To ensure internal information security, a file encryption system is usually deployed within a modern enterprise. The file encryption system usually includes two parts: a server and a client. The client runs on a computer of a user, and may have a graphic interface for operation, and the client is usually used for file encryption and decryption. The server is usually used to store user information and file authorization information.
During document distribution, an author of a document (or a designated person with a right of reauthorization) usually needs to designate who has what rights on this document in a client program. The rights have multiple granularities, and some may be designated in different rights levels such as reading, editing, printing, and complete control; and usually, an individual person, a department, or a group may be designated at the time of personnel designation. Such document rights need to be saved. At the time of opening a file, the saved document rights are applied.
In the prior art, the rights information of a document is saved in two manners: one is saving the rights information in a header of an encrypted file, and the other is saving the rights information in a server. When the rights information is saved in the file header, at the time of decryption, the client sends the file rights information to the server, and the server decrypts the file rights information and returns it to the client. In this method, the server does not need to store the file rights information, which greatly relieves the pressure of data storage, retrieval and maintenance of the server, especially in a case where a data amount is large. However, all the rights are saved inside the document and the server has no rights information, and therefore, once the document is distributed, rights of the document are not modifiable, which makes that the rights information cannot be withdrawn. When the rights information is saved in the server, the amount of data saved in the server increases linearly with increase of the number of documents. As a result, the capacity the server must be expanded, which increases costs of the enterprise.