[go: up one dir, main page]

CN1194498C - Content security monitoring system and method based on digital tags - Google Patents

Content security monitoring system and method based on digital tags Download PDF

Info

Publication number
CN1194498C
CN1194498C CNB021451125A CN02145112A CN1194498C CN 1194498 C CN1194498 C CN 1194498C CN B021451125 A CNB021451125 A CN B021451125A CN 02145112 A CN02145112 A CN 02145112A CN 1194498 C CN1194498 C CN 1194498C
Authority
CN
China
Prior art keywords
server module
content
information
module
label
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB021451125A
Other languages
Chinese (zh)
Other versions
CN1411199A (en
Inventor
陈璐艺
施建俊
李建华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai Jiao Tong University
Original Assignee
Shanghai Jiao Tong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai Jiao Tong University filed Critical Shanghai Jiao Tong University
Priority to CNB021451125A priority Critical patent/CN1194498C/en
Publication of CN1411199A publication Critical patent/CN1411199A/en
Application granted granted Critical
Publication of CN1194498C publication Critical patent/CN1194498C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Landscapes

  • Storage Device Security (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)

Abstract

基于数字标签的内容安全监控系统及方法属于网络信息安全领域。系统主要包括:客户端和服务器端,服务器端包括:代理服务器模块、标签局模块、策略服务器模块、验证服务器模块、网络信息服务器模块,标签局模块、策略服务器模块通过网络与代理服务器模块、验证服务器模块相连接,网络信息服务器模块连接在代理服务器模块的后端,代理服务器模块、验证服务器模块通过网络与客户端连接。方法通过对信息内容添加标签,并通过基于标签的安全策略来进行管理,分为内容分发流程和验证审计流程两个部分,这两个流程按顺序执行。本发明适用于企业内部涉密网,不需要证书中心支持,避免资料遭到滥用,实现访问控制及操作审计、全过程及动态的安全策略。

Figure 02145112

A content security monitoring system and method based on a digital tag belongs to the field of network information security. The system mainly includes: client and server. The server includes: proxy server module, label bureau module, policy server module, verification server module, network information server module, label bureau module, and policy server module. The server modules are connected to each other, the network information server module is connected to the back end of the proxy server module, and the proxy server module and the verification server module are connected to the client through the network. The method adds labels to information content and manages them through security policies based on labels. It is divided into two parts: content distribution process and verification audit process. These two processes are executed in sequence. The invention is suitable for the secret-related network inside the enterprise, does not need the support of the certificate center, avoids the misuse of data, and realizes access control and operation audit, the whole process and dynamic security strategy.

Figure 02145112

Description

Content safety supervisory control system and method based on digital label
Technical field
What the present invention relates to is a kind of information content safety monitoring system and method, and particularly a kind of content safety supervisory control system and method based on digital label belong to filed of network information security.
Background technology
Specifically content safety in the information security, is to prevent client terminal download malice or harmful information content, confidential information safe transmission and issue, information content access control and audit.Because relate to the contents supervision, computer need be discerned automatically to the information content.Yet that is that all right is ripe for technology such as natural language understanding, is not enough to finish this task.Even the algorithm that some are comparatively ripe also is at English document.More immature for Chinese document text-processing technology.In this case, we bring into use the mode of digital label to carry out the contents supervision.The application number of submitting to the applicant is in the patent documentation of 01139014.X, we are at the method for digital label, designed a kind of web page server of expansion, the difference of this server and traditional server is, it is in content distributed, can insert webpage to digital label then by inquiring about a server that is referred to as label office.Like this, the webpage of issue has just had digital label, does not provide client or how other application program makes digital label play a role but do not mention.The patent of the applicant's application, number of patent application is: 01139015.8, name is called: based on the network information content grading management method of PKIX, this patent documentation at the content safety monitoring Demand Design on the Internet a kind of information content management method based on PKIX, in this method, proposition utilizes PKIX to sign and issue and the administering digital label, and this method utilizes the mode of multi-zone supervision to come a large amount of certificate centers at different levels are managed.But this mode is applicable to public network, rather than is used for enterprises concerning security matters network, because generally be not equipped with certificate center on Intranet, moreover the certificate center quantity on the Internet is few at present, the technology imperfection.
Summary of the invention
The present invention is directed to the deficiencies in the prior art and defective, a kind of content safety supervisory control system and method based on digital label is provided, make it be applicable to the enterprises classified network, certificate of necessity center is not supported, by network information medium being added the method for label, the transmission of important content on the managerial grid internet avoids data to be abused.The present invention is achieved through the following technical solutions, system of the present invention comprises: the client and server end, server end passes through proxy modules, the authentication server module is connected with client, server end is except common network information server, increased acting server, label office, strategic server, four modules of authentication server, label office module is connected with the authentication server module with proxy modules by network with the strategic server module, the network information server module is connected the rear end of proxy modules, avoids directly being visited by client.
Client has also increased a miscellaneous function module except generic browser, browser and miscellaneous function module are positioned at same computer, is connected with proxy modules, the authentication server module of server end by network.
Proxy modules is actually an enhancing version that common proxy modules has been increased new function.It can carry out the inquiry of searching label and control strategy after receiving user's request, and can whether send this information to client according to label and strategy decision, perhaps before information is sent to client content is encrypted.Proxy modules can be finished access control function, and when the user asked some pages, proxy modules is the label and the access control policy of this page of inquiry earlier, if strategy allows, then finish user's requested operation, otherwise, return show the operation unaccepted html page.
The later security strategy of information content issue is implemented by the authentication server module, in fact asks after a certain page as the user, and proxy modules returns to client is the page after encrypting.Deciphering to the page realizes by browser plug-in.Guaranteed in the time of insert design that the user can't preserve the page of plain code in this locality, but can preserve the page after the encryption.In the time of resource after user capture is downloaded like this, still need be by the checking of authentication server, and obtain decruption key.To guarantee to decipher the back when it is pointed out that insert design here and destroy key, by the authentication server module can guarantee user's download Internet resources still can continue to implement security strategy later on.
With above-mentioned similar, the user also finishes by the authentication server module the audit of resource access operations, because the user is when accesses network resource (resource and the local encrypt asset of preserving that comprise the access server end) all needs to obtain content key through the authentication server module.Therefore, the solicit operation of content key be can be used as the foundation of information content accessing operation audit.
After the user side download message, the strategy on the strategic server module can dynamic-configuration, and comes into force in real time by the authentication server module.Dynamically change policy configurations and realize that by strategic server module and authentication server module because the user is to the visit of Internet resources each time, online or off-line all needs current strategy is inquired about.Therefore, Ce Lve change can come into force.So-called online and off-line is said at information server, even but the local resource of visit, the user still needs to visit the authentication server module, according to system design of the present invention, even after content is downloaded, security strategy in the strategic server module still can dynamically change, and effectively.
Deposited user's information and resource access control tabulation in the strategic server module, it is equivalent to a LIST SERVER on function, and directory service is provided on network.
The resource description label is mainly stored and issued to label office module, and comprising unique content key of corresponding needs with each Internet resources, this content key can play encryption and decryption in workflow.
Browser can send to authentication module together with label with user authentication information, and is decrypted later on obtaining content key, and auto-destruct key after deciphering if browser can not obtain content key, then can't show the encryption webpage.An acting server is arranged between common network information server and user browser, be used for finishing user's variety of protocol request.Acting server can be tabulated from strategic server searching user's information and resource access, and can encrypt information from label office inquiry tag information.
The miscellaneous function module of client at first is used for limiting the performance constraint of client to the important information content, and it can shield printing, the hold function of browser, can also copy the screen function by the SHIELDING CALCULATION machine.In addition, it also needs to finish the function of deciphering.
The present invention is on the basis of this system, propose to realize contents supervision's method, by the information content is added label, and manage by security strategy based on label, method is divided into two parts: content distribution flow and checking audit process, these two flow processs are carried out in order, and concrete steps are as follows:
1) content distribution flow:
1. browser sends request;
2. proxy modules is from network information server module downloading page;
3. proxy modules is from label office module inquiry tag;
4. proxy modules is obtained Access Control List (ACL) from the strategic server module;
5. proxy modules is encrypted the page;
6. the page and label thereof after proxy modules will be encrypted send to browser.
2) checking audit process:
1. browser sends to the authentication server module with user authentication information and resource tag;
2. the authentication server module obtains content key from label office module;
3. the authentication server module obtains Access Control List (ACL) from the strategic server module;
4. authentication server module verification user right;
5. the authentication server module sends to browser to content key;
6. browser is deciphered the page.
Below the inventive method is further described:
● at first need to add digital label for the information content important in the network information server module, the title that contains resource in the digital label of the present invention, the founder, summary, and and unique content key of being associated of content, digital label can adopt many methods to describe, no matter what it adopted is any form, it does not change its essence, wherein method is to adopt the form of resource description framework (RDF) to be described preferably, benefit with resource description framework (RDF) is can integrated many existing description vocabulary, dublin core (Dublin Core) etc. as previously mentioned.
● the step of content distribution flow is 3. and 4., and proxy modules is obtained resource access control tabulation and digital label according to user's request respectively from strategic server module and label office module, and according to security strategy decision subsequent step;
Security strategy of the present invention is to formulate at the rating information that contains in the digital label, the description of strategy comprises following content: unified resource location (URL), blacklist, classified filtering strategy, Access Control List (ACL), audit content, wherein the classified filtering strategy selects the situation of platform (Platform for Internet Content Selection) classification vocabulary to formulate at containing internet content in the label.
● the step of content distribution flow is 5. and 6., if user's information conforms security strategy, the content key that the proxy modules utilization is obtained from digital label is encrypted information, and information and key after the encryption send to client together, if user's information does not meet the requirement of security strategy, proxy modules refusing user's request then, and send the page of Reason For Denial to client;
Described key is a content key, and it is the unique key that is associated with specific information content, and it is to generate when adding label.Proxy modules is all undertaken by this key contents decryption content-encrypt and browser plug-in, because this key and information content direct correlation, so can regard accessing operation to the information content as to the solicit operation of this key.
● the step of checking audit process 1. in, browser obtains encrypting after the page, and user profile and digital label are sent to the authentication server module, the authentication server module is according to user's mandate decision subsequent operation;
● checking audit process step is 5. and 6., if user's information conforms security strategy, then the authentication server module sends content key to browser, the miscellaneous function module is after obtaining key, be decrypted encrypting webpage, if user's information does not meet security strategy, then the authentication server module does not send key to browser, and browser can't show encrypted content.
The present invention has substantive distinguishing features and marked improvement, after having adopted native system and method thereof, can improve the monitoring to important content aspect three:
1. can realize access control and operation audit to important content.The user need be undertaken by proxy modules the request of information, proxy modules can be according to the security strategy control that conducts interviews, and in addition, the user needs the information of enabling decryption of encrypted, also need by the authentication server module, be equivalent to and increased controlled function one.Because the user visits secret content each time all needs to obtain content key, therefore, the authentication server module can be operated audit to the request of content key according to the user.
2. the security strategy of overall process.Common content delivering system, after being downloaded, content just lost control to information, and native system continues to realize security strategy by the authentication server module after content is downloaded, thereby has realized from content release until the security strategy of inefficacy overall process.
3. dynamic security strategy.Common supervisory control system leaves strategy in client terminal local, and strategy just can not dynamically change like this, and native system is issued strategy with the form of service, can real time altering, and come into force.
Description of drawings
Fig. 1 entire system structural representation of the present invention
Embodiment
As shown in Figure 1, the present invention mainly comprises: client 1 and server end 2, the proxy modules 6 of server end 2, authentication server module 9 is connected with client 1 by network 3, server end 2 comprises that 5 are formed module: proxy modules 6, label office module 7, strategic server module 8, authentication server module 9, network information server module 10, its connected mode is: label office module 7, strategic server module 8 is by network 3 and proxy modules 6, authentication server module 9 is connected, and network information server module 10 is connected the rear end of proxy modules 6.
Client 1 comprises 2 modules: browser 4, miscellaneous function module 5, browser 4 and miscellaneous function module 5 are positioned at same computer, are connected with proxy modules 6, the authentication server module 9 of server end 2 by network 3.
Browser 4 sends to authentication server module 9 with user authentication information together with label, and is decrypted auto-destruct key after deciphering later on obtaining content key.
Deposit user's information and resource access control tabulation in the strategic server module 8,7 storages of label office module and issue resource description label, comprising with the corresponding unique content key of each Internet resources.
Provide following examples in conjunction with content of the present invention:
Dispose the confidential information delivery system of an enterprises classified network in concrete network environment, client also increases a browser plug-in except normally used browser.If use Microsoft's browser (IE), the ActiveX that then uses Microsoft to provide writes browser component, and this browser component is a kind of block that depends on browser, is used for finishing the restriction of deciphering and function.
A complete information issue flow process can be divided into two parts, and they are content release flow process and checking audit process.The concrete steps of these two flow processs are as follows: 1) content distribution flow: 1. browser 4 sends request to acting server 6; 2. acting server 6 is from network information server 10 downloading page; 3. acting server 6 is from label office 7 inquiry tags; 4. acting server 6 obtains Access Control List (ACL) from strategic server 8; 5. acting server 6 is encrypted the page; 6. the page and label thereof after acting server 6 will be encrypted send to browser 4.
2) checking audit process: 1. browser 4 sends to authentication server module 9 modules with user authentication information and resource tag; 2. authentication server module 9 obtains content key from label office module 7; 3. authentication server module 9 obtains Access Control List (ACL) from strategic server module 8; 4. authentication server module 9 is verified user rights; 5. authentication server module 9 sends to browser 4 to content key; 6. browser supplementary module 5 is deciphered the pages.General user's browse operation relates to the process 1 that order is carried out) and process 2), if user capture is kept at local encryption webpage, then only relate to the checking audit process.Need to guarantee secure communication between each module of server end, therefore need to adopt secure communication protocols (SSL).In addition, before work, need earlier authenticating identity mutually between browser and the certificate server.Existing subscriber identity information has resource access control tabulation again in the strategic server, and what it provided is the function of a directory service basically, therefore can adopt LDAP (LDAP) agreement to realize query manipulation, also can adopt other modes.
Adopt such method to carry out the information issue, just can realize management capsule information.Specifically, can obtain following effect: the user that the data of concerning security matters is merely able to be hoped visits, and can stipulate his operating right, such as printing, preserve and the copy screen, can carry out detailed audit to his accessing operation; Still can monitor later in the confidential data granting it, such as, hope changes this user's operating right after providing, and then can dynamically change authorization conditions by strategic server.

Claims (8)

1、一种基于数字标签的内容安全监控系统,主要包括:客户端(1)和服务器端(2),其特征在于服务器端(2)包括:代理服务器模块(6)、标签局模块(7)、策略服务器模块(8)、验证服务器模块(9)、网络信息服务器模块(10),其连接方式为:标签局模块(7)、策略服务器模块(8)通过网络(3)与代理服务器模块(6)、验证服务器模块(9)相连接,网络信息服务器模块(10)连接在代理服务器模块(6)的后端,服务器端(2)的代理服务器模块(6)、验证服务器模块(9)通过网络(3)与客户端(1)连接。1, a kind of content security monitoring system based on digital label mainly comprises: client end (1) and server end (2), it is characterized in that server end (2) comprises: agent server module (6), label bureau module (7 ), policy server module (8), verification server module (9), network information server module (10), its connection mode is: label office module (7), policy server module (8) through network (3) and proxy server Module (6), verification server module (9) are connected, and network information server module (10) is connected at the back end of proxy server module (6), and the proxy server module (6) of server end (2), verification server module ( 9) Connect with the client (1) through the network (3). 代理服务器模块(6)实际上是一个对普通代理服务器模块增加了新的功能的增强版本。它能够在接到用户请求之后,进行标签查询和控制策略查询,并且能够根据标签和策略决定是否向客户端发送该信息,或者在把信息发送到客户端以前对内容进行加密。信息内容发布以后的安全策略是通过验证服务器模块(9)实施的,这样用户访问下载后的资源的时候,仍需通过验证服务器的验证,并得到解密密钥。策略服务器模块(8)上的策略可以动态配置,并通过验证服务器模块来实时生效。在功能上它相当于一个目录服务器,在网络上提供目录服务。代理服务器能够从标签局(7)查询标签信息,能够从策略服务器查询用户信息和资源访问列表。The proxy server module (6) is actually an enhanced version that has added new functions to the common proxy server module. It can conduct label query and control policy query after receiving the user's request, and can decide whether to send the information to the client according to the label and policy, or encrypt the content before sending the information to the client. The security policy after the release of the information content is implemented through the authentication server module (9), so that when the user accesses the downloaded resources, he still needs to pass the authentication of the authentication server and obtain the decryption key. The policies on the policy server module (8) can be dynamically configured and come into effect in real time through the verification server module. Functionally, it is equivalent to a directory server, providing directory services on the network. The proxy server can query label information from the label office (7), and can query user information and resource access lists from the policy server. 2、根据权利要求1所述的这种基于数字标签的内容安全监控系统,其特征是策略服务器模块(8)中存放用户的信息和资源访问控制列表,标签局模块(7)存储和发布资源描述标签,其中包括与每一个网络资源相对应的一个唯一的内容密钥。2. The content security monitoring system based on digital tags according to claim 1, characterized in that the policy server module (8) stores user information and resource access control lists, and the tag office module (7) stores and publishes resources A description tag that includes a unique content key associated with each web resource. 3、根据权利要求1所述的这种基于数字标签的内容安全监控系统,其特征是客户端(1)包括:浏览器(4)、辅助功能模块(5),浏览器(4)和辅助功能模块(5)位于同一台计算机,通过网络(3)与服务器端(2)的代理服务器模块(6)、验证服务器模块(9)连接。3. The content security monitoring system based on digital tags according to claim 1, characterized in that the client (1) includes: browser (4), auxiliary function module (5), browser (4) and auxiliary The functional modules (5) are located on the same computer, and are connected to the proxy server module (6) and the verification server module (9) of the server end (2) through the network (3). 4、根据权利要求2所述的这种基于数字标签的内容安全监控系统,其特征是浏览器(4)将用户认证信息连同标签一起发送给验证服务器模块(9),并在取得内容密钥以后进行解密,在解密后自动销毁密钥。4. The content security monitoring system based on digital tags according to claim 2, characterized in that the browser (4) sends the user authentication information together with the tags to the verification server module (9), and obtains the content key Decrypt later, the key is automatically destroyed after decryption. 5、一种基于数字标签的内容安全监控方法,其特征在于:通过对信息内容添加标签,并通过基于标签的安全策略来进行管理,方法分为内容分发流程和验证审计流程两个部分,这两个流程按顺序执行,具体步骤如下:5. A content security monitoring method based on digital labels, characterized in that: by adding labels to information content and managing it through security policies based on labels, the method is divided into two parts: content distribution process and verification audit process. The two processes are executed sequentially, and the specific steps are as follows: 1)内容分发流程:1) Content distribution process: ①浏览器(4)发出请求;①Browser (4) sends a request; ②代理服务器模块(6)从网络信息服务器(10)下载页面;2. proxy server module (6) downloads page from network information server (10); ③代理服务器模块(6)从标签局模块(7)查询标签;3. Proxy server module (6) inquires label from label office module (7); ④代理服务器模块(6)从策略服务器模块(8)获取访问控制列表;4. the proxy server module (6) obtains the access control list from the policy server module (8); 步骤③和④中,代理服务器模块根据用户的请求,从策略服务器模块和标签局模块分别获取资源访问控制列表和数字标签,并根据安全策略决定后续步骤;In steps ③ and ④, the proxy server module obtains the resource access control list and the digital label from the policy server module and the label bureau module respectively according to the user's request, and determines the next steps according to the security policy; ⑤代理服务器模块(6)加密页面;5. proxy server module (6) encrypted page; ⑥代理服务器模块(6)将加密后的页面及其标签发送给浏览器(4);6. the proxy server module (6) sends the encrypted page and its label to the browser (4); 步骤⑤和⑥中,如果用户的信息符合安全策略,代理服务器模块利用从数字标签中获取的内容密钥对信息进行加密,并把加密后的信息和密钥一起发送给客户端,如果用户的信息不符合安全策略的要求,则代理服务器模块拒绝用户请求,并向客户端发送拒绝原因的页面;In steps ⑤ and ⑥, if the user’s information conforms to the security policy, the proxy server module encrypts the information with the content key obtained from the digital tag, and sends the encrypted information and the key to the client. If the user’s If the information does not meet the requirements of the security policy, the proxy server module rejects the user request and sends a page of the reason for the rejection to the client; 2)验证审计流程:2) Verify the audit process: ①浏览器(4)将用户认证信息及资源标签发送给验证服务器模块(9);① The browser (4) sends the user authentication information and the resource label to the verification server module (9); 步骤①中,浏览器得到加密页面以后,把用户信息和数字标签发送到验证服务器模块,验证服务器模块根据用户的授权决定后续操作;In step ①, after the browser obtains the encrypted page, it sends the user information and the digital label to the verification server module, and the verification server module decides the follow-up operation according to the authorization of the user; ②验证服务器模块(9)从标签局模块(7)获得内容密钥;② The verification server module (9) obtains the content key from the label bureau module (7); ③验证服务器模块(9)从策略服务器模块(8)获得访问控制列表;③ the authentication server module (9) obtains the access control list from the policy server module (8); ④验证服务器模块(9)验证用户权限;4. verification server module (9) verification user authority; ⑤验证服务器模块(9)把内容密钥发送给浏览器(4);⑤ The authentication server module (9) sends the content key to the browser (4); ⑥浏览器(4)解密页面。⑥The browser (4) decrypts the page. 步骤⑤和⑥中,如果用户的信息符合安全策略,则验证服务器模块向浏览器发送内容密钥,辅助功能模块在得到密钥以后,对加密网页进行解密,如果用户的信息不符合安全策略,则验证服务器模块不向浏览器发送密钥,浏览器无法显示加密内容。In steps ⑤ and ⑥, if the user's information conforms to the security policy, the verification server module sends the content key to the browser, and the auxiliary function module decrypts the encrypted webpage after obtaining the key; if the user's information does not conform to the security policy, Then the verification server module does not send the key to the browser, and the browser cannot display the encrypted content. 6、根据权利要求5所述的这种基于数字标签的内容安全监控方法,其特征是需要为网络信息服务器模块(10)中重要的信息内容添加数字标签,所述的数字标签中含有资源的名称、创建者、摘要、以及和内容相关联的唯一的内容密钥;6. The digital label-based content security monitoring method according to claim 5, characterized in that it is necessary to add digital labels to important information content in the network information server module (10), and said digital labels contain resources name, creator, abstract, and unique content key associated with the content; 7、根据权利要求6所述的这种基于数字标签的内容安全监控方法,其特征是所述的安全策略是针对数字标签中含有的分级信息制定的,策略的描述包括以下的内容:统一资源定位、黑名单、分级过滤策略、访问控制列表、审计内容,其中分级过滤策略是针对标签中含有互联网内容选择平台分级词汇的情况而制定的。7. The digital label-based content security monitoring method according to claim 6, characterized in that said security policy is formulated for the hierarchical information contained in the digital label, and the description of the policy includes the following content: unified resources Positioning, blacklist, hierarchical filtering strategy, access control list, and audit content. The hierarchical filtering strategy is formulated for the situation that the label contains the Internet content selection platform classification vocabulary. 8、根据权利要求5或6所述的这种基于数字标签的内容安全监控方法,其特征是所述的密钥为内容密钥,它是和特定信息内容相关联的唯一密钥,它是在添加标签的时候生成的,代理服务器模块(6)对内容加密以及浏览器(4)插件对内容解密都是通过该密钥进行的。8. The digital tag-based content security monitoring method according to claim 5 or 6, characterized in that said key is a content key, which is a unique key associated with specific information content, and is Generated when adding tags, the proxy server module (6) encrypts the content and the browser (4) plug-in decrypts the content through the key.
CNB021451125A 2002-11-07 2002-11-07 Content security monitoring system and method based on digital tags Expired - Fee Related CN1194498C (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CNB021451125A CN1194498C (en) 2002-11-07 2002-11-07 Content security monitoring system and method based on digital tags

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CNB021451125A CN1194498C (en) 2002-11-07 2002-11-07 Content security monitoring system and method based on digital tags

Publications (2)

Publication Number Publication Date
CN1411199A CN1411199A (en) 2003-04-16
CN1194498C true CN1194498C (en) 2005-03-23

Family

ID=4750774

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB021451125A Expired - Fee Related CN1194498C (en) 2002-11-07 2002-11-07 Content security monitoring system and method based on digital tags

Country Status (1)

Country Link
CN (1) CN1194498C (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778108B (en) * 2010-01-22 2012-10-24 蓝盾信息安全技术股份有限公司 Method and device for preventing falsification of homepage of server
CN107111605A (en) * 2014-10-07 2017-08-29 塞尼股份公司 method and system for managing file access

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100450009C (en) * 2003-06-17 2009-01-07 华为技术有限公司 Method for distributing universal label of network node
CN1315268C (en) 2003-11-07 2007-05-09 华为技术有限公司 Method for authenticating users
JP4265479B2 (en) * 2004-05-26 2009-05-20 ソニー株式会社 Communications system
CN1633065B (en) * 2004-12-28 2010-05-12 华中师范大学 System and method for secure distribution of network digital books with content monitoring
CN101193035B (en) * 2006-11-24 2011-04-20 中国电信股份有限公司 A system and method for deploying virtual private network service based on IP secure protocol
CN102509057B (en) * 2011-10-18 2015-05-13 国网电力科学研究院 Mark-based method for safely filtering unstructured data
US9275221B2 (en) * 2013-05-01 2016-03-01 Globalfoundries Inc. Context-aware permission control of hybrid mobile applications
CN105162793A (en) * 2015-09-23 2015-12-16 上海云盾信息技术有限公司 Method and apparatus for defending against network attacks
CN107528827B (en) * 2017-07-27 2020-08-18 曲立东 A digital label-based traceable data connection method and platform
CN108183915B (en) * 2018-01-15 2020-02-11 中国科学院信息工程研究所 Security label implementation system for high security level service and application requirements

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778108B (en) * 2010-01-22 2012-10-24 蓝盾信息安全技术股份有限公司 Method and device for preventing falsification of homepage of server
CN107111605A (en) * 2014-10-07 2017-08-29 塞尼股份公司 method and system for managing file access

Also Published As

Publication number Publication date
CN1411199A (en) 2003-04-16

Similar Documents

Publication Publication Date Title
US7707642B1 (en) Document access auditing
CN101207485B (en) System and method of unification identification safety authentication for users
US8627077B2 (en) Transparent authentication process integration
US7930757B2 (en) Offline access in a document control system
US8627489B2 (en) Distributed document version control
US8719582B2 (en) Access control using identifiers in links
US8832047B2 (en) Distributed document version control
EP1460511B1 (en) Reviewing cached user-group information in connection with issuing a digital rights management (DRM) license for content
US20130212707A1 (en) Document control system
US20020046350A1 (en) Method and system for establishing an audit trail to protect objects distributed over a network
CN1787513A (en) System and method for safety remote access
US20030051172A1 (en) Method and system for protecting digital objects distributed over a network
CN101064717A (en) Safety protection system of information system or equipment and its working method
CN1547343A (en) A Single Sign On method based on digital certificate
CN1713106A (en) System and method for providing security to an application
CN1194498C (en) Content security monitoring system and method based on digital tags
CN1855814A (en) Safety uniform certificate verification design
US20120089495A1 (en) Secure and mediated access for e-services
CN107948235A (en) Cloud data safety management and audit device based on JAR
CN1889081A (en) Data base safety access method and system
CN1943166A (en) Method for transmitting secured contents via internet
CN1930850A (en) An apparatus, computer-readable memory and method for authenticating and authorizing a service request sent from a service client to a service provider
CN2891503Y (en) Security protection system for information system or equipment
CN118368063A (en) A cluster implementation method and device for massive key management
CN115550047A (en) Configuration-free interface authority verification method, device and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
C19 Lapse of patent right due to non-payment of the annual fee
CF01 Termination of patent right due to non-payment of annual fee