【作者】 程璐；

【导师】 辛阳；

【作者基本信息】 北京邮电大学 ， 信息安全， 2013， 硕士

【摘要】 互联网的飞速发展和普及应用加快了网络化办公的步伐。近年来,人们在企业办公过程中借助计算机创建和处理敏感信息的情况日益增多,使得保护企业信息和数据成为企业正常运转中的重中之重。本论文正是以此为背景,对当下已经成型的电子文档保护技术的研究现状进行了综述。通过对比分析,找到它们各自存在的问题,以此为切入点展开研究,最终设计并实现了一套改进的电子文档权限管理系统。文档的保护必须通过加密来实现。因此论文首先对加密技术进行了系统的研究,以密码学基础知识的研究成果为基础,深入研究公钥基础设施的工作原理以及真正用于加解密的CryptoAPI技术。另外,针对现有电子文档保护技术中密钥管理的不安全性,论文研究了一种基于USBKey的公钥加解密方式,并利用本地数据库对密钥和权限进行管理。最后,论文对线程同步技术进行了研究,旨在利用这种方式,以服务器为中介,进行客户端之间的密钥和权限的同步。通过这些技术,可以有效弥补现有同类产品密钥管理不安全且不支持离线使用的缺陷。在完成了对上述同类技术发展现状的阐述以及相关技术研究的基础上,论文利用软件工程理论作为系统设计和实现的指导思想展开了对改进版的电子文档权限管理系统的设计,并重点实现了整套系统的客户端上层应用部分。这部分主要工作包括：一、针对将要实现的系统进行了系统分析,首先分析用户需求,之后对需求进行分解,得出系统的大致架构,并在系统出错处理、性能、启动和退出方式方面提出了要求。另外针对各种将要用到的技术一一进行分析,对比同类技术并根据系统的实际情况选用一套最合适的技术。二、在分析的基础上进行了系统设计,包括总体架构设计、本地数据库存储结构的设计以及客户端上层应用模块的详细设计。三、通过编码实现了系统客户端界面、本地数据库访问模块、客户端和服务器的同步模块以及文件加解密模块。四、对于最终实现的系统客户端部分进行了恢复测试、安全性测试、压力测试和性能测试。此系统的优势在于对于文档的加解密借助于USBKey, USBKey的特点是加解密均在USBKey内部实现,相对于普通的公钥加解密机制更为安全。其次,加密后的文档无需借助专用的阅读器,不改变用户原有习惯。除此之外,系统支持离线使用文件,弥补了同类现有产品在用户离线状态无法实现管理控制的不足,并且能够保证在突然断网的情况下系统仍然能够正常工作。在实际应用中,课题研究的系统能够有效加强企业内部电子文档本身的安全性,而且保护传输与使用过程的安全性,同时能够控制文档访问权限。更多还原

【Abstract】 The pace of networked office is enhanced by the rapid development and widely being used of the Internet. In the recent years, the situation of people handling digital sensitive docoument in the enterprise by using computers is becoming more and more frequently. Therefore, protecting the information and data of the enterprise during the business development is becoming one of the most important missions.On such a background, the thesis introduces the current research situation of the technique of digital document protection, finding the shortage of each protecting method by comparation. And then, on the base of this beginning point, the thesis analyzes, designs and implements an advanced digital document privilege management system.Encryption must be used for document protection. On the consequence of this, the thesis firstly does research on encryption technique, public key infrastructure and CryptoAPI. Moreover, considering the insecurity of the key management method of the current digital document protection, this thesis designs a public key encryption method based on USBKey, and a method of managing keys and privileges by using local database. At last, thread synchronization technique will be discussed which will be used to make keys and privileges synchronized via the server. With all of the techniques talked above, the disadvantage of key management and not supporting offline in other similar document protecting methods will be diminished.On the base of this, the thesis uses the the thoughts of software engineering in order to implement a digital document privilege management system, and focuses on the upper application of the client of the whole system, includes:1. Analyze the system that to be implemented. First, user demands will be analyzed and separated into different modules for the sake of getting the skelinton of the system. And then, the thesis enhances the demands of handling error, proformance, start and exit method. Futhermore, the techniques which will be used during the implementation will be analyzed and compared one by one in order to help choosing the most suitable method to build the whole system.2. Design the system on the base of system analyzing, including designing the skelinton of the whole system, the physical storage of the local database, and also the digital design of the upper application modules of the client.3. Implement the user interface, the local database accessing module, the synchronization module and crypting and decrypting module of the client.4. Do recovery testing, security testing, stress testing and proformance testing on the client of the whole system.The advantage of this system is that encryption and decryption are all depended on USBKey which can complete encryption and decryption inside. It is much safer compared with usual public encryption method. On apart of this, encrypted files can be used without depending on any other specific reading software. Furthermore, offline using is supported by the system implemented by this thesis, making up the disadvantage of other usual document protecting systems which can not support offline using. This system can work well even the network shutdowns unexpectively.In practical applications, this system can effectively reinforce the security of digital document inside the enterprise, protect the security of the process of transporing and using, and control the privilege of the digital doument.更多还原