現在的文件加密是屬於單檔加密為主,而在文件當中有許多不同的機敏感資訊,在不同權限和身分的人員應該是有不同的資訊獲取權。本研究提出一套能夠針對文件當中,不同層級且不同機密程度的文字段落,予以加密和權限控管的方法。此外,就加密後產生的金鑰之管理,提出以角色為基礎的權限控制(RBAC)金鑰管理機制,做為控管加密後產生金鑰的方法。此金鑰管理方法對於不同身分權限的使用者,可以利用角色金鑰去取得該文件資訊內容。 對於文件的加密格式採用可延伸標籤語言XML通用格式,並且搭配XML中的文件物件模型技術,加密文件可動態的存取查看,使得文件易於加密和保存。實做系統中文件會利用專屬的解析器去完成金鑰的解密機制,查看文件時以原有或熟悉的文件格式去查看,讓使用者感覺不到文件加密前後的差異性。 本研究之加密方法,可以實現文件中文字段落的加密。對於一份文中來說,不再是單一檔案為加密對象。可以將文件中依照不同機密等級,分屬不同權限來做加密,達到文件中加密的適切性。經由在文件內部加密將其機密與敏感的資訊做加密隱藏,降低該文件的機密程度,增加文件的安全性。並且可以將文件內的知識做分享。 The file encryption technique is mainly developed for encoding the entire file or document nowadays. However, the users with different authority and identification would have the different right for information acquisition according to the confidentially sensitive information. This research proposes an encryption method to assign authentications for different portions (i.e., paragraphs) of a document with various levels of confidentiality, and to manage the assigned authentications. In order to manage the keys generated by the encryption method, this research introduces a Role-Based Access Control (RBAC) mechanism for it. Additionally, this RBAC managing approach could restrict the access of content within a paragraph in a document to the authorized users via the corresponding key of its represented role. The encryption format of documents used in this research is the general format of the extensible markup language (XML). The encrypted documents could be accessed and read dynamically through the technique of document object model (DOM) in XML. This DOM technique also improve the ease of encryption and preservation of documents. In practice, the key decoding mechanism could be accomplished through its own specific decoder for the encrypted documents. This also provides the convenience for users to access and read the documents in the original or familiar format without even perceiving the documents are encrypted. The encryption method proposed in this research could realize and accomplish the encryption of a paragraph or several paragraphs in a document. A single document is no longer needed to be encoded entirely with the same level of encryption. It becomes possible for a document to encode different paragraphs with different levels of encryption according to the needs for achieving the appropriateness of file encryption. Consequently, the decreasing confidentiality and increasing security of a document could be achieved by hiding the information of confidentiality and sensitivity via the inner document encryption. The non-confidential information and knowledge could be then shared by more users.
