+

WO2018139951A1 - Système d'application de marque de confidentialité sur un document électronique - Google Patents

Système d'application de marque de confidentialité sur un document électronique Download PDF

Info

Publication number
WO2018139951A1
WO2018139951A1 PCT/RU2017/000399 RU2017000399W WO2018139951A1 WO 2018139951 A1 WO2018139951 A1 WO 2018139951A1 RU 2017000399 W RU2017000399 W RU 2017000399W WO 2018139951 A1 WO2018139951 A1 WO 2018139951A1
Authority
WO
WIPO (PCT)
Prior art keywords
subsystem
label
document
submodule
settings
Prior art date
Application number
PCT/RU2017/000399
Other languages
English (en)
Russian (ru)
Inventor
Евгений Игоревич ЧУГУНОВ
Original Assignee
Акционерное общество "Кросс технолоджис"
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Акционерное общество "Кросс технолоджис" filed Critical Акционерное общество "Кросс технолоджис"
Publication of WO2018139951A1 publication Critical patent/WO2018139951A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/93Document management systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/16Program or content traceability, e.g. by watermarking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the invention relates to the field of information security, and in particular to systems based on confidentiality labels, and can be used to set confidentiality labels on electronic documents, as well as accounting and control of such documents.
  • AD from the English. Active Directory - "Active Directory",
  • Microsoft directory services for operating systems of the Windows Server family. Allows administrators to use group policies to ensure uniform customization of the user work environment, deploy software on multiple computers through group policies or through System Center Configuration Manager (formerly Microsoft Systems Management Server), and install operating system, application, and server software updates on all computers online using the Windows Server Update Service. Stores data and environment settings in a centralized database.
  • DLP from the English Data Leak Prevention - Prevention of leaks
  • technologies for preventing leakage of confidential information from the information system to the outside as well as technical devices (software or hardware and software) for such leak prevention.
  • IIS from the English Internet Information Services, to version 5.1 - Internet Information Server
  • IIS Internet Information Services
  • IP from the English. Internet Protocol - eat, "Internet Protocol" - a routable network layer protocol.
  • LDAP Lightweight Directory Access Protocol— “Lightweight Directory Access Protocol”
  • Lightweight Directory Access Protocol is an application layer protocol.
  • Microsoft Office an office suite of applications created by Microsoft for the Microsoft Windows, Windows Phone, Android, OS X, and iOS operating systems.
  • RPC from the English. Remote Procedure Call - Remote Procedure Call, less often Remote Procedure Call
  • RPC is a class of technologies that allow computer programs to call functions or procedures in another address space, usually on remote computers.
  • SIEM from the English Security information and event management
  • SIEM technology provides real-time analysis of security events (alarms) from network devices and applications.
  • SIEM is represented by applications, devices or services, and is also used for data logging and reporting for compatibility with other business data.
  • ID (from the English data name, identifier - identifier) - an identifier, a unique feature of an object that allows you to distinguish it from other objects.
  • DB Database
  • independent materials articles, calculations, normative acts, court decisions and other similar materials
  • computer electronic computer
  • a web interface is a set of means by which a user interacts with a website or any other application through a browser.
  • OS is an operating system.
  • An effective method of protection is to restrict access to information point-wise, i.e., to provide a certain set of roles with access to a different set of confidentiality labels: open, confidential, commercial secret, bank secret, personal data, state secret (secret, top secret), etc. P.
  • Registration of all user actions creation, modification, copying, printing of a document, author, users, date, time, and other data when working with documents.
  • Maintaining automated analytics when choosing one or another system filter allows you to: determine the location of the document, as well as who and when worked with it; to recreate and systematize the entire history of an electronic document, including restoring the chain of creation of versions, copies, drafts of a document from a blank sheet to its final version, including all sending to print; identify the location of all created drafts and copies within one document; determine where, when and with what documents the user worked (locally and / or on network resources), what access he has; determine the affiliation to the company of documents found outside the organization (in external communication networks, the Internet, on removable carriers); Provide relevant and detailed information for incident investigation; quickly identify attempts and facts of violation of the established protection mode (IS policies): for example, if one of the users tried to unauthorizedly change the document, copy 5 confidential text to a document with a different type of label or to an email client, delete the label and / or properties of the document; facilitate the workflow in the company.
  • IS policies for example, if one of the users tried to unauthorizedly change the document, copy
  • the classifier analyzes the document by keywords, classifies it, and automatically suggests choosing the most suitable label for the user. It can be launched in the automatic mode of scanning a disk or folder.
  • the 15 is a system for ensuring classification of documents by confidentiality tags.
  • the system contains a module for classifying a document for marking documents with confidentiality labels in accordance with the organization’s policy.
  • the system implements computer-executable instructions for controlling authorization and / or sharing
  • the technical result of the claimed invention is to increase the information security of electronic documents Microsoft Office.
  • the system for setting the confidentiality label in an electronic document, accounting and control of work with confidential electronic documents contains a marking subsystem, administration subsystem, 35 data storage subsystem, data processing subsystem and monitoring subsystem, while the marking subsystem is configured to label the electronic document having both visual and digital form and setting access rights;
  • the administration subsystem is configured to change label settings;
  • the data storage subsystem is configured to store data about the label and label settings;
  • the data processing subsystem is configured to request the label settings from the data storage subsystem and transfer label settings to the monitoring subsystem and the marking subsystem;
  • the monitoring subsystem is capable of requesting data about the settings of the label from the data processing subsystem, providing data about the settings of the label to the marking subsystem and transmitting data about the label to the data processing subsystem.
  • An electronic document may be a Microsoft Office document.
  • the visual form of the label can be made in the form of a footer.
  • the administration subsystem may consist of a labeling module, a system module, and a system module protection module.
  • the module for working with labels may contain a submodule for setting labels, a submodule for alerts, a submodule for the label log.
  • the system module can consist of a sub-module of system settings, a sub-module of centralized installations, a sub-module of statuses of a user's workstation, a sub-module of monitoring client and server software licenses, a sub-module of activation and deactivation of system module functionality, a sub-module of the system event log, a sub-module of downloading and preparing updates, a sub-module of alerts on system events.
  • the system module protection module may consist of a submodule for configuring the system module security, an alert submodule, a security log submodule
  • FIG. 1 is an embodiment of a system
  • FIG. 2 is an embodiment of a system architecture
  • FIG. 3 is a diagram of the life cycle of a document’s confidentiality label with a label
  • FIG. 4 methods of forming a confidentiality label of a new document and / or a document without a label
  • FIG. 5 login page of the system interface
  • FIG. 6 the main page of the system interface
  • FIG. 7 page for administering system interface users
  • FIG. 8 adding a label available to the user on the user administration page of the system interface
  • FIG. 9 changing user settings on the user administration page of the system interface
  • FIG. 10 adding a new user to the user administration page of the system interface
  • FIG. 11 page for administering the roles of the system interface
  • FIG. 12 role change on the role administration page of the system interface
  • FIG. 13 adding a new role on the administration page of the system interface roles
  • FIG. 14 page with a list of the system interface menu
  • FIG. 15 is a form for editing a page element with a menu list of a system interface
  • FIG. 16 adding a new page element with a list of the system interface menu
  • FIG. 17 menu page of the system interface
  • FIG. 18 is a form for editing an item on a menu page of a system interface
  • FIG. 19 adding a new element of the menu page of the system interface
  • FIG. 20 page of the audit log of the system interface
  • FIG. 21 filtering on the audit log page of the system interface
  • FIG. 22 page of the event log of the AWP system interface
  • FIG. 23 - grouping on the page of the event log of the AWP system interface
  • FIG. 24 filtering on the event log page of the AWP system interface
  • FIG. 25 page for logging packet exchange of the system interface
  • FIG. 26 filtering on the page for logging packet exchange of the system interface
  • FIG. 27 registry page labels system interface
  • FIG. 28 label editing form on the registry page of the system interface labels
  • FIG. 29 is a form for editing conditions for a label classifier on a page of the registry labels of a system interface
  • FIG. 30 - a form for creating conditions for a label classifier on a page of the registry labels of a system interface
  • FIG. 31 is a form for creating labels on a registry page of system interface labels
  • FIG. 32 label classifier parameter filter on the system interface label registry page
  • FIG. 33 page of the registry documents of the system interface
  • FIG. 34 grouping on the registry page of the system interface documents
  • FIG. 35 filtering on the registry page of the system interface documents
  • FIG. 36 page for setting the visual style of the system interface labels
  • FIG. 37 customization of visual label style elements on the visual interface label style settings page of the system interface
  • FIG. 38 is a form for editing visual label style elements on a page for setting a visual style for labels of a system interface
  • FIG. 39 is a form for adding visual label style elements to a page for setting a visual label style of a system interface
  • FIG. 40 is a form for editing a visual label style on a page for setting a visual label style of a system interface
  • FIG. 41 filtering visual label styles on the page for setting the visual label style of the system interface
  • FIG. 42 is a view of a label alert when a document is opened
  • FIG. 43 is a label selection form
  • FIG. 44 is a view of a notification of refusal to open a document.
  • positions 1-14 show:
  • the system for setting the confidentiality label in an electronic document, accounting and control of work with confidential electronic documents contains a marking subsystem 1, an administration subsystem 2, a data storage subsystem 3, a data processing subsystem 4 and a monitoring subsystem 5.
  • Marking subsystem 1 is an add-in in MS Office.
  • Monitoring subsystem 5 is a client application (Agent
  • OS installed on a workstation of 10 users.
  • Data processing subsystem 4 is a server program.
  • Data Storage Subsystem 3 is a database management system
  • Administration Subsystem 2 is a web application.
  • the operation of the web application depends on the programming language in which it is written: in the case of using C #, IIS is used; if using Java, the Tomcat container servlet server or the JBoss AS application server or TomEE are used.
  • the system interacts with Active Directory 6 to exchange user information and with the mail server 7 to send alerts,
  • the system operates on the basis of a management server 8 and a database server 9, a user workstation 10, a security administrator 11, an administrator 12, SI EM 13 and DLP 14.
  • the invention is a platform for the management, control and audit of access rights to electronic documents based on confidentiality labels.
  • the system is designed for marking confidential documents with subsequent control of access to them, setting privacy labels, marking electronic documents, restricting user actions with confidential documents, recording user actions with confidential documents, creating a user action log with confidential documents, displaying a user action log with confidential documents, with label settings privacy by forming and displaying a change tree marked th document, sending messages to users and administrators when changing tagged document.
  • the system forcibly puts confidentiality labels in visual and digital form on documents, registers all user actions with the document, traces the relationship of documents, delimits and controls user access rights based on the access matrix of confidentiality labels.
  • the entire history of events is stored in a specialized database for further analysis and investigation of incidents.
  • the system allows, at the request of the user, to analyze the document by keywords and select the most suitable label; to differentiate user access to electronic documents and tags in accordance with the organization’s regulations and information security policies; take into account all electronic documents processed by the company and classify them in accordance with the organization’s regulations, information security policies and a list of information relating to restricted information, trade secret or other type of secret; take into account all users working with electronic documents; recreate and systematize the entire history of the creation of the document, regardless of the existing document management systems in the company: restore the chain of creation of versions, copies, drafts of the document from a blank sheet to its final version, including all sending to print; for each document determine its location, as well as who, where and when worked with it; record all user actions when working with a document; quickly identify attempts and facts of violation of the established regime of information protection and information security policy in the framework of confidential electronic document management; for each user, find the documents to which he has access, find out where, when and with which ones he worked; identify the location of all created drafts and
  • the system has fault tolerance and reliability, ensuring the work of the system’s personnel in the normal mode, as well as the operational recovery of failures. In the event of temporary hardware and software failures, the system provides recovery after a server reboot. Unavailability time - up to 5 minutes.
  • the system is compatible with MS Office (Word, Excel, Visio, PowerPoint, Access) RUS 2007, 2010, 2013, 2016.
  • the product is compatible with Windows XP (with Service Pack SP3 or later for the 32-bit version; 64-bit version); Windows XP Embedded (SP3 or later); Windows 7 (32/64-bit) Windows 7 Embedded Windows 8 (32/64-bit) Windows 10 (32/64-bit) Windows Server 2008 R2 (64-bit) Windows Server 2012 R2 (64-bit) Database - MS SQL Server 2008 or higher.
  • the system operates as follows.
  • the system interacts with Active Directory 6 via LDAP to retrieve user information.
  • Administration subsystem 2 interacts with mail server 7 to send notifications via SMTP.
  • settings are made for labels, user access to them, and system settings. This information is stored in the data storage subsystem 3.
  • Data processing subsystem 4 periodically polls data storage subsystem 3 for new or old settings to transfer settings to monitoring subsystem 5 and marking 1.
  • monitoring subsystem 5 requests information on settings from the subsystem data processing 4.
  • the marking subsystem 1 requests information about the label settings from the monitoring subsystem 5 for enable users to tag.
  • the monitoring subsystem 5 transfers the label information to the data processing subsystem 4 for subsequent storage in the data storage subsystem 4.
  • the data processing subsystem 4 upon request, transfers the label data to the monitoring subsystem 5 for monitoring user actions with confidential documents.
  • the monitoring subsystem 5 transmits the monitoring subsystem 5 to the data processing subsystem 4 for subsequent storage in the data storage subsystem 3.
  • Administration subsystem 5 periodically polls the data storage subsystem 3. When records are found that satisfy the conditions for generating an alert, administration subsystem 2 generates and sends notifications. User action logs are viewed through the administration subsystem 2.
  • Interaction with data storage subsystem 3 is carried out in accordance with SQL syntax.
  • the interaction of the monitoring subsystems 5 and data processing 4 is carried out by RPC.
  • the system is designed for continuous, daily work of users and operates either in a regular or in a service mode.
  • the main mode of operation of the system is the normal mode, in which all functions are supported.
  • the service mode the system as a whole, or its individual functions become inaccessible to users.
  • maintenance, reconfiguration, repair or restoration work in case of emergency, modernization and improvement of system components are carried out.
  • Authentication of administrators is carried out either by means of the administration subsystem 2 or Active Directory 6.
  • administration subsystem 2 administrators are authorized by means of the subsystem itself according to the data stored in the data storage subsystem 3.
  • Administration subsystem 2 provides access control differentiation in accordance with the role model.
  • the authorization of the monitoring subsystems 5 and marking 1 is performed using the data processing subsystem 4 itself using the data stored in the data storage subsystem 3.
  • Authorization in the data storage subsystem 3 of the administration subsystem 2 and data processing 4 is performed using the DBMS.
  • the action log is kept users: in the administration subsystem 2, events are being changed for the rights to labels to users or user groups; in the data storage subsystem 3, events of deleting / changing the log of user actions are recorded; in monitoring subsystem 5, copy events are recorded
  • Marking subsystem 1 allows you to put labels on documents in MS Office (Word, Excel, Visio, PowerPoint, Access), including versions 2007 (32-bit with SP3); 2010 (32/64-bit); 2013 (32/64-bit); 2016 (32/64-bit).
  • the ability to put down a label by selecting from the list of labels available to the user appears when a document is saved and is a required action.
  • the visual form of the label is applied to the document in the form of a footer, and the digital one is added to the file (structure) of the MS Office document in order to further control this file using DLP 14.
  • the label contains information about
  • Monitoring subsystem 5 when copying text from a document to another document, transfers the current label. Prevents third-party applications from opening and making changes to MS Office (Word, Excel, Visio, PowerPoint, Access). When you open a document with a label that exceeds the user's rights, a message is displayed to the user that this document is not available to him. Monitoring subsystem 5 captures and records document copy operations; copy text from a document to another
  • the data processing subsystem 4 processes the received data on user actions with confidential documents to store them in the data storage subsystem 3; transfers data on user access to tags from the data storage subsystem 3 to the marking subsystem 1; monitors the current connections of the marking subsystems 1 and monitoring 5 on users AWP; It controls the AWP of users for the installation of marking subsystems 1 and monitoring 5 on them.
  • Data storage subsystem 3 provides high-performance processing and storage of data on user actions.
  • Data storage subsystem 3 has the means to configure the information model, storage structure management tools; metadata repository management tools (description of the storage structure); the ability to export data; mechanisms for creating, executing and saving the results of arbitrary queries, samples.
  • Administration subsystem 2 consists of a labeling module, a system module, and a system module protection module.
  • the module for working with labels contains a submodule for setting labels, a submodule for alerts, a submodule for the label log.
  • the label settings submodule provides settings for label display; customization of visual label styles, customization of names and types of labels; setting up a user group and labels available to them with binding to AD; setting user access to tags: save the document with this tag, assign a tag to the document, remove the tag from the document, print the document with the tag, copy the document.
  • the half-module of notifications provides the setting of alerts for events associated with tags; processing user actions with confidential documents; generating and sending alerts; convenient interface for viewing events, including alarm mechanisms for unusual user actions, as well as custom filters.
  • the label log submodule displays a log of user actions to provide access to tags; Export to Excel user action logs the ability to upload a log of user actions in Excel. Data is exported to Excel 2007 and higher format (.xlsx). This function works for reports with the number of records no more than 1 million. When the journal is unloaded, the service information is added to Excel: program name and logo; set of filters used for output; file generation date and time; total number of entries; line numbering.
  • the system module consists of a submodule of system settings that allows you to make system settings; a submodule of centralized installations that displays statuses of the centralized installation of instances of client software on a PC; AWP status submodule that checks and displays AWP statuses in real time (online, offline); a submodule for monitoring client and server software licenses that works with licenses in terms of checking client and server software licenses, downloading licenses, activating licenses, creating events for a notification system about license expiration; a submodule for activating / deactivating the functionality of a system module that allows you to select software that requires the functionality of a system module (MS Office (Word, Excel, Visio, PowerPoint, Access), in which the marking subsystem 1 is involved; a submodule of the system event log that allows you to view and filter a log of system events such as internal errors of various nodes of the system module and loss of communication; a submodule for downloading and preparing updates, downloading and preparing updates for server and client software; a
  • the protection module of the system module consists of a submodule for configuring the protection of the system module that provides the settings necessary for the operation of OS Agents; Alerts submodule that provides notification settings for events related to user actions in the OS coming from the OS Agent, processing user actions with client software, generating and sending alerts, a convenient interface for viewing events, including alarm mechanisms about unusual user actions, as well as custom filters; a submodule of the security log of a system module that displays a log of illegal actions users in the OS, coming from the OS Agent, export to Excel user action logs. It is possible to upload a log of user actions in Excel.
  • the system is used as follows.
  • the system marks the created documents in MS Office. Each time a document is saved, the user is prompted to select one of the available tags, for example, confidentially, bank secrecy, secretly, without a tag, and only after selecting one of the tags the procedure of saving the file and closing the MS Office program is allowed. Otherwise, there is a refusal to save the file and a message stating that it is impossible to save the changes made.
  • the system marks in visual and digital form. When you open a document with a privacy label, information about whether the document has a privacy label is displayed.
  • the visual form of the privacy label is applied to the text document as text or a picture in the footer, and the digital form is added to the MS Office file (document structure) as a unique privacy label identifier (MarkerSID) in order to further control this file using DSS and third-party systems Type DLP 14, SIEM 13.
  • MarkerSID unique privacy label identifier
  • a digital privacy label contains a globally unique document ID, a globally unique parent document ID, privacy label level, privacy label name, image link, privacy label privileges, classification criteria, and visual style of the privacy label.
  • a message is displayed in the form of a window about the installed privacy label or its absence in the document. It also displays information on the current privacy label currently in the feed in the DSS tab in MS Office. Whenever you save a document or print a document, it will be denied until a privacy label is selected.
  • the module for working with privacy labels contains sections for setting privacy labels, a notification section, a registry of privacy labels.
  • the privacy label settings section provides:
  • the life cycle of a document tag with a tag is shown in FIG.
  • the system analyzes whether the document has a label. If the document contains a label, then when it is printed or output without changes, the marking does not change. The user can change the document label to the available label options. When saving a changed document containing a label, the system prompts the user to re-select a new label for the document or save the document with the current marking, depending on the nature of the changes made. If the user tries to save the current document as a new file, the system will necessarily issue a proposal to assign him a label from the available ones.
  • Records (logging) are subject to the date and time the document was created; Date and time the document was changed; User (author) ID; Workstation ID of the user (author); ID of the user who modified the document; Workstation ID of the user who changed the document; The originally assigned label Tag change history ID of the document. There is a local and centralized log.
  • the digital form of the document label contains information about the assigned label and document ID.
  • the system When you open a document that does not have tags, for example, when a document was received from another organization or opened for the first time after the implementation of the system, the system registers on the server information about opening a document without a tag, the path of the document, the user who opened the document, the workstation on which he open, domain, date, time and IP address. Methods of forming a label for a new document and a document without a label are shown in FIG. 4. When saving a new document or a document without a label, the system without fail prompts the user to select a label for the document. The label selection window is displayed (Fig. 43). The label and rights of use can be assigned by the owner of the document: author, owner information system, resource, head of the structural unit responsible for classification, information security administrator. The most correct label can be selected by the user. Recommended label selection can be suggested by the system
  • the classifier works when saving, but not when opening, a document and can be launched by pressing the "Analysis" button. When saving a document without a tag, the classifier can automatically put a tag.
  • a digital form of the label is also registered in the document, which the user cannot see or change. This document is printed on the same principle as preservation. Cannot print a document without selecting a label. This cannot be done either from the document itself or from the explorer. Information is sent to the database server 9 during printing, in
  • Tags allow you to differentiate user access to certain tags and, as a result, electronic documents inside MS Office. In this case, user access is assigned to tags, not documents.
  • the proposed label is displayed to the user and is not required, but if the user puts a label below the classifier, a notification about this event is sent to the database server 9.
  • the classifier which processes information automatically, is configured in the web interface and runs according to a schedule or manually. zo The classifier, which helps the user to select the desired label, is embedded in the client and works constantly. When investigating incidents, it is determined who exactly worked with this document, who opened it, edited, printed or copied to itself. All this can be done with the help of a physical document tree, allowing you to track the entire history.
  • the web interface provides the ability to authenticate administrators by delimiting access to information according to the level of access rights of a particular user according to the role model: the manager often has access to documents with all kinds of tags (open information, official, strategic decisions, trade secrets), while an accountant does not have access to strategic decisions, and administrators often have access only to open information.
  • the user gets the opportunity to work with the physical directory tree, taking into account the privacy settings.
  • the system affixes privacy labels to the created documents in MS Office (Word, Excel, Visio, PowerPoint).
  • Microsoft Windows can be installed: XP (with Service Pack SP3 or later for the 32-bit version); 7 (32/64-bit); 8 (32/64-bit); 8.1 (32/64-bit); 10 (32/64-bit).
  • Servers can be Microsoft Windows server: 2008 R2 (32/64-bit), 2012 (32/64-bit), 2012 R2 (32/64-bit), NET Framework: 3.5, 4.5; Microsoft SQL Server: 2008 R2; 2012, 2014.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Mining & Analysis (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention se rapporte au domaine de la protection des informations, concerne notamment des systèmes à base de marques de confidentialité, et peut être utilisée pour appliquer des marques de confidentialité sur des documents électroniques, ainsi que pour la gestion et le contrôle de tels documents. Le résultat technique consiste en une augmentation de la sécurité des informations des documents électroniques de Microsoft Office. L'invention concerne un système d'application de marque de confidentialité sur un document électronique, de gestion et de contrôle d'utilisation de documents électroniques confidentiels, lequel comprend un sous-système de marquage, un sous-système d'administration, un sous-système de stockage de données, un sous-système de traitement de données et un sous-système de surveillance. Le sous-système de marquage permet d'appliquer une marque sur un document électronique qui possède simultanément une forme visuelle et numérique, et d'ajuster les droits d'accès. Le sous-système d'administration permet de modifier l'ajustement de la marque. Le sous-système de stockage de données permet de stocker des données concernant la marque et les ajustements de la marque. Le sous-système de traitement de données permet d'interroger le sous-système de stockage de données d'ajustements de marque, et de transmettre les ajustements de marque au sous-système de surveillance et au sous-système de marquage. Le sous-système de surveillance permet de demander des données concernant les ajustements de la marque dans le sous-système de traitement de données, de présenter des données concernant les ajustements de la marque au sous-système de marquage, et d'envoyer des données concernant la marque au sous-système de traitement de données.
PCT/RU2017/000399 2017-01-25 2017-06-09 Système d'application de marque de confidentialité sur un document électronique WO2018139951A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
RU2017102333 2017-01-25
RU2017102333A RU2647643C1 (ru) 2017-01-25 2017-01-25 Система постановки метки конфиденциальности в электронном документе, учета и контроля работы с конфиденциальными электронными документами

Publications (1)

Publication Number Publication Date
WO2018139951A1 true WO2018139951A1 (fr) 2018-08-02

Family

ID=61629625

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/RU2017/000399 WO2018139951A1 (fr) 2017-01-25 2017-06-09 Système d'application de marque de confidentialité sur un document électronique

Country Status (2)

Country Link
RU (1) RU2647643C1 (fr)
WO (1) WO2018139951A1 (fr)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112329064A (zh) * 2020-11-11 2021-02-05 武汉辰亚科技有限公司 一种基于数字标记的电子文档安全管理系统及方法
CN113742295A (zh) * 2021-09-09 2021-12-03 珠海金山办公软件有限公司 业务数据的管理方法及装置、文档标签的管理方法及装置
CN114003952A (zh) * 2021-10-30 2022-02-01 杭州迪普科技股份有限公司 电子文档管理方法及系统

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
RU2699234C1 (ru) * 2018-08-08 2019-09-05 Общество с ограниченной ответственностью "Инновационные технологии" Способ обеспечения безопасного использования электронного документа
RU2759210C1 (ru) * 2020-09-01 2021-11-10 Общество с ограниченной ответственностью "Кросстех Солюшнс Групп" Система и способ защиты электронных документов, содержащих конфиденциальную информацию, от несанкционированного доступа
RU2768533C1 (ru) * 2021-04-01 2022-03-24 Публичное Акционерное Общество "Сбербанк России" (Пао Сбербанк) Способ и система защиты цифровой информации, отображаемой на мониторе, с помощью цифровых меток
WO2025005821A1 (fr) * 2023-06-29 2025-01-02 Общество с ограниченной ответственностью "Технологии Отраслевой Трансформации" Traitement et visualisation de données interdites à la transmission

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060126096A1 (en) * 2004-12-09 2006-06-15 Konica Minolta Business Technologies, Inc. Image processing method and image processing apparatus
US20120166353A1 (en) * 2010-12-22 2012-06-28 Xerox Corporation Enterprise classified document service

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7627638B1 (en) * 2004-12-20 2009-12-01 Google Inc. Verbal labels for electronic messages
US8515957B2 (en) * 2009-07-28 2013-08-20 Fti Consulting, Inc. System and method for displaying relationships between electronically stored information to provide classification suggestions via injection
RU2533061C1 (ru) * 2013-06-26 2014-11-20 Закрытое акционерное общество "Научно-производственное предприятие "Информационные технологии в бизнесе" Система контроля доступа к шифруемым создаваемым файлам
US9282215B2 (en) * 2014-02-25 2016-03-08 Xerox Corporation Security mark with copyable and non-copyable elements

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060126096A1 (en) * 2004-12-09 2006-06-15 Konica Minolta Business Technologies, Inc. Image processing method and image processing apparatus
US20120166353A1 (en) * 2010-12-22 2012-06-28 Xerox Corporation Enterprise classified document service

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112329064A (zh) * 2020-11-11 2021-02-05 武汉辰亚科技有限公司 一种基于数字标记的电子文档安全管理系统及方法
CN113742295A (zh) * 2021-09-09 2021-12-03 珠海金山办公软件有限公司 业务数据的管理方法及装置、文档标签的管理方法及装置
CN114003952A (zh) * 2021-10-30 2022-02-01 杭州迪普科技股份有限公司 电子文档管理方法及系统

Also Published As

Publication number Publication date
RU2647643C1 (ru) 2018-03-16

Similar Documents

Publication Publication Date Title
RU2647643C1 (ru) Система постановки метки конфиденциальности в электронном документе, учета и контроля работы с конфиденциальными электронными документами
US10754932B2 (en) Centralized consent management
US8490163B1 (en) Enforcing security policies across heterogeneous systems
US11138475B2 (en) Systems and methods for data protection
US10264022B2 (en) Information technology governance and controls methods and apparatuses
US8769605B2 (en) System and method for dynamically enforcing security policies on electronic files
US7401083B2 (en) Methods and systems for managing user access to computer software application programs
CA2553648C (fr) Chiffrement transparent adaptatif
US6829639B1 (en) Method and system for intelligent global event notification and control within a distributed computing environment
US20080301757A1 (en) Systems and methods for policy enforcement in electronic evidence management
US20070136814A1 (en) Critical function monitoring and compliance auditing system
US20020026507A1 (en) Browser proxy client application service provider (ASP) interface
US20080301471A1 (en) Systems and methods in electronic evidence management for creating and maintaining a chain of custody
RU2759210C1 (ru) Система и способ защиты электронных документов, содержащих конфиденциальную информацию, от несанкционированного доступа
US20120290544A1 (en) Data compliance management
US20080300900A1 (en) Systems and methods for distributed sequestration in electronic evidence management
US11418393B1 (en) Remediation of detected configuration violations
US20150207705A1 (en) Method for file activity monitoring
JP2006155535A (ja) 個人情報探索プログラム,個人情報管理システムおよび個人情報管理機能付き情報処理装置
CN101320415B (zh) 应用程序的控管系统与其方法
US20080301756A1 (en) Systems and methods for placing holds on enforcement of policies of electronic evidence management on captured electronic
US20210350024A1 (en) Providing transparency in private-user-data access
WO2010007990A1 (fr) Système de gestion de dispositif
Wilson Sharing securely within government: Best practices for facilitating interagency data science
CN113553554A (zh) 一种数据中台运维系统

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 17894009

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 13.12.2019

122 Ep: pct application non-entry in european phase

Ref document number: 17894009

Country of ref document: EP

Kind code of ref document: A1

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载