WO2018139951A1

WO2018139951A1 - System for placing a confidentiality mark in an electronic document

Info

Publication number: WO2018139951A1
Application number: PCT/RU2017/000399
Authority: WO
Inventors: Евгений Игоревич ЧУГУНОВ
Original assignee: Акционерное общество "Кросс технолоджис"
Priority date: 2017-01-25
Filing date: 2017-06-09
Publication date: 2018-08-02
Also published as: RU2647643C1

Abstract

The invention relates to the information protection field, specifically to systems on the basis of confidentiality marks, and can be used for placing confidentiality marks on electronic documents, and also for registering and checking such documents. The technical result is an increase in information security of electronic documents in Microsoft Office. A system for placing a confidentiality mark in an electronic document, and for registering and checking work with confidential electronic documents, comprises a marking subsystem, an administration subsystem, a data storage subsystem, a data processing subsystem and a monitoring subsystem. The marking subsystem is capable of placing a mark on an electronic document, the mark simultaneously having a visual and a digital form, and of setting access rights. The administration subsystem is capable of changing mark settings. The data storage subsystem is capable of storing data about a mark and mark settings. The data processing subsystem is capable of requesting mark settings from the data storage subsystem and of transmitting mark settings to the monitoring subsystem and marking subsystem. The monitoring subsystem is capable of requesting data about mark settings from the data processing subsystem, providing data about mark settings to the marking subsystem and transmitting data about a mark to the data processing subsystem.

Description

PRIVACY LABEL SYSTEM IN

ELECTRONIC DOCUMENT

The invention relates to the field of information security, and in particular to systems based on confidentiality labels, and can be used to set confidentiality labels on electronic documents, as well as accounting and control of such documents.

List of terms and abbreviations used.

AD (from the English. Active Directory - "Active Directory",) - Microsoft directory services for operating systems of the Windows Server family. Allows administrators to use group policies to ensure uniform customization of the user work environment, deploy software on multiple computers through group policies or through System Center Configuration Manager (formerly Microsoft Systems Management Server), and install operating system, application, and server software updates on all computers online using the Windows Server Update Service. Stores data and environment settings in a centralized database.

DLP (from the English Data Leak Prevention - Prevention of leaks) - technologies for preventing leakage of confidential information from the information system to the outside, as well as technical devices (software or hardware and software) for such leak prevention.

DSS - Docs security suite.

IIS (from the English Internet Information Services, to version 5.1 - Internet Information Server) - a proprietary set of servers for several Internet services from Microsoft.

IP (from the English. Internet Protocol - eat, "Internet Protocol") - a routable network layer protocol.

LDAP (Lightweight Directory Access Protocol— “Lightweight Directory Access Protocol”) is an application layer protocol.

Microsoft Office — an office suite of applications created by Microsoft for the Microsoft Windows, Windows Phone, Android, OS X, and iOS operating systems. RPC (from the English. Remote Procedure Call - Remote Procedure Call, less often Remote Procedure Call) is a class of technologies that allow computer programs to call functions or procedures in another address space, usually on remote computers.

SIEM (from the English Security information and event management) - a combination of two terms that indicate the scope: SIM (from the English Security information management) - information security management and SEM (from the English Security event management) - security event management. SIEM technology provides real-time analysis of security events (alarms) from network devices and applications. SIEM is represented by applications, devices or services, and is also used for data logging and reporting for compatibility with other business data.

ID (from the English data name, identifier - identifier) - an identifier, a unique feature of an object that allows you to distinguish it from other objects.

AWP - workstation.

DB (Database) - a set of independent materials (articles, calculations, normative acts, court decisions and other similar materials) presented in an objective form, systematized in such a way that these materials can be found and processed using an electronic computer (computer).

A web interface is a set of means by which a user interacts with a website or any other application through a browser.

OS is an operating system.

There are many options for restricting user access to information: built-in protection mechanisms for operating systems, databases, applications, as well as various imposed information protection tools (electronic locks and / or software). Most protects only the object, namely, it delimits access to a workstation, network segment, server, folder, or specific document. At the same time, access control is not ensured within an information system that processes confidential information. Differentiating access to a server or folder is inefficient, but restricting access to each specific a document is difficult from the point of view of administration and conducting business processes (especially if the organization has more than one thousand people).

The most important measures for the implementation of the regime for protecting trade secrets are the formation of a list of information classified as trade secrets, the accounting and marking of documents containing trade secrets. Moreover, often when exchanging electronic documents and messages in files, tables, images, presentations, emails, the organization does not mark them in any way, or marks everything in a row. Thus, confidential information does not stand out from the general flow of processed information. Federal Law Ns 98-ФЗ “On Commercial Secrets” does not contain the concept of an electronic document and message, all attention is reduced to the registration and labeling of tangible media containing information constituting commercial secrets. Therefore, most organizations inadvertently ignore electronic document management and, when implementing measures, paragraph 1 of Art. 10 98-ФЗ, do not carry out marking of electronic documents / messages containing trade secrets. As a result, the organization does not know where in its infrastructure information related to trade secrets is actually processed and stored, who has or had access to such information.

Thus, employees and counterparties of the company when working with electronic documents and messages containing commercial secrets are not liable in the event of the disclosure of this information and are not required to comply with the protection of commercial secrets. For the organization, this means the virtual absence of a regime for protecting trade secrets, especially since electronic documents and messages often account for up to 99% of the workflow. In general, the situation with the labeling of electronic documents and messages can be extrapolated to any types of restricted information for which confidentiality requirements are established (commercial secret, bank secret, personal data, state secret (secret, top secret), etc.). Therefore, it cannot be said that an organization has introduced some kind of protection regime if it does not mark and extract documents containing confidential information from the general electronic document management. Due to the lack of control over the life cycle of electronic documents in the organization, documents are uncontrolledly copied, deleted and edited. Similar situation leads to the fact that it is impossible to find exactly who sent the document to competitors or made critical changes, due to which the contract fell through. Thus, any introduced information protection mode is ineffective without the implementation of the process of accounting and marking of all processed electronic 5 documents.

An effective method of protection is to restrict access to information point-wise, i.e., to provide a certain set of roles with access to a different set of confidentiality labels: open, confidential, commercial secret, bank secret, personal data, state secret (secret, top secret), etc. P.

The problem of protecting confidential information is relevant for every modern enterprise. The result of the lack of successful implementation of the regime for the complete protection of information is the failure to comply with the requirements of the legislation on the creation of a trade secret regime (personal

15 data, bank secrets, etc.), leakage of confidential information, lack of accounting for electronic documents and control over the life cycle of documents. Without marking all electronic documents that are in the access and subject to any actions of the user, in fact, the requirements of regulatory documents and standards are not met:

20 Special Requirements and Recommendations for the Technical Protection of Confidential Information of 2002, Federal Law Ns 152-ФЗ of July 27, 2006 “On Personal Data”, Federal Law Ns 98-ФЗ of July 29, 2004 “On Commercial Secrets” ( as amended on March 12, 2014), Standard of the Bank of Russia STO BR IBBS-1.0-2014.

25 For any information security policy or restricted information protection regime: commercial secret, personal data, state secret or other regime, in addition to the implementation of traditional procedures and administrative documents, it is necessary:

• implementation of the process of marking electronic documents for putting down a visual and digital mark with a given level of confidentiality of information when creating and editing an electronic document in accordance with the list of information introduced in the organization related to restricted information and / or trade secret or another type of secret. This process should be automated and maximized. simple for the user, and also required when working with all electronic documents.

• differentiation of user access to electronic documents Today there are many options for differentiating user access to information. These can be built-in protection mechanisms for operating systems, databases, applications, as well as various FSTEC certified imposed information protection tools (electronic locks and / or software). But as the practice of creating information security systems shows, it all comes down to formal compliance with the requirements. Most protects only the object, namely, it delimits access to the workstation, network segment, server, folder, or a specific document. At the same time, they forget to differentiate access within an information system that processes confidential or critical information. It is known that to differentiate access to a server or folder is inefficient, and to restrict access to a specific document is quite difficult from the point of view of administration and business processes, especially if there are more than one thousand people in an organization. It is much more efficient to restrict access pointwise, i.e., to provide a certain set of roles with access to a different set of labels: open, confidential, commercial secret, bank secret, personal data, state secret (secret, top secret, etc.

• electronic security logging

Writing to the database all selected registration events. Registration of all user actions: creation, modification, copying, printing of a document, author, users, date, time, and other data when working with documents.

· Conducting automated analytics

Maintaining automated analytics when choosing one or another system filter allows you to: determine the location of the document, as well as who and when worked with it; to recreate and systematize the entire history of an electronic document, including restoring the chain of creation of versions, copies, drafts of a document from a blank sheet to its final version, including all sending to print; identify the location of all created drafts and copies within one document; determine where, when and with what documents the user worked (locally and / or on network resources), what access he has; determine the affiliation to the company of documents found outside the organization (in external communication networks, the Internet, on removable carriers); Provide relevant and detailed information for incident investigation; quickly identify attempts and facts of violation of the established protection mode (IS policies): for example, if one of the users tried to unauthorizedly change the document, copy 5 confidential text to a document with a different type of label or to an email client, delete the label and / or properties of the document; facilitate the workflow in the company.

• introduction of electronic document classification

The classifier analyzes the document by keywords, classifies it, and automatically suggests choosing the most suitable label for the user. It can be launched in the automatic mode of scanning a disk or folder.

The closest analogue of the claimed invention is a technical solution from patent application US 2012166353, representing

15 is a system for ensuring classification of documents by confidentiality tags. The system contains a module for classifying a document for marking documents with confidentiality labels in accordance with the organization’s policy. The system implements computer-executable instructions for controlling authorization and / or sharing

20 documents, determining the type of document, determining the correctness of setting a confidentiality label and taking measures to correct inappropriate labels.

However, this technical solution does not disclose the implementation of confidentiality labeling.

25 The technical problem to which the claimed invention is directed is the lack of a privacy labeling system in an electronic Microsoft Office document containing a digital and visual form.

The technical result of the claimed invention is to increase the information security of electronic documents Microsoft Office.

The specified technical result is achieved due to the fact that the system for setting the confidentiality label in an electronic document, accounting and control of work with confidential electronic documents, contains a marking subsystem, administration subsystem, 35 data storage subsystem, data processing subsystem and monitoring subsystem, while the marking subsystem is configured to label the electronic document having both visual and digital form and setting access rights; the administration subsystem is configured to change label settings; the data storage subsystem is configured to store data about the label and label settings; the data processing subsystem is configured to request the label settings from the data storage subsystem and transfer label settings to the monitoring subsystem and the marking subsystem; the monitoring subsystem is capable of requesting data about the settings of the label from the data processing subsystem, providing data about the settings of the label to the marking subsystem and transmitting data about the label to the data processing subsystem.

An electronic document may be a Microsoft Office document.

The visual form of the label can be made in the form of a footer.

The administration subsystem may consist of a labeling module, a system module, and a system module protection module.

The module for working with labels may contain a submodule for setting labels, a submodule for alerts, a submodule for the label log.

The system module can consist of a sub-module of system settings, a sub-module of centralized installations, a sub-module of statuses of a user's workstation, a sub-module of monitoring client and server software licenses, a sub-module of activation and deactivation of system module functionality, a sub-module of the system event log, a sub-module of downloading and preparing updates, a sub-module of alerts on system events.

The system module protection module may consist of a submodule for configuring the system module security, an alert submodule, a security log submodule

The best implementation of the inventive system is shown in figures 1-44, which depict:

FIG. 1 is an embodiment of a system;

FIG. 2 is an embodiment of a system architecture;

FIG. 3 is a diagram of the life cycle of a document’s confidentiality label with a label;

FIG. 4 - methods of forming a confidentiality label of a new document and / or a document without a label;

FIG. 5 - login page of the system interface; FIG. 6 - the main page of the system interface;

FIG. 7 - page for administering system interface users;

FIG. 8 - adding a label available to the user on the user administration page of the system interface;

FIG. 9 - changing user settings on the user administration page of the system interface;

FIG. 10 - adding a new user to the user administration page of the system interface;

FIG. 11 - page for administering the roles of the system interface;

FIG. 12 - role change on the role administration page of the system interface;

FIG. 13 - adding a new role on the administration page of the system interface roles;

FIG. 14 - page with a list of the system interface menu;

FIG. 15 is a form for editing a page element with a menu list of a system interface;

FIG. 16 - adding a new page element with a list of the system interface menu;

FIG. 17 - menu page of the system interface;

FIG. 18 is a form for editing an item on a menu page of a system interface;

FIG. 19 - adding a new element of the menu page of the system interface;

FIG. 20 - page of the audit log of the system interface;

FIG. 21 - filtering on the audit log page of the system interface; FIG. 22 - page of the event log of the AWP system interface;

FIG. 23 - grouping on the page of the event log of the AWP system interface;

FIG. 24 - filtering on the event log page of the AWP system interface;

FIG. 25 - page for logging packet exchange of the system interface; FIG. 26 - filtering on the page for logging packet exchange of the system interface;

FIG. 27 - registry page labels system interface; FIG. 28 - label editing form on the registry page of the system interface labels;

FIG. 29 is a form for editing conditions for a label classifier on a page of the registry labels of a system interface;

FIG. 30 - a form for creating conditions for a label classifier on a page of the registry labels of a system interface;

FIG. 31 is a form for creating labels on a registry page of system interface labels;

FIG. 32 - label classifier parameter filter on the system interface label registry page;

FIG. 33 - page of the registry documents of the system interface;

FIG. 34 - grouping on the registry page of the system interface documents;

FIG. 35 - filtering on the registry page of the system interface documents;

FIG. 36 - page for setting the visual style of the system interface labels;

FIG. 37 - customization of visual label style elements on the visual interface label style settings page of the system interface;

FIG. 38 is a form for editing visual label style elements on a page for setting a visual style for labels of a system interface;

FIG. 39 is a form for adding visual label style elements to a page for setting a visual label style of a system interface;

FIG. 40 is a form for editing a visual label style on a page for setting a visual label style of a system interface;

FIG. 41 - filtering visual label styles on the page for setting the visual label style of the system interface;

FIG. 42 is a view of a label alert when a document is opened;

FIG. 43 is a label selection form;

FIG. 44 is a view of a notification of refusal to open a document.

In FIG. 1-2 positions 1-14 show:

1 - marking subsystem;

2 - administration subsystem;

3 - data storage subsystem;

4 - data processing subsystem; 5 - monitoring subsystem;

6 - Active Directory;

7 - mail server;

8 - management server;

9 - database server;

10 - user workstation;

1 1 - security administrator;

12 - administrator;

13 - SIEM;

14 - DLP.

The system for setting the confidentiality label in an electronic document, accounting and control of work with confidential electronic documents, contains a marking subsystem 1, an administration subsystem 2, a data storage subsystem 3, a data processing subsystem 4 and a monitoring subsystem 5.

Marking subsystem 1 is an add-in in MS Office.

Monitoring subsystem 5 is a client application (Agent

OS) installed on a workstation of 10 users.

Installation of OS Agents is centralized. The system is packaged in Microsoft Windows Installer (MSI) and installed using standard tools. Data processing subsystem 4 is a server program. Data Storage Subsystem 3 is a database management system

(DBMS). Administration Subsystem 2 is a web application.

The operation of the web application depends on the programming language in which it is written: in the case of using C #, IIS is used; if using Java, the Tomcat container servlet server or the JBoss AS application server or TomEE are used.

The system interacts with Active Directory 6 to exchange user information and with the mail server 7 to send alerts,

From an architectural point of view, the system operates on the basis of a management server 8 and a database server 9, a user workstation 10, a security administrator 11, an administrator 12, SI EM 13 and DLP 14.

The invention is a platform for the management, control and audit of access rights to electronic documents based on confidentiality labels. The system is designed for marking confidential documents with subsequent control of access to them, setting privacy labels, marking electronic documents, restricting user actions with confidential documents, recording user actions with confidential documents, creating a user action log with confidential documents, displaying a user action log with confidential documents, with label settings privacy by forming and displaying a change tree marked th document, sending messages to users and administrators when changing tagged document.

The system forcibly puts confidentiality labels in visual and digital form on documents, registers all user actions with the document, traces the relationship of documents, delimits and controls user access rights based on the access matrix of confidentiality labels. The entire history of events is stored in a specialized database for further analysis and investigation of incidents. The system allows, at the request of the user, to analyze the document by keywords and select the most suitable label; to differentiate user access to electronic documents and tags in accordance with the organization’s regulations and information security policies; take into account all electronic documents processed by the company and classify them in accordance with the organization’s regulations, information security policies and a list of information relating to restricted information, trade secret or other type of secret; take into account all users working with electronic documents; recreate and systematize the entire history of the creation of the document, regardless of the existing document management systems in the company: restore the chain of creation of versions, copies, drafts of the document from a blank sheet to its final version, including all sending to print; for each document determine its location, as well as who, where and when worked with it; record all user actions when working with a document; quickly identify attempts and facts of violation of the established regime of information protection and information security policy in the framework of confidential electronic document management; for each user, find the documents to which he has access, find out where, when and with which ones he worked; identify the location of all created drafts and copies within one document; reduce excessive copying of a document and identify irrelevant versions of documents, as well as facilitate document management in the company; determine the company’s belonging to documents found outside the organization (in external communication networks, the Internet, on removable media). Information about each user's actions with each document (opening a document, saving a document and selecting a label, printing a document and selecting a label, changing a label) is sent to the server.

The system has fault tolerance and reliability, ensuring the work of the system’s personnel in the normal mode, as well as the operational recovery of failures. In the event of temporary hardware and software failures, the system provides recovery after a server reboot. Unavailability time - up to 5 minutes.

The system is compatible with MS Office (Word, Excel, Visio, PowerPoint, Access) RUS 2007, 2010, 2013, 2016. The product is compatible with Windows XP (with Service Pack SP3 or later for the 32-bit version; 64-bit version); Windows XP Embedded (SP3 or later); Windows 7 (32/64-bit) Windows 7 Embedded Windows 8 (32/64-bit) Windows 10 (32/64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2012 R2 (64-bit) Database - MS SQL Server 2008 or higher.

The system operates as follows.

The system interacts with Active Directory 6 via LDAP to retrieve user information. Administration subsystem 2 interacts with mail server 7 to send notifications via SMTP.

In the administration subsystem 2, settings are made for labels, user access to them, and system settings. This information is stored in the data storage subsystem 3. Data processing subsystem 4 periodically polls data storage subsystem 3 for new or old settings to transfer settings to monitoring subsystem 5 and marking 1. When the system starts, monitoring subsystem 5 requests information on settings from the subsystem data processing 4. At the time of saving the electronic document, the marking subsystem 1 requests information about the label settings from the monitoring subsystem 5 for enable users to tag. After the label appears in the document, the monitoring subsystem 5 transfers the label information to the data processing subsystem 4 for subsequent storage in the data storage subsystem 4. The data processing subsystem 4, upon request, transfers the label data to the monitoring subsystem 5 for monitoring user actions with confidential documents. The monitoring subsystem 5 transmits the monitoring subsystem 5 to the data processing subsystem 4 for subsequent storage in the data storage subsystem 3. Administration subsystem 5 periodically polls the data storage subsystem 3. When records are found that satisfy the conditions for generating an alert, administration subsystem 2 generates and sends notifications. User action logs are viewed through the administration subsystem 2.

Interaction with data storage subsystem 3 is carried out in accordance with SQL syntax. The interaction of the monitoring subsystems 5 and data processing 4 is carried out by RPC.

The system is designed for continuous, daily work of users and operates either in a regular or in a service mode. The main mode of operation of the system is the normal mode, in which all functions are supported. In the service mode, the system as a whole, or its individual functions become inaccessible to users. In this mode, maintenance, reconfiguration, repair or restoration work in case of emergency, modernization and improvement of system components are carried out.

User authentication is performed using Active Directory 6.

Authentication of administrators is carried out either by means of the administration subsystem 2 or Active Directory 6. In administration subsystem 2, administrators are authorized by means of the subsystem itself according to the data stored in the data storage subsystem 3. Administration subsystem 2 provides access control differentiation in accordance with the role model. In the data processing subsystem 4, the authorization of the monitoring subsystems 5 and marking 1 is performed using the data processing subsystem 4 itself using the data stored in the data storage subsystem 3. Authorization in the data storage subsystem 3 of the administration subsystem 2 and data processing 4 is performed using the DBMS. The action log is kept users: in the administration subsystem 2, events are being changed for the rights to labels to users or user groups; in the data storage subsystem 3, events of deleting / changing the log of user actions are recorded; in monitoring subsystem 5, copy events are recorded

5 texts from one document to another document, copying a document, prohibition of opening and making changes to MS Office documents to third-party applications, attempts to open a document with a label that exceeds user rights, recording all illegal user actions and transferring this information to the database server 9. In the subsystem marking 1 fixed affixing and changing the marks of documents. Removing and disabling monitoring subsystems 5 and marking 1 is prohibited.

Marking subsystem 1 allows you to put labels on documents in MS Office (Word, Excel, Visio, PowerPoint, Access), including versions 2007 (32-bit with SP3); 2010 (32/64-bit); 2013 (32/64-bit); 2016 (32/64-bit).

15 The ability to put down a label by selecting from the list of labels available to the user appears when a document is saved and is a required action. The visual form of the label is applied to the document in the form of a footer, and the digital one is added to the file (structure) of the MS Office document in order to further control this file using DLP 14. The label contains information about

20 date and time of change of the document; User (author) ID; ID of the user who modified the document; Workstation ID of the user who changed the document; assigned label; Document ID The digital form of the label contains information about the date and time the document was created. When you open a document with a tag, information about whether the document has a tag and its number is displayed. In the press

25 documents will be refused until a mark is selected. The automatic labeling mode based on keywords in the text of the document (previously configured) is implemented.

Monitoring subsystem 5, when copying text from a document to another document, transfers the current label. Prevents third-party applications from opening and making changes to MS Office (Word, Excel, Visio, PowerPoint, Access). When you open a document with a label that exceeds the user's rights, a message is displayed to the user that this document is not available to him. Monitoring subsystem 5 captures and records document copy operations; copy text from a document to another

35 document, Outlook or other third-party products; tag status changes document; Attempts to remove the OS Agent; illegal actions of users with confidential documents and the transfer of this data to the server.

The data processing subsystem 4 processes the received data on user actions with confidential documents to store them in the data storage subsystem 3; transfers data on user access to tags from the data storage subsystem 3 to the marking subsystem 1; monitors the current connections of the marking subsystems 1 and monitoring 5 on users AWP; It controls the AWP of users for the installation of marking subsystems 1 and monitoring 5 on them.

Data storage subsystem 3 provides high-performance processing and storage of data on user actions. Data storage subsystem 3 has the means to configure the information model, storage structure management tools; metadata repository management tools (description of the storage structure); the ability to export data; mechanisms for creating, executing and saving the results of arbitrary queries, samples.

Administration subsystem 2 consists of a labeling module, a system module, and a system module protection module.

The module for working with labels contains a submodule for setting labels, a submodule for alerts, a submodule for the label log. The label settings submodule provides settings for label display; customization of visual label styles, customization of names and types of labels; setting up a user group and labels available to them with binding to AD; setting user access to tags: save the document with this tag, assign a tag to the document, remove the tag from the document, print the document with the tag, copy the document. The half-module of notifications provides the setting of alerts for events associated with tags; processing user actions with confidential documents; generating and sending alerts; convenient interface for viewing events, including alarm mechanisms for unusual user actions, as well as custom filters. The label log submodule displays a log of user actions to provide access to tags; Export to Excel user action logs the ability to upload a log of user actions in Excel. Data is exported to Excel 2007 and higher format (.xlsx). This function works for reports with the number of records no more than 1 million. When the journal is unloaded, the service information is added to Excel: program name and logo; set of filters used for output; file generation date and time; total number of entries; line numbering.

The system module consists of a submodule of system settings that allows you to make system settings; a submodule of centralized installations that displays statuses of the centralized installation of instances of client software on a PC; AWP status submodule that checks and displays AWP statuses in real time (online, offline); a submodule for monitoring client and server software licenses that works with licenses in terms of checking client and server software licenses, downloading licenses, activating licenses, creating events for a notification system about license expiration; a submodule for activating / deactivating the functionality of a system module that allows you to select software that requires the functionality of a system module (MS Office (Word, Excel, Visio, PowerPoint, Access), in which the marking subsystem 1 is involved; a submodule of the system event log that allows you to view and filter a log of system events such as internal errors of various nodes of the system module and loss of communication; a submodule for downloading and preparing updates, downloading and preparing updates for server and client software; a sub-module of alerts for system events that provides setting alerts for system events, processing system events, generating and sending alerts, a convenient interface for viewing events, including alarm mechanisms for cases of abnormal operation of the system module, as well as custom filters.

The protection module of the system module consists of a submodule for configuring the protection of the system module that provides the settings necessary for the operation of OS Agents; Alerts submodule that provides notification settings for events related to user actions in the OS coming from the OS Agent, processing user actions with client software, generating and sending alerts, a convenient interface for viewing events, including alarm mechanisms about unusual user actions, as well as custom filters; a submodule of the security log of a system module that displays a log of illegal actions users in the OS, coming from the OS Agent, export to Excel user action logs. It is possible to upload a log of user actions in Excel.

The system is used as follows.

The system marks the created documents in MS Office. Each time a document is saved, the user is prompted to select one of the available tags, for example, confidentially, bank secrecy, secretly, without a tag, and only after selecting one of the tags the procedure of saving the file and closing the MS Office program is allowed. Otherwise, there is a refusal to save the file and a message stating that it is impossible to save the changes made. The system marks in visual and digital form. When you open a document with a privacy label, information about whether the document has a privacy label is displayed. The visual form of the privacy label is applied to the text document as text or a picture in the footer, and the digital form is added to the MS Office file (document structure) as a unique privacy label identifier (MarkerSID) in order to further control this file using DSS and third-party systems Type DLP 14, SIEM 13.

A digital privacy label contains a globally unique document ID, a globally unique parent document ID, privacy label level, privacy label name, image link, privacy label privileges, classification criteria, and visual style of the privacy label. When you open a document with a privacy label, a message is displayed in the form of a window about the installed privacy label or its absence in the document. It also displays information on the current privacy label currently in the feed in the DSS tab in MS Office. Whenever you save a document or print a document, it will be denied until a privacy label is selected. Implemented the automatic assignment of privacy labels based on keywords in the text of the document, file name and location of the MS Office document using the classifier (which were previously configured in the management console on the web server). The module for working with privacy labels contains sections for setting privacy labels, a notification section, a registry of privacy labels. The privacy label settings section provides:

- Configuring the display of privacy labels;

- Configuring privacy label styles, configuring the names and types of privacy labels;

- setting privileges for confidentiality labels (the ability to open a document, save (change) a document, assign a confidentiality label to a document, print the document, and copy the document.

The life cycle of a document tag with a tag is shown in FIG. The system analyzes whether the document has a label. If the document contains a label, then when it is printed or output without changes, the marking does not change. The user can change the document label to the available label options. When saving a changed document containing a label, the system prompts the user to re-select a new label for the document or save the document with the current marking, depending on the nature of the changes made. If the user tries to save the current document as a new file, the system will necessarily issue a proposal to assign him a label from the available ones.

Records (logging) are subject to the date and time the document was created; Date and time the document was changed; User (author) ID; Workstation ID of the user (author); ID of the user who modified the document; Workstation ID of the user who changed the document; The originally assigned label Tag change history ID of the document. There is a local and centralized log. The digital form of the document label contains information about the assigned label and document ID.

When you open a document that does not have tags, for example, when a document was received from another organization or opened for the first time after the implementation of the system, the system registers on the server information about opening a document without a tag, the path of the document, the user who opened the document, the workstation on which he open, domain, date, time and IP address. Methods of forming a label for a new document and a document without a label are shown in FIG. 4. When saving a new document or a document without a label, the system without fail prompts the user to select a label for the document. The label selection window is displayed (Fig. 43). The label and rights of use can be assigned by the owner of the document: author, owner information system, resource, head of the structural unit responsible for classification, information security administrator. The most correct label can be selected by the user. Recommended label selection can be suggested by the system

5 by the classifier, and the user already determines to agree with the proposed option or make a choice based on his own reasoning. The classifier works when saving, but not when opening, a document and can be launched by pressing the "Analysis" button. When saving a document without a tag, the classifier can automatically put a tag. In addition to the visual form of the label, a digital form of the label is also registered in the document, which the user cannot see or change. This document is printed on the same principle as preservation. Cannot print a document without selecting a label. This cannot be done either from the document itself or from the explorer. Information is sent to the database server 9 during printing, in

15 which indicates who, where, when and what printed. When changing the label on the database server 9, the document is saved and the label is changed.

Tags allow you to differentiate user access to certain tags and, as a result, electronic documents inside MS Office. In this case, user access is assigned to tags, not documents.

20 Administrators have access to open information, the operator has access to open information and their official information, accounting has access to all the documents listed above, as well as documents containing trade secrets, management has access to absolutely all documents in the company.

25 The proposed label is displayed to the user and is not required, but if the user puts a label below the classifier, a notification about this event is sent to the database server 9. The classifier, which processes information automatically, is configured in the web interface and runs according to a schedule or manually. zo The classifier, which helps the user to select the desired label, is embedded in the client and works constantly. When investigating incidents, it is determined who exactly worked with this document, who opened it, edited, printed or copied to itself. All this can be done with the help of a physical document tree, allowing you to track the entire history.

35 creation, modification, copying of documents including date, time, place and the user who performed this action. The web interface provides the ability to authenticate administrators by delimiting access to information according to the level of access rights of a particular user according to the role model: the manager often has access to documents with all kinds of tags (open information, official, strategic decisions, trade secrets), while an accountant does not have access to strategic decisions, and administrators often have access only to open information. Using the web interface, the user gets the opportunity to work with the physical directory tree, taking into account the privacy settings.

The system affixes privacy labels to the created documents in MS Office (Word, Excel, Visio, PowerPoint).

On workstations, Microsoft Windows can be installed: XP (with Service Pack SP3 or later for the 32-bit version); 7 (32/64-bit); 8 (32/64-bit); 8.1 (32/64-bit); 10 (32/64-bit). Servers can be Microsoft Windows server: 2008 R2 (32/64-bit), 2012 (32/64-bit), 2012 R2 (32/64-bit), NET Framework: 3.5, 4.5; Microsoft SQL Server: 2008 R2; 2012, 2014.

The above examples are special cases and do not exhaust all possible implementations of the claimed invention.

The person skilled in the art should understand that various variations of the claimed invention do not change the essence of the invention, but only determine its specific embodiment.

Claims

Claim

1. The system for setting the confidentiality label in an electronic document, accounting and control of work with confidential electronic documents, characterized in that it contains a marking subsystem, an administration subsystem, a data storage subsystem, a data processing subsystem and a monitoring subsystem, while the marking subsystem is configured to label on an electronic document having both visual and digital form and access rights settings; the administration subsystem is configured to change label settings; the data storage subsystem is configured to store data about the label and label settings; the data processing subsystem is configured to request the label settings from the data storage subsystem and transfer label settings to the monitoring subsystem and the marking subsystem; the monitoring subsystem is capable of requesting data about the settings of the label from the data processing subsystem, providing data about the settings of the label to the marking subsystem and transmitting data about the label to the data processing subsystem.

2. The system according to claim 1, characterized in that the electronic document is a Microsoft Office document.

3. The system according to claim 1, characterized in that the visual form of the label is made in the form of a footer.

4. The system according to claim 1, characterized in that the administration subsystem consists of a label work module, a system module and a system module protection module.

5. The system according to claim 4, characterized in that the module for working with labels contains a submodule for setting labels, a submodule for alerts, a submodule for the label log.

6. The system according to claim 4, characterized in that the system module consists of a submodule of system settings, a submodule of centralized installations, a submodule of statuses of the user's workstation, a submodule for monitoring client and server software licenses, a submodule for activating and deactivating the functionality of the system module, a log submodule systemic events, a submodule of downloading and preparing updates, a submodule of alerts for system events.

7. The system according to claim 4, characterized in that the protection module of the system module consists of a submodule for configuring the protection of the system module, a notification submodule, a submodule of the system module protection log.