Method and system for analysis of printed document for availability of confidential information

FIELD: information technologies.

SUBSTANCE: in invention it is automatically detected, which is the category of printed document, and unauthorised printing is prevented. In method printed document is analysed for availability of confidential information, system comprises user device, printing device, server of printing control service, converter unit, server of databases, file storage, unit of recognition, server of context analysis and alarm service.

EFFECT: provision of information safety, detection of document flows containing confidential information and requiring high extent of control.

2 cl

 

The invention relates to the field of data networks, and more specifically to a system and method for document management and printing processes.

Known accounting system providing banking services, providing automatic enrolment pension current pension account, allowing for the introduction of electronic document management, automation of settlement, reporting and control (patent RU 2100841 G06F 17/60, 1997).

Also known device for counting documents containing the guide bar defining a guide surface of the transportation documents, right, center and left sensors generating respective signals in response to the presence of part of a document the relevant part of the guide surface, the digital device for taking samples of the signal left or right, or Central sensors with obtaining their respective representative values, and a programmable controller connected to the digital device for taking samples and programmed to receive the count of documents, control signals to control the operation of the device and status signals to control the operation of the device in response to the respective representative values (patent RU 2144697 G07D7/04, 2000).

Described analogues complex and not adapted to the solution of the problem defined, the population average volume printing and copying if you have multiple users.

The closest analogue of the present invention is a document management system that contains at least one server connected to the data network and to the data network connected to at least one user device, in fact the server is connected to at least two peripheral devices, and the said server is connected to at least one computing device volume printing and copying, at least one computing device volume printing and copying for each peripheral device, at least one sensor technical wear peripheral devices and the data storage server contains information about the cost of one printed or otkopirovalos sheet for each of the at least two peripheral devices (see patent RU 59857 U1, G06F 12/00, 2006).

The disadvantages are the closest analogue of the present invention should include the inability to determine whether unauthorized printing.

Providing alerts and prevent unauthorized printing is one of the purposes of the present invention. Thus, the aim of the invention is to enhance information security.

Data leakage through printing-copyofunboxedvalue every year becomes more and more dangerous threat to information security.

As statistics shows, the costs of organizing paper documents reach 10% of the total cost of the company: it is not only direct (cost of consumables, spare parts, maintenance equipment)and indirect costs (staff time to document production, downtime, illiquid residues of these materials in warehouses and so on).

The above problems are particularly relevant for large enterprises with large volumes of printing.

The most effective way to protect against leaks is the use of systems that provide workflow, integrated information products, one of these is the invention-Aspem (Automated print management system and monitoring), which are the core Xoopic (integrated management system processes printing and copying.

The purpose of the system is to control the content of a printed document on the subject of the confidential information immediately after printing, the definition of user rights to print this information and notification of security personnel in the event of unauthorized print session.

Thus, the objectives of the invention are:

1. to improve the information security of the enterprise;

. creation of a centralized monitoring system of printing processes in the organization.

The tasks are solved using the proposed integrated control system of the printing processes (ksopp), which allows to carry out:

1. control of printing processes documents;

2. managing printing processes;

3. managing a fleet of copier-printer equipment,

4. full maintenance copier-printer

equipment.

The technical results of the proposed control printing processes are:

1. information security;

2. the definition of a document containing confidential information and require a high level of control;

3. the alert system security services about the presence of unauthorized printing;

4. the definition in the automatic mode, to which of the categories relates to a printed document;

5. prevent unauthorized printing. Integrated management system processes the print performs automatic control and optimized management.

These technical results are achieved through the implementation of the method of analysis of the printed document for the presence of confidential information, comprising the steps:

sending from polzovateley is the first device to the printer command to execute printing of the document;

create an image file of the document;

receipt printing device command to execute printing of the document;

printing a document printing device, however after creating the file document image, the obtained image of the document:

send through a server that controls the printing unit Converter;

retain the information in the database;

using unit Converter converts the image of the document, receiving stored in the image text.

save the resulting text in a file as a text image of the document;

text the image of the document remain in the file repository;

send a text image of the document on the server context analysis;

loads of key phrases and their sequential search in a text document image is case-insensitive and morphology;

produce incremental search text content of the document among all documents included in the templates;

determine morphological group and define them on the basis of the probability content in the text of the confidential information;

in case of detection of confidential information referred to in the text image of the document, send a message to the service signaling in the workplace employee of the Department of safety and record the fact in the database.

Method of analysis the location is atomnogo document for the presence of confidential information is implemented by the context analysis for the presence of a printed document confidential information, the system includes a user device, printing device, the server controls the print unit Converter, database server, file storage, the unit recognition server context analysis and service alarm systems, and a user device connected to the printing device and the service server, the print control connected to the database server, and a unit Converter, connected to the database server, file storage and recognition block connected to the server context analysis, coupled with file storage and service of alarm.

The system is running special software.

Functionality servers, units and devices included in the proposed system, is provided by the developed software according to the testimony No. 2008611915, No. 2008611916 and No. 2008611917.

Program certificate No. 2008611915 monitoring System, the printed document is intended for monitoring of printed documents; organize and analyze the statistics produced print at user-specified periods; output analysis results in tabular and graphical forms, with the possibility of additional operations aggregate data; outputting results of the analysis of the press; preparation of a summary report is about printing in the organization for a specified period.

Program certificate No. 2008611916 Service monitoring print queues allows the collection of information on printing devices, the printing processes in the system, as well as images of printed documents and the recording of information in the database; to collect information from client services for the organization of monitoring print.

Program certificate No. 2008611917 Server service context analysis" is intended for full-text search and semantic analysis of the data in accordance with predetermined parameters required information and user rights to print using the search function of files on the platform Searchlnform and communication system client applications based on TCP and UDP.

The system is built based on the architecture of client-server. Access rights for printing is performed using the categories of the documents. Each category represents a set of templates of documents, United by a common thematic focus. For each user defined set of categories that are allowed to print.

The server part is based on the functionality of the SDK Searchlnform. The main function of the server part is to estimate the percentage similarity (relevance) of the contents of this printed document with erimem template documents for each category.

Server Searchlnform provides structuring unstructured information across the enterprise and create a search engine for further processing.

The exchange of information between the client and server is carried out according to the standard UDP Protocol.

The client part is the service alerts (user device)installed on the workplace of the employee's security Department and representing the resident module that when a message is received from the server part displays a message box.

Identifying a set of printed document to one of the existing categories is the key moments of this stage of analysis. If the user does not have rights to print documents of the category to which the results of the analysis belongs to a printed document, the unit of analysis, the message for security Department, informing unauthorized printing.

The implemented system was used: language features C# platform Framework.NET 2.0 using ADO.NET to write working code; language features in C++using MFC to write working code; Microsoft SQL Server 2005 to create and manage databases used by the system; SDK Searchlnform Server Searchlnform) for direct access to functions, the OS is westblaak determination of the degree of similarity of the content of the printed document with the contents of the previously created text templates.

The interaction between the client and server applications based on the network protocols TCP and UDP.

This system of analysis of the printed document for the presence of confidential information implements the method of the analysis of the printed document for the presence of confidential information is carried out as follows.

On the user device, the command to print the document, with the image document format of the printer (in case of use on the user's device Windows operating system, this file will have the extension *.spl), on which printing will occur, is supplied to both the printer and the service server of the print control block (SpMS). In the file name contains the date and time of creation of the image of the document, its size, ID, and format.

The service server print control directs mentioned the image of the document in the format of a printer driver on the block conversion of document images, simultaneously sending to the database server information, from which the user device was made the print request, the name of the user who submitted the request, and of his right of access, the name of the printed document, the time of creation of the image of the document in the format of a printer driver. At the same time on the database server saves all received information is required.

The processing block of the document image (unit Converter) referred to the image of the printed document in the format of a printer driver is converted into a cross-platform format of electronic documents (preferably in Portable Document Format (PDF)created by Adobe Systems).

Next, the document is converted to PDF format, receives a new name and enters the file storage, where it is stored.

Also, the document is fed to the block in which the said document in PDF format with the content of the original document in graphical form is converted to a PDF file with the content of the original document in text format and sent to the server context analysis.

The server context analysis compares the text contained in the file received from the recognition block, with each of the files included in the N templates, receiving the value of the match (relevance), expressed as a percentage. Category template documents which have the greatest relevance and higher than the permissible level, is assigned to the analyzed file received from this block.

Contextual analysis of the contents of a text image of the document on the existence of the confidential information consists of three stages:

pre-stage, stage categorization and stage of clustering. Data stage is implemented by a server context analysis.

Preliminary stage:

At this stage, loads of key phrases and their incremental search text is case insensitive. Search at this stage does not take into account the morphology. The presence in the text of at least one phrase from the list says about unambiguous toiletries document to the DSP.

Stage categorization.

At this stage sequential search text content of the document among all documents included in the templates, and determines the degree of similarity (relevance) with each of them. Then determined by the maximum value relevance among the sample, which is calculated threshold value. Next, an average value is calculated relevance within each template. The excess of the average value relevance over the threshold speaks about the ownership of the document to the category this template. The decision to uniquely belonging to a particular category shall be made only in the case when the threshold value is exceeded by the average value relevance of one template. In other cases, it is necessary to stage clustering.

Stage clustering.

The next step is splitting the text at the word with the definition of the morphological groups and determining on the basis of their probability of containing the text of the confidential information (EmOC is emer, the list of names, phone numbers, IDs, etc).

The server context analysis determines whether the user has the right to print documents assigned to the category and, in the absence of rights, sends a command to the database server for registering event of unauthorized printing, and displays a corresponding message service signaling, which is the workplace of the security Department.

This method of analysis of the printed document for the presence of confidential information may be implemented using machine-readable media containing software that when executed on the computing machine manages the document management system.

1. The method of analysis of the printed document for the presence of confidential information, namely, that:
sent from a user device, the printer a command to execute printing of the document;
create an image file of the document;
get the printing device to execute printing of the document;
produce printing a document printing device, characterized in that it further comprises the steps are:
after creating the image file of the document is received the image of the document sent by the server services the print control block Converter;
using unit Converter converts the image of the document, receiving stored in the image text;
record information about the file in the database;
save the resulting text in a file as a text document image;
text the image of the document remain in the file repository;
send a text image of the document on the server context analysis;
loads of key phrases and their sequential search in a text document image is case-insensitive and morphology;
produce incremental search text content of the document among all documents included in the templates;
determine morphological group and define them on the basis of the probability content in the text of the confidential information;
in case of detection of confidential information referred to in the text image of the document, send a message to the service alarm.

2. System analysis of the printed document for the presence of confidential information containing a user device, printing device, the server controls the print unit Converter, database server, file storage, the unit recognition server context analysis and service alarm systems, and a user device connected to the printing device and the service server print control, the connection is authorized to the database server and unit Converter connected to the database server, file storage and recognition block connected to the server context analysis, coupled with file storage and service of alarm systems.



 

Same patents:

FIELD: information technologies.

SUBSTANCE: method includes receiving information entered in natural language and analysis of information entered in natural language to identify contained in it semantic information. For part of information entered in natural language, correspondence with "command" objects and "object" objects of scheme based on semantic information and entered in natural language information. The method also contains representation of data from data source in a table of columns and rows on the basis of scheme and corresponding parts of information which has been entered in natural language.

EFFECT: providing more effective interface for creation and representation of table with information from data source.

35 cl, 5 dwg

FIELD: information technologies.

SUBSTANCE: invention is related to facilities of training and science research automation and may be used in interactive systems of research and development works automation in process of software (SW) verification in distributed computer complexes (DCC). Suggested method and system for its realisation provide complete manageability and observability of the main processes of SW initial code verification. At the same time at each level of DCC processes of SW initial code input and processing are combined along dependent or independent interface channels, on the basis of application of sensor or mechanical manipulators of computer operator workplace, network interfaces of local or global network Sections or points of SW initial code vulnerability are defined on the basis of SW initial code transformation into internal representation, which is stored in the form of databases and knowledge bases, and sections or points of SW initial code vulnerability are defined on the basis of automatic making and solving of according equation systems.

EFFECT: expansion of functional resources of DCC SW verification processes

9 cl, 40 dwg, 26 tbl

FIELD: information technologies.

SUBSTANCE: invention is related to facilities of training and research automation and may be used in interactive systems of research and development works automation in process of software (SW) verification in distributed computer complexes (DCC). Suggested method and device for its realisation provide complete manageability and observability of the main processes of SW initial code verification. At the same time processes of SW initial code input and processing are combined along dependent or independent interface channels, on the basis of application of sensor or mechanical manipulators of computer operator workplace, user interfaces of local or global network. Sections or points of SW initial code vulnerability are defined on the basis of SW initial code transformation into internal representation, which is stored in the form of databases and knowledge bases, and sections or points of SW initial code vulnerability are defined on the basis of automatic making and solving of according equation systems.

EFFECT: expansion of functional resources of DCC SW verification processes.

9 cl, 39 dwg, 26 tbl

FIELD: physics; computer facilities.

SUBSTANCE: offered invention concerns ways and systems for transformation of object of one type in object of other type. Transformation can be carried out in an augmented agent of serialisation which carries out serialisation, deserialisation and transformation of objects of various types. Changes during performance are imported to operation of an agent of serialisation by means of one or more procedures of expansion which realise required configuring for specific needs or expansion, thus not demanding replacements of other available procedures. On the basis of the information on the type, identified for initial object, object will converse to the intermediate representation which supposes change during performance, including change of names of object, types of object and object data. The intermediate representation of initial object change according to procedures of expansion which make changes to operation of a resort of serialisation during performance, and the intermediate representation will converse to target object or type.

EFFECT: possibility of change or configuring for specific needs of operation of transformation process to performance time.

35 cl, 7 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to processing of electronic ink. Method of the first data structure matching with the second data structure consists in the following: for every unit of the second data structure it is defined whether this unit received change from appropriate unit in the first data structure; for every unit in the second data structure, for which it has been defined that it received change from appropriate unit in the first data structure, attempt of access is realised to this unit in the first data structure; if mentioned unit in the first data structure is unachievable, realisation of mentioned change is prevented in the second data structure; if it is achievable - it is defined, when mentioned change in relation to the second data structure creates optional collision, and sometimes obligatory collision; if change creates optional collision, it is defined whether it is prohibited by collision criteria; if optional collision is not prohibited, mentioned change is performed; if it is prohibited - realisation of mentioned change is prevented, at that mentioned collision criteria prohibit removal of ink strokes from end unit under fixed unit.

EFFECT: expansion of method functional resources.

12 cl, 49 dwg

FIELD: physics, computer facilities.

SUBSTANCE: invention concerns computer facilities. The system of transformation of the files, having at least one file, associated with one or more non-structured properties is given. The output agent of properties of a file manipulates with non-structured properties according to one or several structured properties, associated with medium of storehouse of the structured objects. If not structured file be used in a context of medium of storehouse of the structured objects, unfolding operation is carried out for updating of not structured properties in a file in the structured properties approaching for operation in the environment of storehouse of structured objects. If concerning the developed device the manipulation in the environment of storehouse of the structured objects be executed, operation of compression or an inverse transformation is carried out for updating of properties in the file.

EFFECT: interaction and compatibility possibility between non-compatible data systems.

26 cl, 9 dwg

FIELD: computer science, in particular, engineering of automated system for distributed processing of text documents.

SUBSTANCE: system contains block for receiving text documents, blocks for identification of base address of text documents, block for selection of structure of text document, block for modifying record address for text document, block for selecting sections of text documents, block for addressing sections of text documents, block for modifying record address of text document, block for selecting sections of text documents, block fro addressing sections of text documents, block for modifying reading address of text document section, block for receiving text documents of executives, block for identification of base address of documenting of sections of text documents, block for recording number of completed tasks, block for modification of address of record of completed tasks, block for commutation of channels for dispensing text documents and block for dispensing data and control signals.

EFFECT: increased speed of operation of system by means of localization of addresses of text documents in system database by identifiers of the very text documents.

13 dwg

FIELD: the invention refers to the system of remote training.

SUBSTANCE: the system has an arrangement for providing training in rendering training services through a net; an arrangement for transmitting texts connected with training aids, an arrangement for evaluation of reception of the answer through a net; an arrangement for transmitting of evaluation of transmitting the result of evaluation to a user; a database about members supporting training; an arrangement for selection of supporting members for reception of inquiry about support from the user through a net and for selection of a member for training in required field of specialization; an intermediary arrangement for connection for fulfillment of the role of the mediator at connecting the contact address of the selected member supporting training and the user through a net.

EFFECT: allows to provide services in training with dynamically changing training changes depending from the evaluation of the degree of perception in remote system with corresponding support.

6 cl, 9 dwg

The invention relates to the publishing industry and can be used for the preparation and issue of reference books
The invention relates to the field of electronics and is designed, for example, to use auxiliary data arrays in the conversion process and/or verification of computer codes in the form of symbols, and the corresponding portions of the image

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to systems and methods of accessing information. A system and a process for interacting with a system in unprotected state are described. Before entering the protected state of a computer system, a user can access limited information which includes calendar information relating to meetings on that day etc. In certain aspects of the invention, a user can interact with displayed notes for receiving handwritten or printed notes. Aspects of the described system and method provide the user with possibility of browsing or interacting with a computer before entering the protected state of the computer system.

EFFECT: fast access to required information.

20 cl, 11 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to a system for controlling access to digital content. The user license has decryption and authorisation parts. The decryption part is only accessible for that user and has a key (KD) for decrypting the corresponding encrypted digital content, as well as validation information which includes identification of the root confidential legal source. The authorisation part described rights granted relative the digital content and conditions which must be satisfied in order to grant the rights and has a digital signature. The user accesses the decryption part and validates the contained information in order to validate the digital signature of the authorisation part. If conditions in the authorisation part allow this, rights in the authorisation part are granted by decrypting the encrypted content using the decryption key (KD) from the decryption part and the decrypted content is transmitted.

EFFECT: possibility using several root confidential legal sources and determine which of the said sources can be used for authentication.

15 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: portable data carrier contains carrier memory (12) for storage of data, containing biometric template (13) and set of commands (15), in compliance with which operation of portable data carrier is organised to perform the function that depends on the field of application, in which portable data carrier is used, and also communication facility (11) of carrier for contact-free reception and transfer of data. Portable data carrier is characterised by the fact that it additionally contains processor facility (16) of carrier to compare biometric template to biometric sample (23) received from external device (20), and by the fact that it is arranged with the possibility to perform process of acknowledgement with external device, and to perform specified function and transfer its result to outer device only in case, when biometric sample matches biometric template.

EFFECT: reliable and safe portable data carrier, which may be used as identification facility.

34 cl, 4 dwg

FIELD: information technologies.

SUBSTANCE: method and computer-read medium are provided for navigation between attachments in messages of electronic mail. According to method, a list of electronic mail messages is reflected, which includes information of heading associated with each message. When one of messages is selected in the list, it is identified, whether selected message contains attachments. If selected message has attachments, identifier reflects next to information of heading for each attachment. Identifier identifies that attachment is associated with selected message and may represent another information, such as type and size of attachment. Identifiers are reflected so that to clearly inform the user about the fact that attachments are associated with selected message of electronic mail. Identifiers may be selected for preliminary preview of according attachment.

EFFECT: possibility for the user to quickly identify and select attachment into message of electronic mail from any number of attachments.

14 cl, 8 dwg

FIELD: information technology.

SUBSTANCE: method of providing data objects on rights for issuing to a device has access to encrypted content relating to one of several events and is provided with indication of position, from which the data object on rights can be requested, and event information uniquely associated with the event. The device includes a function of an agent for providing a request for a device which issues data objects on rights from the said position, and data which represent event information. The method involves steps on which a request and data representing event information are received, and a data object on rights is generated, which includes event key information which enables encryption of content data relating to the event uniquely associated with the event information. The event key information is generated using a cryptographic function relative at least part of the event information.

EFFECT: possibility of a device which provides data objects on rights working relatively independent of a content supplier.

12 cl, 4 dwg

FIELD: information technology.

SUBSTANCE: invention relates to processors, particularly to a method of reducing power consumption when caching data with write behind by checking the modified bit (GMI), which indicates whether any cache memory element with write behind contains any altered data. The processor includes cache memory having at least one element controlled by a write behind algorithm. In case of cache miss, if the GMI indicates that not any of the cache memory elements with write behind in the given cache memory contains altered data, data extracted from memory are stored in a selected element without preliminary reading by the said element. In cache memory divided into banks, two or more GMI banks can be associated with two or more banks. If there is an n-dimensional set of associated cache memory elements, n GMI sets can be associated with data of n sets.

EFFECT: increased processor efficiency and reduced power consumption.

10 cl, 2 dwg

FIELD: information technology.

SUBSTANCE: device for saving power when reading the register from a register file has a processor for reading operands which enables command execution, a physical register file (PRF) with operands to be read by the processor; a tag array having an address associated with a operand in the PRF, and an attribute which describes operating status of the processor; a tag comparator array, where each tag comparator array compares the operand address generated by the processor with the tag, coincidence of the tag during comparison is required for reading the operand from the PRF; and an operating status comparator array, where each operating status comparator is associated with a tag and compares the attribute with the current operating status of the processor and activates or blocks the associated tag comparator, where not all tag comparators are activated. The method describes operation of the said device.

EFFECT: power saving when reading the register from a register file.

20 cl, 6 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention relates to information processing systems and in particular to protection of a data storage device in an information processing system. In the method for automatic generation of a password for a data storage device, which is part of a computer, a set of security data is automatically generated. Security data are stored in non-volatile memory. The set of security data is also programmed in the data storage device as a security code.

EFFECT: increased computer safety.

20 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: system of safety displays information related to safety, for selected object of safety support, such as user or computer system. At first safety system extracts information related to safety, which includes safety specifications, every of which has identification of object, resource and right of access for selected object of safety support. Then safety system displays identified information of object and resource together with right of access for each specification of safety. When information related to safety is stored in storage of safety support (i.e. in the main storage of safety support) for each resource and for each resource, objects, which have rights of access to this resource, safety system may use auxiliary storage of safety support to facilitate searching of information related to safety.

EFFECT: improved method of viewing and control of information related to safety for separate users.

20 cl, 10 dwg

FIELD: information technologies.

SUBSTANCE: server provides Web answers which may contain contents of data tables in database. Server supports cache (for example in system memory) where contents can be stored (including contents of data tables) for enhancement of efficiency of subsequent providing this content for Web client requests satisfaction. Server performs data tables monitoring as for changes, and when particular data table is changed the elements in cache which are dependent on particular data table are invalidated. Additionally, in response to Web client request for Web answer, the server assigns cache dependence on database at least part of created Web answer (for example for contents retrieved from data table) based on commands executed when Web answer is created. At least part of created Web answer is subsequently cached in server cache area.

EFFECT: functionality enhancement.

12 cl, 5 dwg

FIELD: computers.

SUBSTANCE: system has nine registers, four address selectors, triggers, AND elements, OR elements and delay elements.

EFFECT: higher speed.

8 dwg

Up!