[go: up one dir, main page]

CN115310108A - Electronic document sharing control method and system based on data extraction - Google Patents

Electronic document sharing control method and system based on data extraction Download PDF

Info

Publication number
CN115310108A
CN115310108A CN202210976804.XA CN202210976804A CN115310108A CN 115310108 A CN115310108 A CN 115310108A CN 202210976804 A CN202210976804 A CN 202210976804A CN 115310108 A CN115310108 A CN 115310108A
Authority
CN
China
Prior art keywords
document
sharing request
sharing
content data
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210976804.XA
Other languages
Chinese (zh)
Other versions
CN115310108B (en
Inventor
不公告发明人
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Aerospace Network Security Technology Shenzhen Co ltd
Original Assignee
Aerospace Network Security Technology Shenzhen Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Aerospace Network Security Technology Shenzhen Co ltd filed Critical Aerospace Network Security Technology Shenzhen Co ltd
Priority to CN202210976804.XA priority Critical patent/CN115310108B/en
Publication of CN115310108A publication Critical patent/CN115310108A/en
Application granted granted Critical
Publication of CN115310108B publication Critical patent/CN115310108B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
  • Document Processing Apparatus (AREA)

Abstract

The invention relates to an electronic document sharing control method and system based on data extraction, which are characterized in that a source document is independently processed to generate content data only retaining specific information of the document, and a feedback mode corresponding to an authentication tag judgment request is used, and the content data of a specified electronic document can be shared to a specified resource user in multiple display modes by controlling service scenes that the use permission of the content data of the electronic document and an original electronic document meets different requirements, so that the electronic document used for sharing is prevented from being abused maliciously by the resource user, the safe and convenient sharing and exchange utilization of electronic document resources are realized, and the supervision capability of a resource supervisor is enhanced.

Description

一种基于数据提取的电子文档共享控制方法及系统A method and system for electronic document sharing control based on data extraction

技术领域technical field

本发明涉及电子文档数据共享安全处理技术领域,尤其涉及一种基于数据提取的电子文档共享控制方法及系统。The invention relates to the technical field of electronic document data sharing security processing, in particular to a data extraction-based electronic document sharing control method and system.

背景技术Background technique

电子文档作为数据资源被合理高效共享和快速交换使用已经成为有效支撑跨部门、跨单位、跨系统之间业务工作运转不可或缺的组成部分。大多数情况下,特定电子文档资源通常权属于不同部门或单位,并存储在不同应用服务节点,使用者需要调用电子文档资源时,即成为各个应用服务节点的用户,然后可以根据业务操作需要对电子文档进行访问和使用。As a data resource, the rational and efficient sharing and rapid exchange of electronic documents has become an indispensable part of effectively supporting the operation of cross-department, cross-unit, and cross-system business operations. In most cases, specific electronic document resources usually belong to different departments or units and are stored in different application service nodes. When users need to call electronic document resources, they become users of each application service node, and then they can modify the resources according to business operations. Access and use electronic documents.

在实际操作中,为保证电子文档作为数据资源被共享和交换利用,资源提供者通过应用服务系统为本节点中的电子文档资源明确共享范围,并共享给资源使用者。这种使用方式下,资源使用者在获得共享授权后,便可以获取原版电子文档,导致电子文档存在被滥用的潜在风险。通常情况下,资源使用者实际只需要利用电子文档的内容数据,而原版电子文档一方面包含原文件全部特征超出一般资源使用者的业务需求,另一方面原版电子文档通常具有凭证化属性,即原版电子文档本身可以作为正式电子文档重复多次使用。因此,常规共享原版电子文档方式大大增加电子文档资源被资源使用者滥用的风险,同时给资源监督者带来了共享和交换等利用行为监管的困难。In actual operation, in order to ensure that electronic documents are shared and exchanged as data resources, the resource provider defines the sharing scope for the electronic document resources in this node through the application service system, and shares them with resource users. In this way of use, resource users can obtain the original electronic documents after obtaining the sharing authorization, which leads to the potential risk of electronic documents being misused. Under normal circumstances, resource users only need to use the content data of electronic documents. On the one hand, the original electronic documents contain all the characteristics of the original documents beyond the business needs of general resource users. On the other hand, the original electronic documents usually have the attribute of credentialing. The original electronic document itself can be used repeatedly as an official electronic document. Therefore, the conventional method of sharing original electronic documents greatly increases the risk of electronic document resources being abused by resource users, and at the same time brings difficulties to resource supervisors in the supervision of utilization behaviors such as sharing and exchange.

现有技术下针对该问题给出了一些数据共享的安全机制解决方案,但主要是从加密数据角度出发,利用对称加密或非对称加密算法,对被共享的数据进行加密共享,对应解密后进行利用。此种方式在数据共享过程中往往是以损失共享利用的便捷性为代价实现,另一方面,这类方法也不能针对性解决只需要内容数据而不需要原版电子文档的大多数应用场景需求。Some security mechanism solutions for data sharing have been proposed in the prior art, but mainly from the perspective of encrypted data, using symmetric encryption or asymmetric encryption algorithm to encrypt and share the shared data, corresponding to decryption use. This method is often implemented at the cost of losing the convenience of sharing and utilization in the process of data sharing. On the other hand, this method cannot specifically solve the needs of most application scenarios that only require content data and do not require original electronic documents.

由此,如何即安全便捷的在资源提供者与资源使用者之间共享和交换电子文档资源,又便于资源监督者进行利用行为监管是亟待解决的问题。Therefore, how to share and exchange electronic document resources between resource providers and resource users safely and conveniently, and facilitate resource supervisors to monitor utilization behavior is an urgent problem to be solved.

发明内容Contents of the invention

为解决现有技术的不足,本发明提出一种基于数据提取的电子文档共享控制方法及系统,通过管控电子文档的内容数据与原版电子文档使用权限满足不同需求的业务场景,可以将指定的电子文档的内容数据以多种展现方式共享给指定的资源使用者,从而避免用来共享的电子文档被资源使用者恶意滥用,实现电子文档资源安全且便捷的共享和交换利用,加强资源监督者的监管能力。数据使用者只需要内容数据即可满足利用需求的应用场景,此时数据提供者只需要共享电子文档的内容数据;2)数据使用者需要原版电子文档方可满足利用需求的应用场景,此时资源使用者需按照原版电子文档使用方法申请使用权限,资源提供者对使用需求进行自动审核或手动后,资源使用者才能获取原版电子文档。In order to solve the shortcomings of the existing technology, the present invention proposes a method and system for electronic document sharing control based on data extraction. By controlling the content data of electronic documents and the use rights of original electronic documents to meet different business scenarios, the designated electronic documents can be The content data of the document is shared with designated resource users in various ways, so as to prevent the shared electronic document from being maliciously abused by the resource user, realize safe and convenient sharing and exchange of electronic document resources, and strengthen the supervision of resource supervisors. regulatory capacity. Data users only need content data to meet the application scenarios of utilization requirements. At this time, data providers only need to share the content data of electronic documents; 2) Data users need original electronic documents to meet the application scenarios of utilization requirements. At this time Resource users need to apply for usage rights according to the original electronic document usage method, and resource users can only obtain original electronic documents after the resource provider conducts automatic or manual review of the usage requirements.

为实现以上目的,本发明所采用的技术方案包括:For realizing the above object, the technical scheme adopted in the present invention comprises:

一种基于数据提取的电子文档共享控制方法,其特征在于,包括:A method for controlling electronic document sharing based on data extraction, characterized in that it includes:

S1、获取待处理的源文档,制作对应源文档的处理副本;S1. Obtain the source document to be processed, and make a processed copy of the corresponding source document;

S2、使用处理副本执行数据提取操作,得到对应源文档的内容数据;S2. Using the processed copy to perform a data extraction operation to obtain content data corresponding to the source document;

S3、建立对应源文档和相匹配内容数据的认证标签,所述认证标签包括文档访问权限控制项、源文档反馈控制项和文档访问记录项;S3. Establishing an authentication label corresponding to the source document and matching content data, the authentication label including document access control items, source document feedback control items, and document access record items;

S4、依据共享请求匹配认证标签,判断共享请求是否满足文档访问权限控制项,当判断共享请求不满足文档访问权限控制项时,拒绝反馈共享请求并将共享请求信息记录在文档访问记录项;S4. Match the authentication label according to the sharing request, judge whether the sharing request satisfies the document access control item, and when it is judged that the sharing request does not meet the document access control item, refuse to feed back the sharing request and record the sharing request information in the document access record item;

S5、当判断共享请求满足文档访问权限控制项时,进一步判断共享请求是否满足源文档反馈控制项,当判断共享请求不满足源文档反馈控制项时,使用内容数据反馈共享请求,并将共享请求信息记录在文档访问记录项;S5. When it is judged that the sharing request satisfies the document access control item, further judge whether the sharing request satisfies the source document feedback control item, and when it is judged that the sharing request does not satisfy the source document feedback control item, use the content data to feed back the sharing request, and send the sharing request The information is recorded in the document access record item;

S6、当判断共享请求满足源文档反馈控制项时,使用源文档反馈共享请求,并将共享请求信息记录在文档访问记录项。S6. When it is determined that the sharing request satisfies the source document feedback control item, use the source document to feed back the sharing request, and record the sharing request information in the document access record item.

进一步地,所述方法还包括:Further, the method also includes:

S7、调取文档访问记录项,对应调整文档访问权限控制项和源文档反馈控制项。S7. The document access record item is retrieved, and the document access authority control item and the source document feedback control item are correspondingly adjusted.

进一步地,所述步骤S2包括:Further, the step S2 includes:

S21、依据预设的清洗规则对处理副本进行数据清洗;S21. Perform data cleaning on the processing copy according to preset cleaning rules;

S22、依据预设格式将处理副本转换为标准副本;S22. Convert the processed copy into a standard copy according to the preset format;

S23、提取标准副本中的内容数据,所述内容数据包括正文数据、语义树和属性信息;S23. Extract content data in the standard copy, where the content data includes text data, semantic tree and attribute information;

S24、使用语义树修正正文数据,并将修正后的内容数据采集保存入数据库。S24. Use the semantic tree to correct the text data, and collect and store the corrected content data into the database.

进一步地,所述源文档和处理副本分别保存在相互独立的不同数据库内。Further, the source document and the processed copy are respectively stored in different databases independent of each other.

进一步地,所述文档访问权限控制项包括用户身份认证、文档级别和文档访问授权机制。Further, the document access authority control item includes user identity authentication, document level and document access authorization mechanism.

进一步地,所述源文档反馈控制项包括文档共享方式、文档共享范围和文档数据权属。Further, the source document feedback control items include document sharing mode, document sharing scope and document data ownership.

本发明还涉及一种基于数据提取的电子文档共享控制系统,其特征在于,包括:The present invention also relates to an electronic document sharing control system based on data extraction, which is characterized in that it includes:

副本处理模块,用于制作对应源文档的处理副本并执行数据提取操作,得到对应源文档的内容数据;A copy processing module, configured to make a processed copy of the corresponding source document and perform a data extraction operation to obtain content data of the corresponding source document;

标签管理模块,用于建立并修改对应源文档和相匹配内容数据的认证标签;A tag management module, configured to establish and modify authentication tags corresponding to source documents and matching content data;

第一判断模块,用于判断共享请求是否满足文档访问权限控制项;A first judging module, configured to judge whether the sharing request satisfies the document access control item;

第二判断模块,用于判断共享请求是否满足源文档反馈控制项;The second judging module is used to judge whether the sharing request satisfies the source document feedback control item;

反馈执行模块,用于反馈共享请求,并将共享请求信息记录在文档访问记录项。The feedback execution module is used to feed back the sharing request, and record the sharing request information in the document access record item.

本发明还涉及一种计算机可读存储介质,其特征在于,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现上述的方法。The present invention also relates to a computer-readable storage medium, which is characterized in that a computer program is stored on the storage medium, and the above-mentioned method is realized when the computer program is executed by a processor.

本发明还涉及一种电子设备,其特征在于,包括处理器和存储器;The present invention also relates to an electronic device, which is characterized in that it includes a processor and a memory;

所述存储器,用于存储源文档、内容数据和认证标签;The memory is used to store source documents, content data and authentication labels;

所述处理器,用于通过调用源文档、内容数据和认证标签,执行上述的方法。The processor is configured to execute the above method by invoking the source document, the content data and the authentication label.

本发明还涉及一种计算机程序产品,包括计算机程序和/或指令,其特征在于,该计算机程序和/或指令被处理器执行时实现上述方法的步骤。The present invention also relates to a computer program product, including computer programs and/or instructions, characterized in that, when the computer programs and/or instructions are executed by a processor, the steps of the above method are implemented.

本发明的有益效果为:The beneficial effects of the present invention are:

采用本发明所述基于数据提取的电子文档共享控制方法及系统,通过管控电子文档的内容数据与原版电子文档使用权限满足不同需求的业务场景,可以将指定的电子文档的内容数据以多种展现方式共享给指定的资源使用者,从而避免用来共享的电子文档被资源使用者恶意滥用,实现电子文档资源安全且便捷的共享和交换利用,加强资源监督者的监管能力,特别适用于数据使用者只需要内容数据即可满足利用需求的应用场景,同时也可以通过额外申请使用权限满足数据使用者需要原版电子文档利用需求的应用场景。By adopting the electronic document sharing control method and system based on data extraction described in the present invention, the content data of the specified electronic document can be displayed in various forms by controlling the content data of the electronic document and the original version of the electronic document to meet different business scenarios. Shared to designated resource users in a way, so as to prevent the electronic documents used for sharing from being maliciously abused by resource users, realize safe and convenient sharing and exchange of electronic document resources, and strengthen the supervision ability of resource supervisors, especially suitable for data use The application scenario where the user only needs the content data to meet the utilization requirements, and at the same time, the application scenario where the data user needs to use the original electronic document can also be satisfied by applying for additional usage permissions.

附图说明Description of drawings

图1为本发明基于数据提取的电子文档共享控制方法流程示意图。FIG. 1 is a schematic flow chart of the electronic document sharing control method based on data extraction in the present invention.

图2为本发明基于数据提取的电子文档共享控制系统结构示意图。FIG. 2 is a schematic structural diagram of the electronic document sharing control system based on data extraction in the present invention.

具体实施方式Detailed ways

为了更清楚的理解本发明的内容,将结合附图和实施例详细说明。In order to understand the content of the present invention more clearly, it will be described in detail with reference to the drawings and embodiments.

本发明第一方面涉及一种步骤流程如图1所示的基于数据提取的电子文档共享控制方法,包括:The first aspect of the present invention relates to a method for controlling electronic document sharing based on data extraction as shown in FIG. 1 , including:

S1、获取待处理的源文档,制作对应源文档的处理副本。S1. Obtain a source document to be processed, and make a processed copy of the corresponding source document.

优选的,源文档和处理副本分别保存在相互独立的不同数据库内。Preferably, the source document and the processed copy are respectively stored in different databases independent of each other.

在执行中,根据不同的数据来源情况,可以通过手动采集或接口推送的方式,得到待入库的原始电子文档及其属性信息,并优选的对待入库相关数据进行数据审核,审查成功的存储至原始库。对于采用手动采集的,对存储在本地磁盘的电子文档,及纸质文件电子化后的电子文档,以手动录入的方式,将电子文档上传至数据层的原始库;使用接口推送时,第三方业务系统产生的电子文档,以接口服务的方式,将电子文档推送至数据层的原始库。During execution, according to different data sources, the original electronic documents to be stored and their attribute information can be obtained through manual collection or interface push, and the relevant data to be stored is preferably reviewed for data review and successful storage. to the original library. For manual collection, the electronic documents stored on the local disk and the electronic documents after paper documents are electronically uploaded to the original library of the data layer by manual entry; when using the interface to push, the third party The electronic documents generated by the business system are pushed to the original library of the data layer in the form of interface services.

S2、使用处理副本执行数据提取操作,得到对应源文档的内容数据。具体的,包括执行以下分步骤:S21、依据预设的清洗规则对处理副本进行数据清洗;S2. Execute a data extraction operation using the processed copy to obtain content data corresponding to the source document. Specifically, it includes performing the following sub-steps: S21. Perform data cleaning on the processing copy according to the preset cleaning rules;

S22、依据预设格式将处理副本转换为标准副本;S23、提取标准副本中的内容数据,所述内容数据包括正文数据、语义树和属性信息;S24、使用语义树修正正文数据,并将修正后的内容数据采集保存入数据库。S22, convert the processed copy into a standard copy according to the preset format; S23, extract the content data in the standard copy, the content data includes text data, semantic tree and attribute information; S24, use the semantic tree to modify the text data, and modify The final content data is collected and stored in the database.

S3、建立对应源文档和相匹配内容数据的认证标签,所述认证标签包括文档访问权限控制项、源文档反馈控制项和文档访问记录项。其中,文档访问权限控制项包括用户身份认证、文档级别和文档访问授权机制;源文档反馈控制项包括文档共享方式、文档共享范围和文档数据权属。S3. Establish an authentication tag corresponding to the source document and the matching content data, where the authentication tag includes a document access authority control item, a source document feedback control item, and a document access record item. Among them, the document access authority control items include user identity authentication, document level and document access authorization mechanism; the source document feedback control items include document sharing method, document sharing scope and document data ownership.

根据电子文档特征,如数据权属、保密要求等属性,设置文档共享方式、共享范围、共享授权等。共享方式默认共享的是内容数据,而不是原版电子文档,此时,数据使用者,在查阅内容数据时,可以根据需要对所需部分内容进行拷贝,或全文拷贝,或下载。共享方式也可以是有条件共享,进一步指定共享内容数据范围,也可以对内容数据,根据数据模板对内容数据进行分段或分页等更进一步设置共享授权。According to the characteristics of electronic documents, such as data ownership, confidentiality requirements and other attributes, set the document sharing method, sharing scope, sharing authorization, etc. The sharing method defaults to sharing the content data instead of the original electronic document. At this time, when the data user consults the content data, he can copy the required part of the content, or copy the full text, or download it. The sharing method can also be conditional sharing, which further specifies the scope of the shared content data, and can further set the sharing authorization for the content data, such as segmenting or paging the content data according to the data template.

S4、依据共享请求匹配认证标签,判断共享请求是否满足文档访问权限控制项,当判断共享请求不满足文档访问权限控制项时,拒绝反馈共享请求并将共享请求信息记录在文档访问记录项。S4. Match the authentication label according to the sharing request, judge whether the sharing request satisfies the document access control item, and when it is judged that the sharing request does not meet the document access control item, refuse to feed back the sharing request and record the sharing request information in the document access record item.

优选的,资源使用者,在使用共享数据时,如果需要使用原版电子文档,则需要提交原始文档使用申请。电子文档权属部门(即资源提供者)作为审批者,对原始电子文档使用申请进行审批,审批通过后,原版电子文档被交换到资源使用者,可以对原版电子文档进行浏览、或下载。同时,这些使用和申请的行为数据,都会被数据监管系统记录。Preferably, resource users need to submit an application for using the original document if they need to use the original electronic document when using the shared data. As the approver, the electronic document ownership department (that is, the resource provider) approves the application for the use of the original electronic document. After the approval, the original electronic document is exchanged to the resource user, who can browse or download the original electronic document. At the same time, these usage and application behavior data will be recorded by the data supervision system.

具体的匹配判断过程,可以采用任何适用的现有技术实现,例如可以采用基于数字证书和公钥体系,实现资源使用者和资源提供者之间的身份认证。The specific matching judgment process can be realized by using any applicable existing technology, for example, a system based on digital certificates and public keys can be used to realize identity authentication between resource users and resource providers.

S5、当判断共享请求满足文档访问权限控制项时,进一步判断共享请求是否满足源文档反馈控制项,当判断共享请求不满足源文档反馈控制项时,使用内容数据反馈共享请求,并将共享请求信息记录在文档访问记录项。S5. When it is judged that the sharing request satisfies the document access control item, further judge whether the sharing request satisfies the source document feedback control item, and when it is judged that the sharing request does not satisfy the source document feedback control item, use the content data to feed back the sharing request, and send the sharing request The information is recorded in the document access record entry.

电子文档的数据共享共享方法,为电子文档数据资源提供分级共享授权机制,即根据电子文档内容确定文档级别、使用范围等;资源提供者在进行电子文档入库时,同步提供该电子文档的共享授权相关内容;资源管控服务维护资源使用者和资源提供者的身份认证信息,及所能被共享授权的范围或级别。The data sharing and sharing method of electronic documents provides a hierarchical sharing authorization mechanism for electronic document data resources, that is, determines the document level, scope of use, etc. according to the content of the electronic document; when the resource provider enters the electronic document into the warehouse, it simultaneously provides the sharing of the electronic document Authorization-related content; the resource management and control service maintains the identity authentication information of resource users and resource providers, and the scope or level of authorization that can be shared.

S6、当判断共享请求满足源文档反馈控制项时,使用源文档反馈共享请求,并将共享请求信息记录在文档访问记录项。S6. When it is determined that the sharing request satisfies the source document feedback control item, use the source document to feed back the sharing request, and record the sharing request information in the document access record item.

具体的,当资源使用者使用电子文档需要申请共享授权时,资源使用者的身份认证信息自动发送给资源提供者所在服务节点;资源提供者所在服务节点收到共享授权申请,调用资源管控服务的共享授权验证服务,验证内容包括资源提供者的身份真实性、申请使用时间周期、电子文档资源授权范围与资源提供者的匹配性等,并返回验证结果;若验证成功,则资源提供者所在服务节点将被申请的电子文档资源推送给资源使用者所在服务节点,并在超出所申请使用时间周期后,自动回收该电子文档;若验证失败,则返回失败原因,并终止共享。Specifically, when a resource user needs to apply for a sharing authorization to use an electronic document, the identity authentication information of the resource user is automatically sent to the service node where the resource provider is located; the service node where the resource provider is located receives the sharing authorization application, and calls the resource management and control service Shared authorization verification service, the verification content includes the authenticity of the identity of the resource provider, the application time period, the matching of the electronic document resource authorization scope and the resource provider, etc., and returns the verification result; if the verification is successful, the resource provider's service The node pushes the requested electronic document resource to the service node where the resource user is located, and automatically recycles the electronic document after the requested usage time period is exceeded; if the verification fails, the failure reason is returned and the sharing is terminated.

S7、调取文档访问记录项,对应调整文档访问权限控制项和源文档反馈控制项。S7. The document access record item is retrieved, and the document access authority control item and the source document feedback control item are correspondingly adjusted.

通过应用上述方法实现电子文档共享过程中,一般文档使用者无法获取原版电子文档,只是将内容数据附在给定的数据模板上进行共享浏览等利用;如果文档使用者需要浏览或下载原版电子文档,需要满足严格的身份认证等条件,并由电子文档权属者对申请信息进行审核后,电子文档资源使用者方可获取原版电子文档。In the process of sharing electronic documents by applying the above method, ordinary document users cannot obtain the original electronic documents, but only attach the content data to the given data template for sharing and browsing; if the document users need to browse or download the original electronic documents , need to meet strict identity authentication and other conditions, and the electronic document resource user can obtain the original electronic document only after the electronic document owner reviews the application information.

原版电子文档使用申请的自动审核机制,传统是对申请要人工手动审核通过,本文是结合数字证书和密码技术进行自动审核。具体为:电子文档权属者所在节点A,电子文档使用者所在节点B,两个节点要彼此做身份信任对接,后续申请某个文档,根据身份信任关系,系统自动审核通过。信任关系机制,是完成申请需求自动审核的关键机制,将申请者的身份信任纳入文档共享信任群组进行动态统一管理,根据管理需求进行实施维护(增加、移除、暂停、拉黑等)。The original electronic document uses the automatic review mechanism of the application. Traditionally, the application needs to be manually reviewed and approved. This article combines digital certificates and encryption technology for automatic review. Specifically: node A where the owner of the electronic document is located, and node B where the user of the electronic document is located. The two nodes need to connect with each other through identity trust. Subsequent applications for a certain document will be automatically approved by the system according to the identity trust relationship. The trust relationship mechanism is the key mechanism to complete the automatic review of application requirements. It incorporates the applicant's identity trust into the document sharing trust group for dynamic unified management, and implements maintenance (addition, removal, suspension, blocking, etc.) according to management requirements.

本发明另一方面还涉及一种基于数据提取的电子文档共享控制系统,其结构如图2所示,包括:Another aspect of the present invention also relates to an electronic document sharing control system based on data extraction, its structure is shown in Figure 2, including:

副本处理模块,用于制作对应源文档的处理副本并执行数据提取操作,得到对应源文档的内容数据;A copy processing module, configured to make a processed copy of the corresponding source document and perform a data extraction operation to obtain content data of the corresponding source document;

标签管理模块,用于建立并修改对应源文档和相匹配内容数据的认证标签;A tag management module, configured to establish and modify authentication tags corresponding to source documents and matching content data;

第一判断模块,用于判断共享请求是否满足文档访问权限控制项;A first judging module, configured to judge whether the sharing request satisfies the document access control item;

第二判断模块,用于判断共享请求是否满足源文档反馈控制项;The second judging module is used to judge whether the sharing request satisfies the source document feedback control item;

反馈执行模块,用于反馈共享请求,并将共享请求信息记录在文档访问记录项。The feedback execution module is used to feed back the sharing request, and record the sharing request information in the document access record item.

通过使用该系统,能够执行上述的运算处理方法并实现对应的技术效果。By using the system, it is possible to execute the above-mentioned arithmetic processing method and achieve corresponding technical effects.

本发明的实施例还提供能够实现上述实施例中的方法中全部步骤的一种计算机可读存储介质,所述计算机可读存储介质上存储有计算机程序,该计算机程序被处理器执行时实现上述实施例中的方法的全部步骤。Embodiments of the present invention also provide a computer-readable storage medium capable of implementing all the steps in the methods in the above-mentioned embodiments, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the above-mentioned All steps of the method in the embodiment.

本发明的实施例还提供一种用于执行上述方法的电子设备,作为该方法的实现装置,所述电子设备至少具备有处理器和存储器,特别是该存储器上存储有执行方法所需的数据和相关的计算机程序,例如源文档、内容数据和认证标签等,并通过由处理器调用存储器中的数据、程序执行实现方法的全部步骤,并获得对应的技术效果。An embodiment of the present invention also provides an electronic device for performing the above method. As an implementation device of the method, the electronic device is at least equipped with a processor and a memory, and in particular, the memory stores data required for executing the method. and related computer programs, such as source documents, content data and authentication labels, etc., and all the steps of the method are realized by the processor calling the data in the memory, and the program is executed, and corresponding technical effects are obtained.

优选的,该电子设备可以包含有总线架构,总线可以包括任意数量的互联的总线和桥,总线将包括由一个或多个处理器和存储器的各种电路链接在一起。总线还可以将诸如外围设备、稳压器和功率管理电路等之类的各种其他电路链接在一起,这些都是本领域所公知的,因此,本文不再对其进行进一步描述。总线接口在总线和接收器和发送器之间提供接口。接收器和发送器可以是同一个元件,即收发机,提供用于在传输介质上与各种其他系统通信的单元。处理器负责管理总线和通常的处理,而存储器可以被用于存储处理器在执行操作时所使用的数据。Preferably, the electronic device may include a bus architecture, and the bus may include any number of interconnected buses and bridges, and the bus may link together various circuits including one or more processors and memories. The bus may also link together various other circuits such as peripherals, voltage regulators, and power management circuits, all of which are well known in the art and therefore will not be further described herein. The bus interface provides the interface between the bus and the receiver and transmitter. The receiver and transmitter can be the same element, a transceiver, providing means for communicating with various other systems over a transmission medium. The processor is responsible for managing the bus and general processing, while memory may be used to store data that the processor uses when performing operations.

额外的,所述电子设备还可以进一步包括通信模块、输入单元、音频处理器、显示器、电源等部件。其所采用的处理器(或称为控制器、操作控件)可以包括微处理器或其他处理器装置和/或逻辑装置,该处理器接收输入并控制电子设备的各个部件的操作;存储器可以是缓存器、闪存、硬驱、可移动介质、易失性存储器、非易失性存储器或其它合适装置中的一种或更多种,可储存上述有关的数据信息,此外还可存储执行有关信息的程序,并且处理器可执行该存储器存储的该程序,以实现信息存储或处理等;输入单元用于向处理器提供输入,例如可以为按键或触摸输入装置;电源用于向电子设备提供电力;显示器用于进行图像和文字等显示对象的显示,例如可为LCD显示器。通信模块即为经由天线发送和接收信号的发送机/接收机。通信模块(发送机/接收机)耦合到处理器,以提供输入信号和接收输出信号,这可以和常规移动通信终端的情况相同。基于不同的通信技术,在同一电子设备中,可以设置有多个通信模块,如蜂窝网络模块、蓝牙模块和/或无线局域网模块等。通信模块(发送机/接收机)还经由音频处理器耦合到扬声器和麦克风,以经由扬声器提供音频输出,并接收来自麦克风的音频输入,从而实现通常的电信功能。音频处理器可以包括任何合适的缓冲器、解码器、放大器等。另外,音频处理器还耦合到中央处理器,从而使得可以通过麦克风能够在本机上录音,且使得可以通过扬声器来播放本机上存储的声音。Additionally, the electronic device may further include components such as a communication module, an input unit, an audio processor, a display, and a power supply. The processor (or called controller, operation control) adopted by it may include a microprocessor or other processor devices and/or logic devices, which receive input and control the operation of various components of the electronic equipment; the memory may be One or more of buffer memory, flash memory, hard drive, removable media, volatile memory, non-volatile memory or other suitable devices, which can store the above-mentioned relevant data information, and can also store execution-related information program, and the processor can execute the program stored in the memory to realize information storage or processing, etc.; the input unit is used to provide input to the processor, such as a button or a touch input device; the power supply is used to provide power to electronic equipment ; The display is used for displaying display objects such as images and text, for example, it may be an LCD display. A communication module is a transmitter/receiver that sends and receives signals via an antenna. A communication module (transmitter/receiver) is coupled to the processor to provide input signals and receive output signals, which may be the same as in conventional mobile communication terminals. Based on different communication technologies, multiple communication modules, such as a cellular network module, a bluetooth module and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) is also coupled to a speaker and a microphone via an audio processor to provide audio output via the speaker and receive audio input from the microphone for usual telecommunication functions. Audio processors may include any suitable buffers, decoders, amplifiers, etc. In addition, the audio processor is also coupled to the central processing unit, so that the recording on the machine can be made through the microphone, and the sound stored on the machine can be played through the speaker.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art should understand that the embodiments of the present invention may be provided as methods, systems, or computer program products. Accordingly, the present invention can take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的系统。The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each procedure and/or block in the flowchart and/or block diagram, and a combination of procedures and/or blocks in the flowchart and/or block diagram can be realized by computer program instructions. These computer program instructions may be provided to a general purpose computer, special purpose computer, embedded processor, or processor of other programmable data processing equipment to produce a machine such that the instructions executed by the processor of the computer or other programmable data processing equipment produce a A system for realizing the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令系统的制造品,该指令系统实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory capable of directing a computer or other programmable data processing device to operate in a specific manner, such that the instructions stored in the computer-readable memory produce an article of manufacture comprising a system of instructions, the The system implements the functions specified in one or more procedures of the flowchart and/or one or more blocks of the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。尽管已描述了本发明的优选实施例,但本领域内的技术人员一旦得知了基本创造性概念,则可对这些实施例做出另外的变更和修改。所以,所附权利要求意欲解释为包括优选实施例以及落入本发明范围的所有变更和修改。These computer program instructions can also be loaded onto a computer or other programmable data processing device, causing a series of operational steps to be performed on the computer or other programmable device to produce a computer-implemented process, thereby The instructions provide steps for implementing the functions specified in the flow chart or blocks of the flowchart and/or the block or blocks of the block diagrams. While preferred embodiments of the present invention have been described, additional changes and modifications can be made to these embodiments by those skilled in the art once the basic inventive concept is appreciated. Therefore, it is intended that the appended claims be construed to cover the preferred embodiment as well as all changes and modifications which fall within the scope of the invention.

以上所述仅为本发明较佳的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到的变化或替换等都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应该以权利要求书的保护范围为准。The above description is only a preferred embodiment of the present invention, but the scope of protection of the present invention is not limited thereto, any changes or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention etc. should be covered within the protection scope of the present invention. Therefore, the protection scope of the present invention should be determined by the protection scope of the claims.

Claims (10)

1.一种基于数据提取的电子文档共享控制方法,其特征在于,包括:1. An electronic document sharing control method based on data extraction, characterized in that, comprising: S1、获取待处理的源文档,制作对应源文档的处理副本;S1. Obtain the source document to be processed, and make a processed copy of the corresponding source document; S2、使用处理副本执行数据提取操作,得到对应源文档的内容数据;S2. Using the processed copy to perform a data extraction operation to obtain content data corresponding to the source document; S3、建立对应源文档和相匹配内容数据的认证标签,所述认证标签包括文档访问权限控制项、源文档反馈控制项和文档访问记录项;S3. Establishing an authentication label corresponding to the source document and matching content data, the authentication label including document access control items, source document feedback control items, and document access record items; S4、依据共享请求匹配认证标签,判断共享请求是否满足文档访问权限控制项,当判断共享请求不满足文档访问权限控制项时,拒绝反馈共享请求并将共享请求信息记录在文档访问记录项;S4. Match the authentication label according to the sharing request, judge whether the sharing request satisfies the document access control item, and when it is judged that the sharing request does not meet the document access control item, refuse to feed back the sharing request and record the sharing request information in the document access record item; S5、当判断共享请求满足文档访问权限控制项时,进一步判断共享请求是否满足源文档反馈控制项,当判断共享请求不满足源文档反馈控制项时,使用内容数据反馈共享请求,并将共享请求信息记录在文档访问记录项;S5. When it is judged that the sharing request satisfies the document access control item, further judge whether the sharing request satisfies the source document feedback control item, and when it is judged that the sharing request does not satisfy the source document feedback control item, use the content data to feed back the sharing request, and send the sharing request The information is recorded in the document access record item; S6、当判断共享请求满足源文档反馈控制项时,使用源文档反馈共享请求,并将共享请求信息记录在文档访问记录项。S6. When it is determined that the sharing request satisfies the source document feedback control item, use the source document to feed back the sharing request, and record the sharing request information in the document access record item. 2.如权利要求1所述的方法,其特征在于,所述方法还包括:2. The method of claim 1, further comprising: S7、调取文档访问记录项,对应调整文档访问权限控制项和源文档反馈控制项。S7. The document access record item is retrieved, and the document access authority control item and the source document feedback control item are correspondingly adjusted. 3.如权利要求1所述的方法,其特征在于,所述步骤S2包括:3. The method according to claim 1, wherein said step S2 comprises: S21、依据预设的清洗规则对处理副本进行数据清洗;S21. Perform data cleaning on the processing copy according to preset cleaning rules; S22、依据预设格式将处理副本转换为标准副本;S22. Convert the processed copy into a standard copy according to the preset format; S23、提取标准副本中的内容数据,所述内容数据包括正文数据、语义树和属性信息;S23. Extract content data in the standard copy, where the content data includes text data, semantic tree and attribute information; S24、使用语义树修正正文数据,并将修正后的内容数据采集保存入数据库。S24. Use the semantic tree to correct the text data, and collect and store the corrected content data into the database. 4.如权利要求1所述的方法,其特征在于,所述源文档和处理副本分别保存在相互独立的不同数据库内。4. The method according to claim 1, wherein the source document and the processed copy are respectively stored in different databases independent of each other. 5.如权利要求1所述的方法,其特征在于,所述文档访问权限控制项包括用户身份认证、文档级别和文档访问授权机制。5. The method according to claim 1, wherein the document access authority control items include user identity authentication, document level and document access authorization mechanism. 6.如权利要求1所述的方法,其特征在于,所述源文档反馈控制项包括文档共享方式、文档共享范围和文档数据权属。6. The method according to claim 1, wherein the source document feedback control items include document sharing mode, document sharing scope and document data ownership. 7.一种基于数据提取的电子文档共享控制系统,其特征在于,包括:7. An electronic document sharing control system based on data extraction, characterized in that it comprises: 副本处理模块,用于制作对应源文档的处理副本并执行数据提取操作,得到对应源文档的内容数据;A copy processing module, configured to make a processed copy of the corresponding source document and perform a data extraction operation to obtain content data of the corresponding source document; 标签管理模块,用于建立并修改对应源文档和相匹配内容数据的认证标签;A tag management module, configured to establish and modify authentication tags corresponding to source documents and matching content data; 第一判断模块,用于判断共享请求是否满足文档访问权限控制项;A first judging module, configured to judge whether the sharing request satisfies the document access control item; 第二判断模块,用于判断共享请求是否满足源文档反馈控制项;The second judging module is used to judge whether the sharing request satisfies the source document feedback control item; 反馈执行模块,用于反馈共享请求,并将共享请求信息记录在文档访问记录项。The feedback execution module is used to feed back the sharing request, and record the sharing request information in the document access record item. 8.一种计算机可读存储介质,其特征在于,所述存储介质上存储有计算机程序,所述计算机程序被处理器执行时实现权利要求1至6中任一项所述的方法。8. A computer-readable storage medium, wherein a computer program is stored on the storage medium, and when the computer program is executed by a processor, the method according to any one of claims 1 to 6 is implemented. 9.一种电子设备,其特征在于,包括处理器和存储器;9. An electronic device, comprising a processor and a memory; 所述存储器,用于存储源文档、内容数据和认证标签;The memory is used to store source documents, content data and authentication labels; 所述处理器,用于通过调用源文档、内容数据和认证标签,执行权利要求1至6中任一项所述的方法。The processor is configured to execute the method according to any one of claims 1 to 6 by invoking source documents, content data and authentication tags. 10.一种计算机程序产品,包括计算机程序和/或指令,其特征在于,该计算机程序和/或指令被处理器执行时实现权利要求1至6中任一项所述方法的步骤。10. A computer program product, comprising computer programs and/or instructions, characterized in that, when the computer programs and/or instructions are executed by a processor, the steps of the method according to any one of claims 1 to 6 are implemented.
CN202210976804.XA 2022-08-15 2022-08-15 Electronic document sharing control method and system based on data extraction Active CN115310108B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210976804.XA CN115310108B (en) 2022-08-15 2022-08-15 Electronic document sharing control method and system based on data extraction

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210976804.XA CN115310108B (en) 2022-08-15 2022-08-15 Electronic document sharing control method and system based on data extraction

Publications (2)

Publication Number Publication Date
CN115310108A true CN115310108A (en) 2022-11-08
CN115310108B CN115310108B (en) 2025-12-23

Family

ID=83862124

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210976804.XA Active CN115310108B (en) 2022-08-15 2022-08-15 Electronic document sharing control method and system based on data extraction

Country Status (1)

Country Link
CN (1) CN115310108B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120012166A (en) * 2025-04-18 2025-05-16 福昕鲲鹏(北京)信息科技有限公司 Method and device for controlling permissions of page objects in open format document OFD

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100174997A1 (en) * 2009-01-02 2010-07-08 International Business Machines Corporation Collaborative documents exposing or otherwise utilizing bona fides of content contributors
CN103581200A (en) * 2013-11-15 2014-02-12 中国科学院信息工程研究所 Method and system for achieving fast circulation of structural file among multiple levels of safety domains
US20150052615A1 (en) * 2013-08-14 2015-02-19 Guardtime Ip Holdings Limited System and method for field-verifiable record authentication
US20150248405A1 (en) * 2012-09-28 2015-09-03 Barclays Bank Plc Document Management System and Method
US20160055343A1 (en) * 2014-08-21 2016-02-25 Microsoft Technology Licensing, Llc Hierarchical privacy settings for comments and markups in a shared document
CN106250212A (en) * 2016-07-29 2016-12-21 努比亚技术有限公司 Resource access method and device
CN107180195A (en) * 2017-05-18 2017-09-19 北京计算机技术及应用研究所 Electronic document Life cycle safety protecting method based on safety label
US20180089451A1 (en) * 2016-09-23 2018-03-29 Microsoft Technology Licensing, Llc. Tokenized links with granular permissions
US20180189246A1 (en) * 2016-12-30 2018-07-05 Dropbox, Inc. Aggregating content from one or more documents
CN110648211A (en) * 2018-06-07 2020-01-03 埃森哲环球解决方案有限公司 Data validation

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100174997A1 (en) * 2009-01-02 2010-07-08 International Business Machines Corporation Collaborative documents exposing or otherwise utilizing bona fides of content contributors
US20150248405A1 (en) * 2012-09-28 2015-09-03 Barclays Bank Plc Document Management System and Method
US20150052615A1 (en) * 2013-08-14 2015-02-19 Guardtime Ip Holdings Limited System and method for field-verifiable record authentication
CN103581200A (en) * 2013-11-15 2014-02-12 中国科学院信息工程研究所 Method and system for achieving fast circulation of structural file among multiple levels of safety domains
US20160055343A1 (en) * 2014-08-21 2016-02-25 Microsoft Technology Licensing, Llc Hierarchical privacy settings for comments and markups in a shared document
CN106250212A (en) * 2016-07-29 2016-12-21 努比亚技术有限公司 Resource access method and device
US20180089451A1 (en) * 2016-09-23 2018-03-29 Microsoft Technology Licensing, Llc. Tokenized links with granular permissions
US20180189246A1 (en) * 2016-12-30 2018-07-05 Dropbox, Inc. Aggregating content from one or more documents
CN107180195A (en) * 2017-05-18 2017-09-19 北京计算机技术及应用研究所 Electronic document Life cycle safety protecting method based on safety label
CN110648211A (en) * 2018-06-07 2020-01-03 埃森哲环球解决方案有限公司 Data validation

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN120012166A (en) * 2025-04-18 2025-05-16 福昕鲲鹏(北京)信息科技有限公司 Method and device for controlling permissions of page objects in open format document OFD

Also Published As

Publication number Publication date
CN115310108B (en) 2025-12-23

Similar Documents

Publication Publication Date Title
US12261933B2 (en) Data processing permits system with keys
CN102710633B (en) A cloud security management system and method for confidential electronic documents
CA2763148C (en) Secure workflow and data management facility
CN101944168B (en) Electronic file authority control and management system
US20070162400A1 (en) Method and apparatus for managing digital content in a content management system
US20100257204A1 (en) Providing access to a data item using access graphs
CN116090000A (en) File security management method, system, device, medium and program product
US11146388B2 (en) System and method for application-independent compartmentalized encryption
US20180330120A1 (en) Stacked Encryption
JP2004110197A (en) Information processing method and access authority management method in center system
CN115495785A (en) Access control method and system based on block chain policy management
CN103778379B (en) Application in management equipment performs and data access
CN113221177A (en) Data access method, device and system in distributed system
CN115310108A (en) Electronic document sharing control method and system based on data extraction
US10438003B2 (en) Secure document repository
CN112632587A (en) Method and device for processing data by service middling station
CN118862119A (en) Data security processing method and system
US10853898B1 (en) Method and apparatus for controlled messages
CN116668168A (en) Application program account login method and device
KR101945687B1 (en) Electronic document managing system using hybrid cloud and method for thereof
WO2023241741A1 (en) Procurement coordination method, apparatus and device, and storage medium
CN117635078A (en) Material circulation management method, device, equipment and storage medium based on big data
CN111682934B (en) A method and system for storing, accessing and sharing comprehensive energy metering data
CN110570321B (en) Block chain based reinsurance business method and system
JP4723930B2 (en) Compound access authorization method and apparatus

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant