Search

CN-122027361-A - Hierarchical control using method and device for encrypted mapping result file and electronic equipment

CN122027361ACN 122027361 ACN122027361 ACN 122027361ACN-122027361-A

Abstract

The invention provides a hierarchical control using method, a hierarchical control using device and electronic equipment for an encrypted mapping result file, belonging to the technical field of network security, wherein the method comprises the steps of obtaining authorization codes corresponding to computer network equipment information, encrypting a target file based on the authorization codes and generating an encrypted file; the encrypted file comprises data of at least one security level of a common level, a sensitive level and a security level, security verification is carried out under the condition that the encrypted file is identified to be opened, global mark quantity content is obtained under the condition that the security verification passes, networking state of the encrypted file is determined based on the global mark quantity content, network risk level is determined based on the networking state, and use authorities corresponding to data of different security levels in the encrypted file are determined based on the risk level. The method and the device can solve the technical problem of insufficient suitability caused by the blocking strategy rigidification of the encrypted file and the non-combination of data importance level differentiation management and control.

Inventors

  • HUANG YING
  • HU JIN
  • HU ZHIGANG
  • XIANG JINXIANG
  • ZHANG QIN
  • Peng Niyan
  • XIONG JINBAO
  • Tao Mengsi
  • ZHOU YUXUAN
  • Cai Yanmeng
  • CHEN KANG

Assignees

  • 长江航道局
  • 长江航道测量中心
  • 武汉圆周率软件科技有限公司

Dates

Publication Date
20260512
Application Date
20260410

Claims (10)

  1. 1. The hierarchical control using method of the encrypted mapping result file is characterized by comprising the following steps of: acquiring an authorization code corresponding to computer network equipment information, and encrypting a target file based on the authorization code to generate an encrypted file, wherein the encrypted file comprises data of at least one security level of a common level, a sensitive level and a security level; under the condition that the encrypted file is identified to be opened, carrying out security check, and under the condition that the security check passes, acquiring global mark content; determining a networking state of the encrypted file based on the global marker content, and determining a network risk level based on the networking state; And determining the corresponding use authorities of the data with different security levels in the encrypted file based on the risk level.
  2. 2. The hierarchical control usage method of an encrypted surveying and mapping effort file according to claim 1, wherein, in case that it is recognized that the encrypted file is to be opened, security check is performed, comprising: Checking file authorization information of the encrypted file under the condition that the encrypted file is identified to be opened; and under the condition that the verification of the file authorization information is passed, carrying out secondary password verification on security data in the encrypted file based on the computer network equipment information, and under the condition that the secondary password verification is passed, determining that the security verification is passed.
  3. 3. The method for hierarchical control usage of an encrypted mapping result file according to claim 1, wherein the network risk level comprises a high level, a medium level and a low level; determining a networking state of the encrypted file based on the global marker content, and determining a network risk level based on the networking state, including: Determining that the network risk level is a high level if the state of whether the computer network equipment is networked is unknown based on the global marker content; And under the condition that the network risk level of the computer network equipment which is not networked currently and is high in level before the computer network equipment is offline is determined based on the global mark amount content, determining the data of the common level and the sensitive level in the encrypted file, wherein the corresponding network risk level is a medium level.
  4. 4. The hierarchical control usage method of an encrypted mapping result file according to claim 3, wherein determining a networking status of the encrypted file based on the global marker content, and determining a network risk level based on the networking status, further comprises: and determining the network risk level based on the network type, the proxy state, the hot spot sharing state and the trusted network certificate state of the computer network equipment under the condition that the computer network equipment is not networked currently based on the global mark amount content.
  5. 5. The hierarchical control usage method of an encrypted mapping result file according to any one of claims 1 to 4, wherein determining usage rights corresponding to different security level data in the encrypted file based on the risk level comprises: under the condition that the risk level is high, prohibiting the use of the data of the sensitive level and the security level in the encrypted file; and under the condition that the risk level is a medium level, limiting the use of the sensitive data in the encrypted file according to the pre-allocated authority.
  6. 6. The hierarchical control usage method for an encrypted mapping result file according to claim 5, wherein determining usage rights corresponding to different security level data in the encrypted file based on the risk level, further comprises: and under the condition that the risk level is low, using the security data in the encrypted file according to preset permission.
  7. 7. The hierarchical control usage method of an encrypted mapping result file according to claim 5, further comprising: And recording access data of the encrypted file, generating an access log, and performing association analysis on the access log to generate a risk report.
  8. 8. A hierarchical control usage device for encrypting a mapping result file, comprising: the system comprises an encryption module, a target file, an encryption module and a mapping module, wherein the encryption module is used for acquiring an authorization code corresponding to computer network equipment information, encrypting the target file based on the authorization code and generating an encrypted file, wherein the encrypted file comprises data of at least one security level of a common level, a sensitive level and a security level; the verification module is used for carrying out safety verification under the condition that the encrypted file is identified to be opened, and acquiring global mark content under the condition that the safety verification passes; The risk level determining module is used for determining the networking state of the encrypted file based on the global mark quantity content and determining the network risk level based on the networking state; and the permission determining module is used for determining the use permission corresponding to the data with different security levels in the encrypted file based on the risk level.
  9. 9. An electronic device comprising a memory and a processor, wherein, The memory is used for storing programs; The processor is coupled to the memory for executing the program stored in the memory to implement the steps of the hierarchical control usage method of an encrypted mapping result file as claimed in any one of claims 1 to 7.
  10. 10. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the hierarchical control usage method of an encrypted mapping outcome file as claimed in any of claims 1 to 7.

Description

Hierarchical control using method and device for encrypted mapping result file and electronic equipment Technical Field The invention relates to the technical field of network security, in particular to a hierarchical control using method and device for an encrypted mapping result file and electronic equipment. Background The current mainstream mode in the geographic information industry is to implement transparent use of encrypted data by adopting a transparent encryption technology. The data is encrypted before being sent out, and then the time and the computer for using the encrypted data file are controlled by authorization, and the data file and the derivative file thereof are in an encrypted state in the using process. The authorization expires and the encrypted data file is not available on the unauthorized computer. The file encryption adopts a cryptography technology to convert the file content according to a certain algorithm, so that the real content is hidden, the content cannot be illegally acquired, and the aim of safety is fulfilled. Even if an imaginary illegal person can fully take the encrypted file, the file still maintains the ciphertext state. The hypothetical illegal person may even know the encryption algorithm used by the file and the encrypted content can remain secure as long as there is no key. The transparent use is a transparent file encryption technology which is generated aiming at the file confidentiality requirement, and is mainly applied to the electronic file data security management. Transparent encryption means that the file is encrypted or decrypted during use, and is automatically performed without user intervention, and the user is virtually unconscious. When a user opens a file, the encrypted file is automatically decrypted, and when the saved file is edited, the file is automatically encrypted. Files generated during execution of the computer program (including, but not limited to, temporary files, transitional files, random files, exported files, etc.) are automatically encrypted. Thus, whether the file is stored, the converted format (including unknown format) is strictly protected by encryption, and the plaintext content of the encrypted file cannot be obtained even if a file recovery tool is used. The file is always ciphertext on the disk, once the file leaves the use environment, the encrypted file cannot be opened or is messy, so that the function of protecting the content of the file is achieved. The implementation of transparent use has the additional premise that a transparent encryption client applet (hereinafter referred to as a client) needs to be additionally installed, the client program runs on a computer background, and authorization information is identified and judged, so that the service life of data is controlled, a used machine is verified, and the encrypted data is transparently used in a designated application program through a HOOK technology. Although the limitation of the term and the limitation of the functions of the computer when the data file is used can be realized by the transparent encryption technology, with the development of the internet and the remote technology, the computer can be remotely used by anyone in any place on the earth through the internet, which is equivalent to the leakage of the data file on the computer. The prior art has the defects that the blocking strategy of the encrypted file is rigidified, and the adaptability is insufficient due to the fact that important level differentiation management and control of the data are not combined. Disclosure of Invention In view of the foregoing, it is necessary to provide a hierarchical control usage method, device and electronic equipment for an encrypted mapping result file, so as to solve the technical problem of insufficient suitability caused by the blocking policy rigidification of the encrypted file and the non-combination of data importance level differentiation management and control. In order to solve the above problems, in a first aspect, the present invention provides a hierarchical control usage method for encrypting a mapping result file, including: acquiring an authorization code corresponding to computer network equipment information, and encrypting a target file based on the authorization code to generate an encrypted file, wherein the encrypted file comprises data of at least one security level of a common level, a sensitive level and a security level; under the condition that the encrypted file is identified to be opened, carrying out security check, and under the condition that the security check passes, acquiring global mark content; determining a networking state of the encrypted file based on the global marker content, and determining a network risk level based on the networking state; And determining the corresponding use authorities of the data with different security levels in the encrypted file based on the risk level. In some possible embodiment