1 Function introduction The
system functions include five functional modules: document anti-leakage, traceability after leakage, internal security management, approval output, and document access audit.
1.1 Document Anti-Leakage
All generated secret-related electronic documents will be compulsorily transparently encrypted. Encrypted documents can only be used on computers where the system has been deployed,
and cannot be used on computers where the system has not been deployed. By any unauthorized means (including U disk copy, email sending, QQ
and other instant messaging tool transmission, transmission via infrared bluetooth device, CD burning, copy made into a compressed package) is taken out of confidential documents,
can not be on an external computer Used on.
1.2
The unique identifier assigned to the computer by the traceability system after the loss of secrets . The identification code is embedded in all secret-related electronic files generated by the computer terminal. When a
leak occurs, through the review of the electronic file, it can be traced back to which computer the file was leaked from.
1.3 Internal security management
1.3.1 The sub-department management
system judges whether the host has access authority to the file based on the identification code on the file and the identification code of the computer. Owner of the file
may authorize self-generated electronic documents can be used by other departments of the computer, and can limit the use of each other's rights, including
including whether to allow the other party to modify and expiration time.
1.3.2 Secret-level management of the
same department. The documents of the same department are used at different secret-levels. Documents generated by a high-density computer cannot be used by a low-density computer. The secret level is divided into 10
levels, which are represented by the numbers 0 to 9, respectively, 0 means the lowest secret level, and 9 means the highest secret level. Owner of the file may authorize self-generated electricity
sub-document can be used with the computer department, and can limit the use of each other's rights, including whether to allow the other party to modify and expiration time.
1.4
There are four roles in the approval output system. System administrators, ordinary terminals, department leaders, and leaders in charge. System administrators, department leaders, and leaders in charge
have permission to go out for approval. The employees of each department approve documents going out, and the approver is the leader of the department by default. When the unit
door leading out documents, submitted for approval who is in charge of the default of its leadership.
The administrator can enable the "automatic approval" function permission for the terminal. When going out, the terminal has this privilege can not be approved until
then to go out. Outgoing operation records and outgoing files will be automatically stored on the server for inspection and auditing.
1.5 Document access audit records
When system administrators, department leaders, and leaders in charge approve documents, all approval records will be uploaded to the server. Including applicant,
document name, document introduction, reason for going out, replying person, replying time, and whether going out is allowed or not.
When the file is authorized to be used by other departments or other computers in the same department, the approval record will be uploaded to the server. File contains
pieces of information about the owner, the owner of the department, the recipient, the recipient department, file names, permissions, and so on. Thus, there is a
record of the internal circulation of the file, and there is also a record when the file is output by the unit. Two sets of audit records can completely track the circulation process of files.
The file operation log is bound to the data. When files are copied and edited, the log is not lost. Accurate log inspection.
1.6 Security enhancement strategy The
system provides security enhancement strategy to control data leakage by other means.
Clipboard control, forbid untrusted processes to obtain data from the clipboard, and use the clipboard to exchange data between trusted processes.
Unknown extension control, detects the generation of unknown file extensions, and enables automatic encryption.
Print monitoring, record the print content of the end user.
1.7 Support applications
Support various mainstream applications such as OFFICE, CAD, PhotoShop, etc.
2 Technical principles The
system is developed based on LayerFSD technology. This module is the core part of the system, it is difficult to develop, and the development cycle is long. The system adopts the
self-developed LayerFSD kernel, after several years of application and transformation, it has strong stability.
Support various file systems: NTFS, FAT, MRXSMB, UDFS, CDFS and other mainstream file systems.
Compatible with NTFS encryption and compressed files . Support the network neighborhood file system, the client can also access encrypted files when the driver is not installed on the server.
3 Cooperation mode
supports product ODM/OEM, product customization, driver SDK, driver-level source code cooperation.
contact details. QQ:7_6_2_1_8_8_3_3_6