信息安全研究 ›› 2019, Vol. 5 ›› Issue (6): 521-527.

• 技术应用 • 上一篇    下一篇

基于密码技术的党政机关电子公文系统数据安全问题研究

孟斌   

  1. 北京邮电大学
  • 收稿日期:2019-06-03 出版日期:2019-06-15 发布日期:2019-06-03
  • 通讯作者: 孟斌
  • 作者简介:孟斌 1986-,女,博士研究生,工程师,主要研究方向:电子政务、数据安全、密码技术。

Research on Data Security of Electronic Official Document System of Party and Government Institutions Based on Cryptography

  • Received:2019-06-03 Online:2019-06-15 Published:2019-06-03

摘要: 党政机关电子公文系统是处理、流转、存储我国政务办公电子文件的重要应用系统,保障数据安全是实现其安全可靠的基本内容.分析了电子公文系统3个关键数据交互过程中的主要安全风险,并分别提出基于密码技术的典型安全保障机制.特别针对数据管理过程中的防泄密难点,创新性地提出“防内不防外”的信息保护方案思路,重点针对内部管理人员的数据安全风险,将授权与加密机制相结合,实现“一文一密”的细粒度管控.最后以电子公文传输系统应用场景为例,阐述了该方案保护电子文件类数据安全的机理和效果.

关键词: 电子公文系统, 数据安全, 密码技术, 内部管理, 电子文件

Abstract: The electronic official document system of the party and government institutions is an important application system for processing, transferring and storing electronic files of government offices in China, and data security is the basic content for realizing its security and reliability. This paper analyzes the main security risks in the three key data interaction processes of the electronic document system, and proposes a typical security guarantee mechanism based on cryptography. Especially for the difficulty of antileakage in the data management process, this paper innovatively puts forward the data security encryption idea of “internal risk more important than external risk”, focus on the risk of internal management personnel, and combines authorization and encryption mechanism to achieve “one document and one secret”. Finally, taking the application scenario of the electronic document transmission system as an example, the mechanism and effect of the scheme to protect the data security of electronic records are expounded.

Key words: electronic official document system, data security, cryptography, internal management, electronic records