201032084 - 六、發明說明: 【發明所屬之技術領域】 本發明大體上屬於一種電子樓案權限之控管。具體言 之,其係關於-種電子播案於外部流通時之權限控管系統 及其方法。 【先前技術】 在現今貧訊數位化的時代,電腦已成為各行各業必備 的工具,許多個人私密訊息與重要的組織訊息大多 參腦加以處理與儲存,文件亦以電子形式製作與流通。作電 腌與網路的方便亦帶來了電子文件管理上之困擾,故 漏或不經意接觸機密文件的 〜/ 全的重要性與日具增了月b性大增’因此電腦資訊安 ㈣ί =容權限管理(Dighal幻咖Management,D職) 卩為導因與此之資訊安全機制,用以善加保護機密的電子 其係藉由電腦程式以軟體或硬體之方法限制其數位 广之使用方式。舉例而言,限制某份文件不得列印、佟 改或刪除,或限制某段影片只能在某地播放等,將用卜 =各種不同的權限等級,都是常見之數位内容權限管理: 月匕。一般機密檔案係經由一加密軟體,拆 若被授權者欲開啟㈣ 需透過與上述加密程式相應之解密程序來將密文 =原成原本㈣文檔内容(plaln text)。如f料加密標準 Encrypti〇n standard,DES)即為習知—廣為應用之加 3 201032084 身又企業内部區域網夕 由複數個用戶端與一個 夕 力散式架構系統,其係 相當驚人、管理不易^服端所構成,彼此間資料的流量 供了-些方法,:企ΐ?技術中之數位内容權限管理提 料文嶋。然而,於某透過網際網路使機密資 範圍不僅限於企_,_=中’機密文件之權限控管 «、發表。例Γ 開之產品、專案、電路佑ί要對客戶宣傳其新推出、未公 ❹地,其機密檔宰、或機構設計圖時,無可避免 表,其可能是交由業 報。此時,公司之資安管:攜至客户端進行推廣或簡 System,MIS)就必須對該機密= 以存取該機密檔案之權限。U在並開放業務人員得 不易在=員權案於外部權限之控管實屬 槽案處理之相關細節=握=籌或單位對於該機密 播案於外部單位開啟之時=來開啟、允許該 前技術中提出數種方法可管理电 ^於此,先 權限’包含使用密碼驗證、身份 卜u w佝系又β又有不同的密碼,1 體及組織整體在資訊操作上之負擔:2〇曰加了公司圏 限控管方式並無法保證該企之3 ,身份驗證等權 止業之機密檔案不會受到企業有 4 201032084 -心人士蓄意攜外洩漏。 如上所述,如何讓企業内部之機密資料可方便地於外 界流通又兼具完善的權限控管功能,實為目前孝 用性之思考方向。是以本發明提出一新賴的槽權 控管方法以改善習知技術之缺點。 ’、σ卩榷限 【發明内容】 鑑於上述先前技術之缺點, 播案外部權限控管之系統及方法丄=了;種新賴的 Φ趙偵測私式予用戶端執行產生一硬體特徵標並將 伺服端。伺服端根據該硬體特徵檔對檔案加密再將盆傳送 =戶:。用戶Ϊ比對其硬體特徵是否與加密後檔案之加 雄見則一致以決定是否能開啟該檔案。 、 與本發明中,伺服端包含一權限管理模組, =提供:權限管理介面’可發出硬體谓測程式;根據接 收到之硬體特徵檔對檔案進行加密。另含有-伺服端= 傳輸介面,係設置於伽姓日H 句舰^鋼路 ❿後、 可傳送硬體偵測程式與加密 ::之=至至少一用戶端;用戶端則包含一使用者介面模 、用戶端提供一使用者介面並可比對用戶端之硬體 特徵與特徵檔,若兩者相符 更體 ㈣進行解密,若不相符,:=㈣加密後之 之蜱査% 〃站+ 則使用者"面模組不對加密後 案進仃解进。另包含-用戶端網路傳輸介面,係設置 於用戶端且可傳送特徵檔至飼服端。 係叹置 管系一i的在於提供一種新穎的檔案外部權限控 、、‘與m係透過驗證欲開啟㈣之裝置來達到播 5 201032084 • » :案控管及權限指派效果,無須記憶任何密碼; 本發明之另一目的在於提供一種更安全完 =艮控管系統與方法,其可避免企業有心人士蓄意= 業外部洩漏機密檔案; 昏〜π止 本發明之觀點建構在於伺服端_用戶端之 透過伺服器來對機密栲茔、隹 > 上— 六货、 端進行驗田”進仃加贫(encrypti〇n),再於伺服 進订驗证(aUthentlcati〇n)並解密(decrypti〇n)。 ❹例詳明之優點於精神,可以藉由以下的發明實施 罾例祥述及所附圖式得到進一步的瞭解。 【實施方式】 下列描述係提供本發明特定的施行 底瞭解這些實施例之實行方式。 T解本發明亦可在不具備這些㈣之條件下實行。此外, 理方式解釋㈣述中使用之術語將以最廣義的合 ❹權限二古其為根據本發明一實施例電子檔案外部 ^、,,之塊圖。本發明之外部權限控管係建構在 飼服端-用戶端伽ver_Agent)之架構下。發明中所稱之= :為一:㈣作與權限控管之主控端,訪 j f、. 5亥企業之管理資訊系統(Management 二二一,MIS)人員來進行控管。該用戶端(_) 辈八、n 所傳送之#料並執射目_作者,如該企 :分公司之網管電腦主機、該企業之客戶主機等。如圖一 服端1〇0包含處理單元跡、記憶體H)0b轉合 6 201032084 :元100a,資料庫10〇c輕合至該處理單元1_ 用了存客戶端資訊、硬體資訊、加密資訊及權限管理資 二=旦π限於密碼與相關硬體資訊碼,利於執行加密、、 在壬矛。上述祠服端_亦包含_權限管理模組⑼, ί;=管程式或軟體,輕合於該處理單元⑽及/或 ^庫00c,用以管理有關檔案權限的設定、修改、發送 和-硬體偵測程式104儲存於資料庫或記憶體祕中以 單元之指令執行偵測任務。而本饲服端100 “吏用者介面與輸入介面,基於避免模糊焦點,故不 “於本發明中,當企業中具有機密權級之特定檔案須 於外部流通發表時,伺服端100的權限管理模組1〇1 I先 透過其飼服端網路介面102傳送一硬體偵 : 用以進行發表之用戶端150,該用戶端15〇亦透過一用戶人 =介面152來接收該硬體偵測程式1〇4。於接受到該 '後,在該用戶端150裝置上執行該硬體偵測程式104。 參=硬^貞測程式1G4可擷取該用戶端㈣裝置上的硬體特 徵,其可能包含訊息認證碼(MessageAuthenticati〇nc邊, MAC)石更碟序號、網路卡序號、主機板序號等硬體識別 n^eID)。所侦測到之硬體特徵會被作成一硬體特 續透過用戶端網路介面152回傳給飼服端1〇〇。 =服:1〇0接收到該硬體特徵檔154後,伺服端1〇〇中的 限官理模組1〇6會根據該硬體特徵檔b 流通發表之槽案進行加密—吵其中該加密= 括-非對稱式加密以及一對稱式加密。該非對稱式加密可 7 201032084 從 a 開金鑰(Public Key lnfrastructure,pKI)、RSA 演算法 (algorithm)、及橢圓曲線密碼系統(Emptic以〜 ryptography,ECC)的組合中擇—使用;該對稱式加密可從 Blowfish Λϋ ^ ^ . f # ^ W (Data Encryption Standard, =ES)—重貝料加密標準(ΤΗρΐε des)、目際資料加密演 鼻法(International Data Encryption Algorithm, IDEA)、RC2 加密法、RC5加密法、CAST_128加密法的組合中擇一使 用加雄後之檔案丨〇8迄後會經由伺服端網路介面1〇2 送至該用戶端150進行開啟,七s i^ 士 進仃開啟’或疋將其儲存於-外接式儲 ^ 又備uo中’如隨身碟、外接式硬碟、以及軟式磁碟片 =:Γ1Τ員’如業務人員等,攜帶至該用戶端來 述之硬㈣測程式104亦可透過該外 接式儲存设備110而不透過網路傳送至用戶端150 2 150設置有—使用者介面模組151,其功能類似於飼服 鲁 =0的權限管理模組101,其可為-權限控管介面用以 S理飼服端100傳來所有料㈣㈣之設定 ::當該加密後槽案108傳至該用戶端15。裝置欲J =日=戶…5G之使用者介面模組151會對該加密後 會驗cryption)’此時使用者介面模組151 ⑽==1二裝置之硬體特徵是否與加密後檔案 中權限規則所疋義之硬體特徵—致。如果 该加密後檔案即會被使用者介面模 致, 碼方法進行解密。若兩者不-致==:應之密 案執订任何動作。須注意此實施例中關於加密檔案 8 201032084 之解密亦包含不同的權限細節,其可能包含允許用戶端對 該加密檔案進行各種不同的處理動作,如開啟、修改、複 製備份、或是抓取畫面等攸關資訊安全性之動作二 現在請參照圖二,其為根據本發明實施例電子檔案外 部權限控管之流程圖,了述實施例並搭配上述圖一之元件 方塊來進行說明。首先於本發明方法中,進行權限控管之 伺服端100會先傳送一硬體偵測程式1〇4至一用戶端 150(步驟201);於接受到該硬體偵測程式1〇4後於該用 戶端150裝置上執行該硬體偵測程式1()4 ’該程式可摘取 用戶端150裝置之硬體識別碼,例如可包含用戶端⑼之 訊息認證碼(Message Authenticati〇n c〇de,Μα〇、硬碟序 號、網路卡序號、主機板序號等,並透過用戶端150之使 用者介面模組151產生-硬體特徵檔154(步驟2〇2);其 後,用戶端15〇會將該硬體特徵檔154#回飼服端1〇〇(步 驟加);該舰端100之權限管理模组1〇1會根據該硬體 ❹特徵檔154來對欲於用戶端15()裝置上開啟之機密槽案進 丁力密(步驟204),加密後之檔冑1〇8會從飼服端⑽傳送 至用戶端150進行開啟(步驟2〇5);於此環節,用戶端15〇 =用者介面模組151會驗證其用戶端15()裝置之硬體特 徵疋否與加密後槽案108中權限規則所定義之硬體特徵一 =(步驟辑若硬體特徵一致,用戶端15〇之使用者介面 模組⑸會以其所對應之密碼方法解密該 :供使用者發表或修改複製等(步驟叫若兩者不:致, 、用戶端150之使用者介面模组151將不對該加密後槽案 9 201032084 1〇8進行解密(步驟208)。須注音+杳& + bb 之Μ玄t 4入 貝,主思此實施例令闕於加密檔柰 ▲之解密亦包含不同的權限細節,其可能包含允=案 樓莱進仃各種不同的處理動作,如開啟、修, 製備份、或是抓取晝面等攸關資訊安全性之動作:硬 本發明並未褐限於此處所描述之特定細節特徵 ^明之精神與料下’其與先前描述與圖式相關 同的發明變更是可被允許的。因此,本發明將 = :申細來定義涵括其所可能之修改與變更,而二= 方之彳田述來界定本發明之範_。 【圖式簡單說明】 圖一為根據本發明一實施例雷;# # ^ 統之方塊圈;及 子檔案外部權限控管系 圖二為根據本發明一實施例電子檔案外部權限控管方 法之流程圖。 【主要元件符號說明】 Q 1〇〇 伺服端 100a處理單元 l〇〇b記憶體 100c資料庫 101 權限管理模組 102 伺服器網路介面 104 硬體偵測程式 108 加密後檔案 201032084 110外接式儲存設備 150用戶端 151使用者介面模組 152用戶端網路介面 154硬體特徵檔 201傳送硬體谓測程式至一用戶端201032084 - VI. Description of the invention: [Technical field to which the invention pertains] The present invention generally pertains to the control of the authority of an electronic building. Specifically, it is a privilege control system and method for when an electronic broadcast is externally distributed. [Prior Art] In today's era of digital digitalization, computers have become an indispensable tool in all walks of life. Many private and important organizational messages are processed and stored in the brain. Documents are also produced and distributed electronically. The convenience of electric pickling and internet has also brought about troubles in the management of electronic documents. Therefore, the importance of leaking or inadvertently contacting confidential documents is increasing with the daily increase of the monthly b. Therefore, computer information security (4) ί = Dighage Management (Dighage Management), which is the cause of information security mechanism, the electronic used to protect confidentiality is limited by software or hardware. the way. For example, restricting a certain document from printing, tampering or deleting, or restricting a certain movie to be played only in a certain place, etc., will use various = different permission levels, which are common digital content rights management: dagger. The general confidential file is opened by an encryption software. If the authorized person wants to open (4), the ciphertext should be converted to the original (4) document content (plaln text) through the decryption program corresponding to the above encryption program. For example, the Encrypti〇n standard, DES) is a well-known application. 3 201032084 The internal network of the enterprise is composed of a plurality of users and a Xi Li scattered architecture system. Management is not easy to ^ the end of the service, the flow of data between each other for some methods,: Enterprise? Digital content rights management in the technology to extract papers. However, in the Internet, the scope of confidentiality is not limited to the _, _= privilege control of the confidential documents «, published. For example, when opening a product, project, or circuit, it is necessary to publicize its newly launched, unfairly, confidential information, or institutional design drawings, which may be handed over to the industry. At this point, the company's security management: to the client for promotion or simply System, MIS) must be the secret = access to the confidential file. U is not open to the business personnel, it is not easy to control the details of the external authority in the case of the right of the staff. The relevant details of the handling of the case of the external authority = grip = unit or unit for the confidential broadcast when the external unit is opened = to open, allow the In the prior art, several methods are proposed to manage the electric power, and the first permission includes the use of password verification, the identity of the uw system, and the β and the different passwords, and the burden of the whole body and the organization on the information operation: 2〇曰Adding the company's limited control method does not guarantee that the confidential file of the enterprise, identity verification, etc. will not be deliberately carried out by the company. As mentioned above, how to make the confidential information inside the enterprise convenient for external circulation and has a perfect authority control function is the current thinking direction of filial piety. The present invention proposes a new slot control method to improve the shortcomings of the prior art. ', σ 卩榷 limit [invention content] In view of the above-mentioned shortcomings of the prior art, the system and method of controlling the external authority of the broadcast case 丄 =; the new Φ Zhao detection private mode to the user end to generate a hardware feature Mark the servo end. The server encrypts the file according to the hardware profile and then transmits the bucket = household:. The user is more consistent with whether the hardware feature is the same as the encryption of the encrypted file to determine whether the file can be opened. In the present invention, the server includes a rights management module, and the: provides: the rights management interface' can issue a hardware test program; and encrypts the file according to the received hardware feature file. In addition, the servo-side = transmission interface is set after the gamma-day H sentence ship ^ steel road, can transmit the hardware detection program and encryption:: = to at least one user; the user terminal includes a user The interface module and the client provide a user interface and can compare the hardware features and signature files of the user terminal. If the two match more (4), if they do not match, := (4) After the encryption, check the % station + Then the user "face module does not extract the encrypted case. In addition, the client network transmission interface is set on the user side and can transmit the signature file to the feeding end. The sigh is to provide a novel file external authority control, and the 'm system through verification to open (4) device to achieve broadcast 5 201032084 • » : case control and authority assignment effect, no need to remember any password Another object of the present invention is to provide a safer and more complete control system and method, which can avoid the intention of the enterprise to deliberately = the external leakage of the confidential file; faint ~ π end of the invention is constructed in the server _ client Through the server to the secret 栲茔, 隹 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上 上n) The advantages and advantages of the examples are further understood by the following examples of the invention and the accompanying drawings. [Embodiment] The following description provides a specific implementation of the invention. The method of implementation. The solution to the invention can also be carried out without the conditions of (4). In addition, the terminology used in the interpretation of (4) will be based on the most broad terms of cooperation. According to an embodiment of the present invention, a block diagram of an external electronic file, the external authority control system of the present invention is constructed under the framework of a feeding end-user end gamver_Agent. The invention refers to the following: (4) As the main control end of the authority control, visit the management information system (Management 22, MIS) personnel of jf, . 5 Hai enterprise to control. The user end (_) generation eight, n transmitted # The author and the target _ the author, such as the enterprise: the network management computer host of the branch, the client host of the enterprise, etc. As shown in Figure 1, the service terminal 1〇0 contains the processing unit trace, the memory H) 0b turns 6 201032084: yuan 100a, The database 10〇c is lightly coupled to the processing unit 1_ using client information, hardware information, encrypted information, and rights management. The second is limited to the password and the related hardware information code, which facilitates the execution of encryption and The above server _ also includes a privilege management module (9), ί;= pipe program or software, which is lightly coupled to the processing unit (10) and/or the library 00c for managing settings, modifications, and transmissions of file permissions. - The hardware detection program 104 is stored in the database or the memory secret to the unit The execution of the detection task is performed, and the user interface and the input interface are based on avoiding blurring of the focus, so it is not "in the present invention, when a specific file having a confidentiality level in the enterprise is required to be distributed externally. The privilege management module 1 〇 1 I of the server 100 first transmits a hardware detection through the feed server network interface 102: the client 150 for publishing, and the user terminal 15 also passes through a user interface. 152. The hardware detection program 1〇4 is received. After receiving the ', the hardware detection program 104 is executed on the user terminal 150. The firmware is used to retrieve the client. (4) Hardware features on the device, which may include a message authentication code (MessageAuthenticati〇nc side, MAC), a stone disc number, a network card serial number, a motherboard number, and the like, and a hardware identification n^eID). The detected hardware features are sent back to the feeding end through the client network interface 152 as a hardware. = service: 1〇0 After receiving the hardware feature file 154, the limit of the government module 1〇6 in the servo port 1 will be encrypted according to the slot file of the hardware profile b circulation-noisy Encryption = Asymmetric encryption and a symmetric encryption. The asymmetric encryption can be selected from a combination of a Public Key Infrastructure (pKI), an RSA algorithm, and an elliptic curve cryptosystem (Emptic to ryptography, ECC); Encryption can be obtained from Blowfish Λϋ ^ ^ . f # ^ W (Data Encryption Standard, =ES) - Repetitive Material Encryption Standard (ΤΗρΐε des), International Data Encryption Algorithm (IDEA), RC2 Encryption The combination of RC5 encryption method and CAST_128 encryption method uses the file of Kaohsiung 丨〇8, and then it will be sent to the user terminal 150 via the server network interface 1〇2 to open, and the seven si^ 'Or you store it in an external storage device and a spare uo' such as a flash drive, an external hard disk, and a soft disk: (4) The test program 104 can also be transmitted to the client through the external storage device 110 without being transmitted to the client 150 2 150. The user interface module 151 is provided, and the function is similar to the rights management module of the service service. 101, which can be - Interface Controls to limit S Servo processing terminal 100 to set all the material coming :: ㈣㈣ of the groove when the encrypted text 108 is transmitted to the UE 15. The device wants J = day = household... The 5G user interface module 151 will check the encryption after the encryption.) At this time, the user interface module 151 (10) = =1 the hardware feature of the device is in the encrypted file. The hardware features of the permission rules are ambiguous. If the encrypted file is simulated by the user interface, the code method is decrypted. If the two do not - cause ==: the secret should be ordered to perform any action. It should be noted that the decryption of the encrypted file 8 201032084 in this embodiment also includes different permission details, which may include allowing the user to perform various processing actions on the encrypted file, such as opening, modifying, copying, or capturing the screen. [Embodiment 2] Please refer to FIG. 2, which is a flow chart of the external authority control of the electronic file according to the embodiment of the present invention. The embodiment is described with reference to the element block of FIG. First, in the method of the present invention, the server 100 that performs the rights control first transmits a hardware detection program 1〇4 to a client terminal 150 (step 201); after receiving the hardware detection program 1〇4, The hardware detection program 1 () 4 is executed on the user terminal 150. The program can extract the hardware identification code of the user terminal 150, for example, the message authentication code of the user terminal (9) can be included (Message Authenticati〇nc〇 De, Μα〇, hard disk serial number, network card serial number, motherboard serial number, etc., and generate a hardware feature file 154 through the user interface module 151 of the client 150 (step 2〇2); thereafter, the user terminal 15〇 will return the hardware feature file 154# to the feeding end 1〇〇 (step plus); the authority management module 1〇1 of the ship end 100 will be based on the hardware file 154 to the user end The confidential slot opened on the 15() device enters Dingli (step 204), and the encrypted file 胄1〇8 is transmitted from the feeding end (10) to the user end 150 for opening (step 2〇5); The client 15〇=user interface module 151 verifies the hardware characteristics of the user terminal 15() device and the right in the encrypted slot case 108. Hardware features defined by the rule = (Steps if the hardware features are consistent, the user interface module (5) of the user terminal 15 will decrypt the corresponding password method: for the user to publish or modify the copy, etc. (step If the two do not: the user interface module 151 of the client 150 will not decrypt the encrypted slot file 9 201032084 1 〇 8 (step 208). The phonetic + 杳 & + bb 4 Into the shell, the main thinking of this embodiment is that the decryption of the encrypted file 柰 ▲ also contains different permission details, which may include various operations such as opening, repairing, backup, or It is an act of grasping information security such as 昼面: Hard invention is not limited to the specific details described herein. The spirit of the invention is the same as the previous description and schema change. Therefore, the present invention will define the modifications and variations that may be included in the present invention, and the second is to define the scope of the present invention. [Simplified Schematic] Figure 1 is based on An embodiment of the present invention; Ray ##^ And the sub-file external authority control system is a flowchart of the external authority control method of the electronic file according to an embodiment of the present invention. [Main component symbol description] Q 1〇〇 server 100a processing unit l〇〇b memory 100c Database 101 Rights Management Module 102 Server Network Interface 104 Hardware Detection Program 108 Encrypted File 201032084 110 External Storage Device 150 User Interface 151 User Interface Module 152 User Network Interface 154 Hardware Feature File 201 Transfer the hardware predicate to a client
202執行該硬體偵測程式產生一硬體特徵檔 203將該硬體特徵檔傳回伺服端 204根據該特徵檔對檔案進行加密 205將該加密後檔案傳送至用戶端 規 2〇6驗也用戶端之硬體特徵是否與該加密後檔案 則一致 207 解密該檔案 208 不解密該檔案202: executing the hardware detection program to generate a hardware feature file 203, transmitting the hardware feature file to the server 204, encrypting the file according to the feature file, and transmitting the encrypted file to the user terminal. Whether the hardware feature of the client is consistent with the encrypted file 207 decrypting the file 208 does not decrypt the file
ππ