by the national institutes of cryptography, as with conventional public key cryptography, each user has an associated pair of public and private keys. The user's identity such as name, IP address, email address, mobile phone number, etc. can be used as public key to mathematically generate the corresponding private key. The user identifier is the public key of the user, no additional generation and storage are needed, the user identifier is only published in a public way, and the private key is stored in a secret way by the user. In the identification password system, authentication between users does not depend on third party authentication any more, and authentication flow and system maintenance cost are greatly simplified.

CPK (combined public key) combined public key system is proposed by the Nanxiang Hao professor in China in 2003, and the user public key can be searched locally at one time by using the password technology based on the identity, so that the simplicity of verification and the effectiveness of management are met, the security is based on the difficulty of discrete logarithm, the reliability is high, the third party is not required to prove, the support of an online database is not required, and a large number of keys can be managed only by few parameters.

In the CPK system, the key production, distribution and use flow is as follows: constructing a key matrix, firstly producing a certain number of ECC public-private key pairs, and then constructing two key matrixes (a private key matrix and a public key matrix) with the same dimension by using the key pairs as key factors, wherein the private keys and the public keys at the same position in the private key matrix and the public key matrix correspond to one another; key generation in CPK-based key systems, key generation is performed based on entity identification, and keys for each entity are generated based on a key matrix. When an entity key is required to be generated, calculating the entity identifier through a specific mapping algorithm (a hash algorithm can be adopted), then performing replacement operation on the calculation result, and selecting a plurality of keys at different positions in a key matrix according to the replacement result to combine (add) so as to obtain the key corresponding to the entity identifier; in an actual key management system, for safety reasons, a key matrix is usually generated offline, when a key is applied, an entity identifier is submitted to the key management system, the key management system calculates a private key of an entity according to the entity identifier, and then distributes the private key of the entity and the public key matrix with the same network to the entity, and each entity only stores the private key and the public key matrix with the same network; when one entity needs to communicate with other entities, the public key of the other party is calculated in a local public key matrix according to the entity identification of the other party, and the public key can be used for subsequent operation.

The file label is an explanatory mark for the file, and classification hierarchical management of the file is realized by adding an inseparable file label to the electronic part and prescribing the sensitivity level of the file in the label.

The embodiment of the disclosure provides a file security management method, which is based on a UCON usage control model, fully utilizes the flexibility of the UCON model in the aspect of authorization management, combines the advantages of CPK combined public key technology in a large amount of public and private key pair generation, and designs a file security management system based on labels. The system realizes the authority management of the offline electronic file by the terminal file management software deployed on the user terminal.

Fig. 1 schematically illustrates an application scenario diagram of a file security management method and system according to an embodiment of the present disclosure.

As shown in fig. 1, the application scenario 100 according to this embodiment may include a data security protection item in the financial field. The network 104 is used as a medium to provide communication links between the terminal devices 101, 102, 103 and the server 105. The network 104 may include various connection types, such as wired, wireless communication links, or fiber optic cables, among others.

The user may interact with the server 105 via the network 104 using the terminal devices 101, 102, 103 to receive or send messages or the like. Various communication client applications, such as shopping class applications, web browser applications, search class applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only) may be installed on the terminal devices 101, 102, 103.

The terminal devices 101, 102, 103 may be a variety of electronic devices having a display screen and supporting web browsing, including but not limited to smartphones, tablets, laptop and desktop computers, and the like.

The server 105 may be a server providing various services, such as a background management server (by way of example only) providing support for websites browsed by users using the terminal devices 101, 102, 103. The background management server may analyze and process the received data such as the user request, and feed back the processing result (e.g., the web page, information, or data obtained or generated according to the user request) to the terminal device.

It should be noted that the file security management method provided by the embodiments of the present disclosure may be generally performed by the server 105. Accordingly, the file security management system provided by the embodiments of the present disclosure may be generally provided in the server 105. The file security management method provided by the embodiments of the present disclosure may also be performed by a server or a server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105. Accordingly, the file security management system provided by the embodiments of the present disclosure may also be provided in a server or server cluster that is different from the server 105 and is capable of communicating with the terminal devices 101, 102, 103 and/or the server 105.

It should be understood that the number of terminal devices, networks and servers in fig. 1 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.

The file security management method of the disclosed embodiment will be described in detail below with reference to fig. 2 to 7 based on the scenario described in fig. 1.

Fig. 2 schematically illustrates a flow chart of a file security management method according to an embodiment of the present disclosure.

As shown in fig. 2, the file security management method of this embodiment includes operations S210 to S240, and the file security management method may be sequentially performed. Referring to fig. 3, objects performing the steps of operations S210 to S240 are modularized, forming a file security management system.

In operation S210, in response to a file access request of a user, authenticating an identity of the user based on an SM9 private key, the SM9 private key being generated based on a user identification, and being included in the file access request.

In this embodiment, the SM9 public key of the user may be pre-stored in the SM9 key management center for matching with the SM9 private key to verify the user identity.

After the user identity authentication is passed, the user 'S file access rights are identified based on the preset rights judgment rule matching with the user' S subject attribute, which may include a user name, a user group, a role, and a security level, the object attribute may include an encryption identifier, a security identifier, an authorization manifest, a category identifier, author information, version information, operation time, and an encryption algorithm, and the work environment information may include a device, operation time, and operation place.

When the user identity authentication passes, an authorization rule can be obtained to judge whether the user has the authority to access the file. Specifically, operations S221 to S223 are included.

In operation S221, pre-stored user subject attributes and object attributes of the file included in the file access request are acquired, and working environment information of the current user is captured.

In operation S222, it is determined whether the subject property matches the authorization requirement of the object property based on a preset authority determination rule, and it is determined whether the user has authority to access the file in the current work environment.

In operation S223, when the user is within the access authority range of the file and is authorized to access the file in the current work environment, the user is granted access to the file.

In this embodiment, the object attribute of the file requested to be accessed by the user is obtained from the file access request of the user, where the object attribute at least includes contents such as an encrypted identifier of the file, an authorized list, and the like, the encrypted identifier may be an identifier of the user itself or an identifier of an authorized user (group), and has a corresponding relationship with the CPK public key, a CPK private key for decrypting the SM4 symmetric key may be calculated based on the CPK public key, and the authorized list may be used to confirm whether the user is in the range of access authorization. By combining the subject attribute of the user and the object attribute, whether the user can access the file or not can be preliminarily judged. Further, in this embodiment, the working environment information is also used as a condition of whether the current user has access to the file, where the working environment information may include a time, a device, an offline state, and the like, for example, the user is not allowed to access the file at a time outside the preset time period, and for example, the user is not allowed to access the file on some unauthorized device, or if the device is offline, the user is not allowed to access the file. By combining the conditions, the access rights of the users can be divided in fine granularity based on the preset authorization rule, and the control capability of the management system on file questioning can be improved.

In operation S230, when the user has access to the file, the CPK public key of the user is obtained based on the user identifier, and the CPK private key of the user is calculated based on the CPK public key, where the CPK public key is pre-stored in the management system corresponding to the user identifier.

In operation S240, the SM4 symmetric encryption key of the file is decrypted based on the CKP private key, so that the user accesses the file based on the SM4 symmetric encryption key.

In the method, the encryption key of the offline electronic file is encrypted and stored, the encryption key is encrypted by the CPK public key, the system calculates the CPK private key to decrypt the encryption key of the file only when the user obtains authorization, and the CPK private key is not stored by the user, so that the user is prevented from obtaining all management rights of the file after obtaining the file encryption key, and the system loses control over the file. The method is based on a UCON access control model, and can divide the authority of a subject to an object in a fine granularity by formulating an authorization rule, and can also utilize concepts such as 'obligation' and 'condition', and the like to bring external factors (such as time, place, and the like) influencing safety such as working environment into the condition of authorization judgment, thereby providing a basis for supporting the authority management under complex conditions.

Fig. 3 schematically illustrates a schematic diagram of a file security management system according to an embodiment of the present disclosure.

As shown in fig. 3, which schematically illustrates a system module performing the respective operation steps shown in fig. 2, in the following description, a file management method provided by an embodiment of the present disclosure will be described in detail with reference to the system module.

In this embodiment, the SM9 key management center may obtain the latest authoritative user identifier (e.g., user EMAIL address or phone number) from the user management and policy center; the SM9 private key of the user is generated and distributed to the user in a secure manner (e.g., ukey). As a main body for operating an offline electronic file, before a user obtains the file through terminal file management software, the user needs to prove the identity of the user through an SM9 private key.

Alternatively, the unique identification of the user may employ the user's mailbox address or cell phone number.

In this embodiment, the file management method is designed based on a UCON usage control model, and referring to fig. 3, the terminal file management software controls the core of the user for performing authorization management on the offline electronic file, and the core performs functions of user authentication, operation authorization, calling editing tools (such as word, execl, powerPoint, wps, tablet, etc.) corresponding to the file format to perform operations on the file, and the like. The terminal file management software specifically bears functions including user authentication and operation authorization.

Specifically, referring to fig. 3, the rights management process for the user may include: authentication of the user identity is achieved by identifying the SM9 private key of the user; obtaining the main body attribute information and authorization rules (the management rules of the mechanism for file access) of the user by accessing the user management and policy center; obtaining object attribute information of a file by accessing a file tag of an offline electronic file; accessing local information of a terminal machine, and collecting current working environment information; based on authorization rules established by the mechanism, judging whether the user subject has the reading authority for the offline electronic file or not according to the user subject attribute, the object attribute of the file and the current working environment of the user.

In this embodiment, the user management and policy center is the core of the management system, and all user identities, user body attributes and authorization rules (file security management rules) need to be maintained. The user's principal attributes are compatible with the organization and management mode of the organization, and the following may be taken as examples of the user principal attributes: employee number, name, mailbox, cell phone number, department, administrative level, responsible business scope, responsibilities, business security level (security forbidden, common business security level, core business security level), etc.

The security policies of the user management and policy center may include: the authorization rule (file security management rule) of the file is designed and formulated according to the daily management requirement of the unit based on the main body attribute of the user, and the basic rule of classification and grading management of the offline electronic file is defined.

Defining authorization rules for specific categories of electronic files, the authorization rules may include: for files with the secret class of 'open', people in different departments can read and use the files; all files conforming to the self security level or lower security level can be read and modified by personnel with high security level; the creator of the file may specify the security class of the file; files related to business density only allow files to be opened and modified at office time and office place; when the security class and the security period of the file are modified, the common personnel can only adjust the security class up, and the security period is prolonged. Reducing the security level, reducing the security deadline, or decrypting the document needs to be in charge of the professional.

In this embodiment, the user does not need to store the public key and the private key of the CPK, and the public key and the private key are uniformly managed by the CPK combined public key management center. When the user needs, the CPK public key can be produced by calculation through terminal management software based on CPK combined public key matrix and user identification, and is used for encrypting the encryption key of the file; the CPK private key is used for decrypting the encryption key of the file, and on the basis that the user is finally determined to have reading authority on the file, the terminal management software accesses the CPK combined public key management center to obtain the decrypted file encryption key, decrypts the file and calls a corresponding file editing tool for the user to read; the CPK combined public key management center is temporarily distributed to the users only when the users log in.

The main functions of the CPK combined public key management center include: firstly, related parameters of a key factor matrix and an elliptic curve are generated, secret parameters such as a private key matrix, a mapping algorithm key, a substitution table and the like are well stored, and external leakage is forbidden; secondly, public key matrixes are disclosed outwards, downloading service is provided, users can use the public key matrixes, public keys of all users are derived based on user identifications, and authentication of all public keys is performed; thirdly, the latest authoritative user identification (such as user EMAIL address or mobile phone number) is obtained from the user management and strategy center, the corresponding user CPK private key is generated by utilizing the mapping value generated by the user identification, the private key matrix and related secret parameters, and is distributed to the user temporarily in a safe mode, the encryption key of the file is decrypted, and the decrypted file encryption key is returned to the terminal management software.

When the user has the right to operate the file, but the user cannot decrypt the encryption key of the file by using the CPK private key, for example, when the user is not the creator of the file and the encryption key of the file is encrypted by using the CPK public key of the creator, the CPK combined public key management center needs to be entrusted to decrypt the file. In this case, the CPK combined public key management center receives the file encryption key encrypted by the CPK public key (the identifier for producing the CPK public key may be a plurality of user identifiers or a user group identifier at this time) uploaded by the terminal management software, and according to a preset requirement, queries the authorization rule, the subject attribute of the user, the object attribute of the file and the working environment information of the user, determines whether the user has authority to decrypt the related file, if the user has authority to decrypt the related file, calculates the private key corresponding to the CPK public key, decrypts the encryption key of the file, and returns the decrypted file encryption key to the terminal management software.

In this embodiment, the offline electronic file refers to a file managed by the system, and is mainly composed of a file tag, an electronic file and a digital signature, and if the electronic file is encrypted, the electronic file should also include an encrypted file encryption key.

Offline electronic file structure example:

table 1 offline electronic file structure

The file label comprises a label head and a label body. The main content of the tag header is the security identification, category identification, author information, version information, encryption algorithm and the like of the file, and is the main basis for classifying and grading the file. The tag body is the operation record of the file.

After the user finishes the operation on the file each time, the SM3 algorithm is used for hashing the file label and the electronic file, the SM9 private key of the user is used for encrypting the hash value, and the digital signature of the file label and the file is generated and attached to the file.

The SM4 symmetric encryption key is used for file encryption, and the encryption of the SM4 symmetric key can use the CPK public key of the user, or can use the CPK public key of the file authorization object (the CPK public key of the authorization object can be derived by using the CPK combination public key matrix based on the identification of the authorization object).

Table 2 authorization list format

Authorizers	Authorization object	Authorization rights	Authorization deadlines
				Providing authorized subscriber identity	User identification of authorized objects	Read/write/print/re-authorization	Start-stop time/duration

When a user creates a file through terminal file management software, the sensitivity level of the file is first specified in a file tag.

Optionally, the user may set the security class as public in the tag header, where the contents of the cryptoperiod, authorization list, encryption identification, encryption algorithm, and tag body are "empty"; the affiliated departments and business types are filled in by users, otherwise, terminal file management software automatically fills in according to the user main body attributes obtained from the user management and policy center; other tag information is automatically generated by terminal file management software; and finally, attaching a self SM9 private key to carry out digital signature on the file label and the file. The security file has low sensitivity and security.

Optionally, the user may set the security level as sensitive in the tag header, the contents of the security term, the encryption identifier and the encryption algorithm in the tag header are "null", and the authorization list is filled with the authorization object for the file; the department and the business type are filled in by the user, otherwise, the terminal file management software automatically fills in according to the user information obtained from the user management and strategy center; other tag information is automatically generated by terminal file management software; recording file creation information in a tag body; and finally, attaching a self SM9 private key to carry out digital signature on the file label and the file. The file with the security level has a certain authorization range, and the sensitivity and the security are relatively improved.

Optionally, the user may set the security class as a trade secret in the tag header, fill in the security term, the department and the business type in the tag header at the same time, and fill in the authorization object for the document in the authorization list; the encryption identification and encryption algorithm is automatically filled in by the terminal file management software according to the user information obtained from the user management and policy center; other tag information is automatically generated by terminal file management software, wherein the signature identifier is a user identifier, and the encryption identifier can be the identifier of the user or the identifier of an authorized user (group) (such as a user mailbox address, a user group mailbox address or a group mailbox address); recording file creation information in a tag body; carrying out digital signature on the file label and the file by using an SM9 private key of the file label; the file is encrypted using a randomly generated SM4 symmetric key and the tag header of the file tag are encrypted using the CPK public key corresponding to the encrypted identification (see table 1). The file security management method of the embodiment of the disclosure can be applied to the file security management method of the security level, a user does not need to store a CPK private key, decision factors of authorization judgment are enriched based on the tag header, and the authority of a subject to an object can be finely divided by formulating an authorization rule, so that the security protection performance of the file is improved.

Fig. 4 schematically illustrates a schematic diagram of a user rights decision according to an embodiment of the present disclosure.

In the present embodiment, as shown in fig. 4, based on a usage control model (UCON), a decision is made on the user's file operation authority according to the acquired user subject attribute, file object attribute, authorization rule (file security management policy), and work environment information (e.g., whether it is at work time, in a trusted network environment, etc.). The terminal file management software is used as a decision point to preliminarily judge the authority of the user to operate the file, and if the user does not have the operation authority of the file, the operation is terminated. Otherwise, the preliminarily determined user authority (such as reading, modifying, printing, changing the security level or re-authorizing and the like) is carried into the next operation, and finally the classified and hierarchical management requirements on the files are met.

In this embodiment, the user responsibility is defined as the SM4 encryption symmetric key that the user can obtain the decryption, and only when the encrypted file is opened, the user authority needs to be reconfirmed. If the user cannot obtain the decrypted SM4 encryption symmetric key, the user cannot open the encrypted file.

Based on the above file management method, when the user creates a file, the method further includes S250 to S260.

In operation S250, a file tag is added to a file, the file tag including a tag header including object properties of the file and a tag body for recording operations of the file.

In operation S260, a digital signature of the file tag and the file is generated based on the SM9 private key of the user, and the file is encrypted based on the SM4 symmetric encryption key, and the CPK public key corresponding to the encryption flag included in the object attribute encrypts the SM4 symmetric encryption key.

When encrypting the SM4 symmetric key of the file, the user may encrypt the SM4 symmetric key using the CPK combined public key of the user itself, or encrypt the SM4 symmetric key using the CPK combined public key corresponding to the authorized object identifier.

When the user needs to reserve the absolute management right of the user to the file, the SM4 symmetric key can be directly encrypted by using the CPK combined public key. Thus, the user can open and manage own files at any time under the offline condition.

When a user provides a file to a user with a high security level and does not retain control over the file, the SM4 symmetric key should be encrypted using the CPK combined public key derived from the authorization object identification.

When the authorized object is a specific user, the user can use the CPK combined private key of the user to open the file after receiving the encrypted file, and the file can be managed conveniently.

When the authorized object is a plurality of users, a group of users or a user with a certain special type, the related user needs to apply for decryption to the CPK combined public key management center, and the CPK combined public key management center uses the authorized object identification to derive a corresponding CPK combined private key to decrypt the encrypted SM4 symmetric key and feeds back the key to the related user.

When a user requests access to a file, at least the following 7 steps are included before opening the file.

The first step, the terminal file management software uses the user identification (such as mailbox address and mobile phone number) claimed by the user to finish the authentication of the user identity by authenticating the SM9 private key held by the user.

And secondly, the terminal file management software reads file tags of the offline electronic file to acquire object attribute information (such as sensitivity level, confidentiality limit, author, affiliated department, service type, authorization list, encryption identifier, signature algorithm and the like) of the offline file.

And thirdly, accessing a user management and policy center by the terminal file management software, and inquiring the main body attribute information (such as a belonging department, an administrative level, a responsible service range, responsibility, a secret-related level and the like) and the latest authorization rule (file security management policy) of the user from the user management and policy center according to the user identity obtained by authentication.

Fourth, the terminal file management software makes a decision on the file operation authority of the user based on the usage control model (UCON) according to the obtained user subject attribute, file object attribute, authorization rule (file security management policy) and working environment information (such as whether the user is in working time, in trusted network environment, etc.).

And fifthly, the terminal file management software is used as a decision point to preliminarily judge the authority of the user to operate the file, and if the user does not have the operation authority of the file, the operation is terminated. Otherwise, the preliminarily determined user authority (such as reading, modifying, printing, changing the security level or re-authorizing and the like) is carried into the next operation, and finally the classified and hierarchical management requirements on the files are met.

And sixthly, checking the responsibility of the user and reconfirming the authority of the user. In this scheme, the user responsibility is defined as the SM4 encryption symmetric key that the user can obtain the decryption, and only when the encrypted file is opened, the user authority needs to be reconfirmed. If the user cannot obtain the decrypted SM4 encryption symmetric key, the user cannot open the encrypted file.

And seventh, opening the file. When an encrypted business document is opened, the workflow is divided into two types based on whether the CPK key used by the document is the CPK combined public key of the user or the CPL combined public key of other users.

When a user requests to open a file encrypted by using the user's own CPK combined public key, the SM4 symmetric key is directly decrypted by using the own CPK combined private key and the file is decrypted because the encryption identification is consistent with the self identification.

When a user requests to open a file encrypted by using other CPK combined public keys, the terminal file management software increases the auditing process of the user identification, the encryption identification and the authorization identification in the user authority preprocessing process, if the user identification simultaneously belongs to the authorization range displayed by the encryption identification and the authorization identification, the file tag head, the encrypted SM4 symmetric key and the file tag head are sent to the CPK public key management center, and the decryption SM4 symmetric key is applied.

The CPK public key management center can respectively adopt three response modes with different security levels according to the importance degree of the encrypted file and the different requirements of the organization management, and responds to the decryption request of the file encryption key (SM 4 symmetric key) submitted by the terminal file management software.

Fig. 5 schematically illustrates a first decryption response mode schematic according to an embodiment of the disclosure.

As shown in fig. 5, the decryption mode corresponds to S210 to S240, the CPK combined public key management center derives a corresponding CPK combined private key according to the encryption identifier, decrypts the SM4 symmetric key, and feeds back the decrypted SM4 symmetric key to the terminal file management software, so that the user can decrypt the file using the returned SM4 symmetric key.

Fig. 6 schematically illustrates a second decryption response mode schematic according to an embodiment of the disclosure.

As shown in fig. 6, S601 to S603 may also be included before calculating the CKP private key when the user has access to the file.

In operation S601, the digital signature of the file tag is decrypted based on the SM9 private key of the user, and the object attribute of the file is acquired.

In operation S602, the object property in the file access request and the decrypted object property are compared.

In operation S603, when the object property in the file access request and the decrypted object property content are identical, the CPK private key is calculated.

In the decryption response mode, auditing of file tag consistency is increased, whether file object attributes in a user access request are consistent with object attributes in a tag header of a file is verified, and the verification is actually re-verifying the authority and identity of the user, so that the security of file authority management is ensured.

Fig. 7 schematically illustrates a third decryption response mode schematic according to an embodiment of the disclosure.

As shown in fig. 7, on the basis of the decryption response mode shown in fig. 6, the method may further include S701 to S702 before decrypting the digital signature of the file based on the SM9 private key of the user and obtaining the object property of the file.

In operation S701, a random number is generated, and encrypted using the SM9 private key in the file access request.

In operation S702, the authentication random number is decrypted based on the pre-stored user identity information to confirm the user identity.

In the decryption response mode, after receiving a decryption request, the CPK combined public key management center sends an instruction to the terminal file management software, so that a user is required to carry out identity authentication to the CPK combined public key management center, and the user uses an SM9 private key of the user to carry out identity authentication in the CPK combined public key management center. And the CPK combined public key management center confirms that the SM4 symmetric key which requests decryption is consistent with the offline electronic file according to the decrypted file tag header. The decryption response mode has the highest security level compared with the first two decryption response modes.

After confirming the user identity and comparing the object properties, S703 to S704 may be further included before calculating the CKP private key.

In operation S703, it is determined whether the user identification of the user belongs to the encrypted flag and the authorization list in the object attribute.

In operation S704, when the user identification of the user belongs to the encrypted flag and the authorization manifest in the object property, the CKP private key is calculated.

And (3) confirming the identity of the user again based on the encryption mark and the authorization list, and executing the calculation of the CKP private key to ensure the safety of the CKP private key.

After the file is created, the user can modify the file, and the file can be created by the user himself or by others and the user is authorized to modify the authority. When modifying a file, the file management method provided by the embodiment of the present disclosure may further include S270 to S280.

In operation S270, in response to the user' S operation on the file, the tag body of the file is updated, the operation including modification of the attributes of the file and the object.

In operation S280, when the modification is saved, the SM4 symmetric key is used to re-encrypt the file, the SM9 private key of the user is used to perform digital signature of the updated file tag and file, and the CPK public key corresponding to the encryption flag included in the object attribute is used to encrypt the SM4 symmetric key.

In the embodiment of the disclosure, when the user modifies the file which does not relate to the trade secret and stores the file, the terminal file management software allows the content of the modification to be stored, and meanwhile, a log record is added in a label body of a file label and signed by using an SM9 private key of the user. If the user considers that the modification belongs to one-time modification, version information in the tag header can be updated. For the files related to trade secrets, when user modification is completed and the files are saved, the terminal file management software also needs to encrypt the files again, and CPK combined public key corresponding to the original encryption identification of the file label can be used for encrypting SM4 symmetric keys.

In the embodiment of the disclosure, the modification of the file label refers to the modification of sensitive information such as the security level, security period, file authorization list, department to which the file belongs, service type and the like of the file. The user doing this must have the right to re-authorize the file. In operation, the terminal file management software needs to send a change record related to the policy center to the user for auditing at a later time.

When the user stores the modified content, the terminal file management software re-reads the main body attribute information, the authorization rule and the latest information of the current working environment of the user, reconfirms whether the user has the authority to execute the modification, and prevents unauthorized operation caused by temporary authorization rule change, main body attribute change or working environment change.

The file management method provided by the embodiment of the disclosure is based on a UCON usage control model, and allows a manager of a system to change the access authority of a user subject to a file object at any time by adjusting the authorization rule and the subject attribute of the user. The authority of the user to operate the offline electronic file can be managed in real time and in detail according to policy adjustment and external condition change. In order to ensure efficient management of file rights, the file management method may further include S290.

In operation S290, in response to the user' S operation on the file, the subject property, the object property, and the work environment information are re-read, and whether the user has the right to perform the operation is determined based on a preset right determination rule. When the user has the right of executing the operation, executing the operation; when the user does not have the right to perform the operation, the operation is terminated.

The file security management method provided by the embodiment of the disclosure breaks through the limitation that the traditional data anti-leakage product must work in a specific environment, and overcomes the defect that the traditional data anti-leakage product is difficult to provide classified and hierarchical management for offline electronic files. The method introduces the concepts of "obligation" and "condition" by using UCON using control model, and uses the concept as the consideration factor of final authority judgment, thus enriching the mechanism of authority judgment. The method allows real-time fine-granularity authority control on the offline power file, and has strong flexibility. The system can carry out fine-granularity authority management on the offline electronic file in a complex environment. In addition, by using the label body, all operation records of the file are bound with the file, so that strong audit capability is realized. The method adopts a working mode of one-time authentication and multiple times of authorization. The user performs each step of substantial operation (namely, the operation of storing modified content or label content, and the operation of copying, printing and other output file content) on the offline electronic file, and the related authority needs to be re-determined. The document authority management requirements of the mechanism are timely met, and meanwhile, the situation that the file can be freely modified and diffused in an uncontrolled manner only by obtaining the backup of the file is avoided.

Fig. 8 schematically illustrates a block diagram of a file security management system according to an embodiment of the present disclosure.

As shown in fig. 8, the system shown in fig. 3 is modularized, and the file security management system 800 according to this embodiment includes a terminal file management software module 810, a user management and policy center module 820, a CPK combined public key management center module 830, and a terminal file management software module 840.

The terminal file management software module 810 is configured to authenticate the identity of the user based on an SM9 private key in response to a file access request of the user, where the SM9 private key is generated based on the user identification and included in the file access request. In an embodiment, the terminal file management software module 810 may be used to perform the operation S210 described above, which is not described herein.

After the user identity authentication is passed, the user management and policy center module 820 matches the subject attribute of the user, the object attribute of the file and the working environment information of the user based on the preset authority determination rule, so as to obtain the file access authority of the user. In an embodiment, the user management and policy center module 820 may be used to perform the operation S220 described above, which is not described herein.

The CPK combined public key management center module 830 obtains a CPK public key of a user when the user has access to a file, calculates a CPK private key based on the CPK public key, and pre-stores the CPK public key and a user identifier in a management system. In an embodiment, the CPK combined public key management center module 830 may be configured to perform the operation S230 described above, which is not described herein.

The terminal file management software module 840 is further configured to decrypt the SM4 symmetric encryption key of the file based on the CKP private key, so that the user accesses the file based on the SM4 symmetric encryption key. In an embodiment, the terminal file management software module 840 may be used to perform the operation S240 described above, which is not described herein.

Any of the terminal file management software module 810, the user management and policy center module 820, the CPK combined public key management center module 830, and the terminal file management software module 840 may be combined in one module to be implemented, or any of them may be split into a plurality of modules according to an embodiment of the present disclosure. Alternatively, at least some of the functionality of one or more of the modules may be combined with at least some of the functionality of other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the terminal file management software module 810, the user management and policy center module 820, the CPK combined public key management center module 830, and the terminal file management software module 840 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system-on-chip, a system-on-substrate, a system-on-package, an Application Specific Integrated Circuit (ASIC), or as hardware or firmware in any other reasonable manner of integrating or packaging the circuitry, or as any one of or a suitable combination of any of the three. Alternatively, at least one of the terminal file management software module 810, the user management and policy center module 820, the CPK combined public key management center module 830, and the terminal file management software module 840 may be at least partially implemented as a computer program module, which may perform corresponding functions when executed.

Fig. 9 schematically illustrates a block diagram of an electronic device adapted to implement a file management method according to an embodiment of the disclosure.

As shown in fig. 9, an electronic device 900 according to an embodiment of the present disclosure includes a processor 901 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 902 or a program loaded from a storage portion 908 into a Random Access Memory (RAM) 903. The processor 901 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. Processor 901 may also include on-board memory for caching purposes. Processor 901 may include a single processing unit or multiple processing units for performing the different actions of the method flows according to embodiments of the present disclosure.

In the RAM 903, various programs and data necessary for the operation of the electronic device 900 are stored. The processor 901, the ROM 902, and the RAM 903 are connected to each other by a bus 904. The processor 901 performs various operations of the method flow according to the embodiments of the present disclosure by executing programs in the ROM 902 and/or the RAM 903. Note that the program may be stored in one or more memories other than the ROM 902 and the RAM 903. The processor 901 may also perform various operations of the method flow according to embodiments of the present disclosure by executing programs stored in the one or more memories.

According to an embodiment of the disclosure, the electronic device 900 may also include an input/output (I/O) interface 905, the input/output (I/O) interface 905 also being connected to the bus 904. The electronic device 900 may also include one or more of the following components connected to the I/O interface 905: an input section 906 including a keyboard, a mouse, and the like; an output portion 907 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 908 including a hard disk or the like; and a communication section 909 including a network interface card such as a LAN card, a modem, or the like. The communication section 909 performs communication processing via a network such as the internet. The drive 910 is also connected to the I/O interface 905 as needed. A removable medium 911 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is installed as needed on the drive 910 so that a computer program read out therefrom is installed into the storage section 908 as needed.

The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.

According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 902 and/or RAM 903 and/or one or more memories other than ROM 902 and RAM 903 described above.

Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to implement the file management methods provided by embodiments of the present disclosure.

The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted, distributed, and downloaded and installed in the form of a signal on a network medium, via communication portion 909, and/or installed from removable medium 911. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.

In such an embodiment, the computer program may be downloaded and installed from the network via the communication portion 909 and/or installed from the removable medium 911. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 901. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.

According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).

The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be provided in a variety of combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.

The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (13)

1. A method for file security management, comprising:

responding to a file access request of a user, and authenticating the identity of the user based on an SM9 private key, wherein the SM9 private key is generated based on a user identifier and is contained in the file access request;

After the user identity authentication is passed, matching the subject attribute of the user, the object attribute of the file and the working environment information of the user based on a preset authority judging rule to obtain the file access authority of the user;

when a user has the right to access a file, acquiring a CPK public key of the user based on a user identifier, and calculating a CPK private key of the user based on the CPK public key, wherein the CPK public key and the user identifier are correspondingly pre-stored in a management system;

and decrypting the SM4 symmetric encryption key of the file based on the CKP private key, so that a user accesses the file based on the SM4 symmetric encryption key.

2. The method according to claim 1, wherein the matching the subject attribute of the user, the object attribute of the file in the file access request, and the working environment information of the user based on the preset permission determination rule, and obtaining the file access permission of the user includes:

acquiring prestored user subject attributes and object attributes of files included in the file access requests, and grabbing working environment information of the current user;

based on a preset authority judging rule, judging whether the subject attribute is matched with the authorization requirement of the object attribute, and judging whether a user has the right to access the file in the current working environment;

And granting the user access rights when the user is within the access authority range of the file and has rights in the current working environment.

3. The method of claim 1, wherein when a user creates a file, the method comprises:

adding a file tag to the file, wherein the file tag comprises a tag head and a tag body, the tag head comprises object properties of the file, and the tag body is used for recording the operation of the file;

generating the file tag and the digital signature of the file based on the SM9 private key of the user.

4. The method of claim 3, wherein when a user has access to a file, prior to computing the CKP private key, the method further comprises:

decrypting the digital signature of the file tag based on the SM9 private key of the user to obtain the object attribute of the file;

comparing object attributes in the file access request with object attributes obtained through decryption;

and when the object attribute in the file access request is consistent with the object attribute content obtained by decryption, calculating a CPK private key.

5. The method of claim 4, wherein decrypting the digital signature of the file based on the SM9 private key of the user, prior to obtaining the object properties of the file, further comprises:

Generating a random number, and encrypting the random number by using an SM9 private key in the file access request;

and decrypting and verifying the random number based on pre-stored user identity information to confirm the user identity.

6. The method of claim 5, wherein after validating the user identity and comparing the object properties, prior to calculating the CKP private key, the method further comprises:

judging whether the user identification of the user belongs to an encryption mark and an authorization list in the object attribute;

and calculating the CKP private key when the user identification of the user belongs to the encryption mark and the authorization list in the object attribute.

7. A method according to claim 3, characterized in that the method further comprises:

encrypting the file based on an SM4 symmetric encryption key, wherein the object attribute comprises a CPK public key corresponding to an encryption mark, and encrypting the SM4 symmetric encryption key;

the CPK public key is the CPK public key of the user or the CPK public keys of other users provided by the user based on the public key matrix.

8. A method according to claim 3, characterized in that the method further comprises:

updating a tag body of a file in response to a user operation on the file, the operation including modification of the file and the object properties;

And when the modification is stored, re-encrypting the file by using the SM4 symmetric key, carrying out digital signature of the file and the updated file tag by using the SM9 private key of the user, and encrypting the SM4 symmetric key by using the CPK public key corresponding to the encryption mark included by the object attribute.

9. The method of claim 8, wherein during the user accessing the file, the method comprises:

the method comprises the steps of responding to the operation of a user on a file, re-reading the subject attribute, the object attribute and the working environment information, and judging whether the user has the authority to execute the operation or not based on a preset authority judging rule;

executing the operation when the user has the authority to execute the operation;

and terminating the operation when the user does not have the authority to execute the operation.

10. A document security management system for use in a method according to any one of claims 1 to 9, comprising:

the terminal file management software module is used for responding to a file access request of a user and authenticating the identity of the user based on an SM9 private key, wherein the SM9 private key is generated based on a user identifier and is contained in the file access request;

The user management and policy center module is used for matching the subject attribute of the user, the object attribute of the file and the working environment information of the user based on a preset authority judging rule after the user identity authentication is passed, so as to obtain the file access authority of the user;

the CPK combined public key management center module is used for acquiring a CPK public key of a user when the user has the right to access a file, calculating a CPK private key based on the CPK public key, and correspondingly pre-storing the CPK public key and a user identifier in a management system;

and the terminal file management software module is also used for decrypting the SM4 symmetric encryption key of the file based on the CKP private key, so that a user accesses the file based on the SM4 symmetric encryption key.

11. An electronic device, comprising:

one or more processors;

storage means for storing one or more programs,

wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-9.

12. A computer readable storage medium having stored thereon executable instructions which, when executed by a processor, cause the processor to perform the method according to any of claims 1-9.

13. A computer program product comprising a computer program which, when executed by a processor, implements the method according to any one of claims 1 to 9.

Images