A static document privacy protection system and method

By directly parsing static document source files and user-defined information databases, combined with a region-defined selector, the problems of inaccurate OCR recognition and inconvenient encrypted document processing in static document privacy protection are solved, achieving 100% privacy protection certainty and efficient and secure sensitive information processing.

CN122174811APending Publication Date: 2026-06-09玺链科技有限公司 +4

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
玺链科技有限公司
Filing Date
2026-03-29
Publication Date
2026-06-09

Smart Images

  • Figure CN122174811A_ABST
    Figure CN122174811A_ABST
Patent Text Reader

Abstract

This invention discloses a static document privacy protection system based on source file restoration and a user-defined information database, comprising: a static document processing module, which receives and parses the source file of a static document to directly extract the editable text stream from the source file; a user-defined organizational information database, which stores user-defined organizational information entries used to identify sensitive information; an organizational information editor, connected to the user-defined organizational information database, which locates and displays all matching sensitive information in the editable text stream according to the organizational information entries in the user-defined organizational information database, and provides a user interface for users to hide the matched sensitive information with one click or confirm it item by item; and a privacy protection execution module, which, according to the user's operation in the organizational information editor, replaces the confirmed hidden sensitive information and generates a privacy-cleaning document with the content and layout structure unchanged but the sensitive information hidden.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention belongs to the field of information security technology, and in particular relates to a static document privacy protection system and method. Background Technology

[0002] With the deepening of digital transformation, various organizations and individuals generate massive amounts of static documents in their daily work, including PDF documents, office documents, image-format documents, and encrypted documents. These documents often contain a large amount of sensitive information, such as personal ID numbers, bank account information, home addresses, unified social credit codes, trade secrets, and medical records. When these documents need to be used for artificial intelligence model training, cross-departmental sharing, outsourcing collaboration, or public disclosure, how to efficiently, accurately, and reliably de-identify the sensitive information in the documents has become an urgent technical problem to be solved in the field of information security.

[0003] In existing technologies, the mainstream solutions for protecting the privacy of static documents can be divided into three categories: The first category is automatic desensitization solutions based on Optical Character Recognition (OCR). This type of solution first uses OCR technology to recognize the text in images or scanned documents, and then uses preset rules or machine learning models to identify and hide sensitive information in the recognized text; the second category is desensitization solutions based on manual marking. This type of solution provides a visual interface for users to manually select the areas that need to be hidden; the third category is automatic recognition solutions based on preset rules. This type of solution allows users to define regular expressions or keyword rules, which are then automatically matched and hidden by the system.

[0004] However, the aforementioned existing technologies have the following fundamental drawbacks: First, when faced with low-resolution images, handwritten fonts, seal obscurations, complex layouts, and artistic fonts, the OCR recognition accuracy of automatic de-identification schemes cannot reach 100%, resulting in omissions and false recognitions. This leads to the failure to hide sensitive information that should be hidden or the incorrect hiding of normal information that should be retained, causing irreversible information leakage or loss. Users cannot trust the results of automated processing and often still need to manually check each item. Second, de-identification schemes based on manual marking require users to search page by page and select each item for long documents, which is time-consuming, laborious, and prone to omissions. Users are forced to make a dilemma between efficiency and security. Third, schemes based on preset rules often cannot cover user-defined sensitive information (such as specific project codes, internal terminology, etc.), and the writing of rules requires professional knowledge that is difficult for ordinary users to master. In addition, when processing encrypted documents, existing technical solutions often require users to manually decrypt them before processing, which is cumbersome and poses security risks. Therefore, there is an urgent need for a static document privacy protection solution that can fundamentally circumvent the shortcomings of OCR, give users complete control, efficiently process encrypted documents, and ultimately achieve 100% privacy protection certainty.

[0005] It should be noted that the above description of the technical background is only for the purpose of providing a clear and complete explanation of the technical solutions of the present invention and facilitating understanding by those skilled in the art. It should not be assumed that the above technical solutions are known to those skilled in the art simply because they have been described in the background section of this invention. Summary of the Invention

[0006] The purpose of this invention is to overcome the shortcomings of the prior art and provide a static document privacy protection system and method based on source file restoration and user-defined information database.

[0007] To achieve the above objectives, the present invention adopts the following technical solution:

[0008] This invention provides a static document privacy protection system based on source file restoration and a user-defined information database, comprising: a static document processing module configured to receive and parse the source file of a static document, for directly extracting the editable text stream from the source file; a user-defined organizational information database configured to store user-defined organizational information entries used to identify sensitive information; an organizational information editor connected to the user-defined organizational information database, configured to locate and display all matching sensitive information in the editable text stream according to the organizational information entries in the user-defined organizational information database, and provide a user interface for users to hide the matched sensitive information with one click or confirm it item by item; and a privacy protection execution module configured to replace the confirmed hidden sensitive information and generate a privacy-cleaning document with unchanged content and layout structure but with the sensitive information hidden, based on the user's operation in the organizational information editor.

[0009] Furthermore, the aforementioned static document privacy protection system also includes a static encrypted document decryption module, which is configured to, when the aforementioned static document is an encrypted document, call at least one decryption capability already available on the user terminal to decrypt the aforementioned encrypted document in order to restore the editable source file; the aforementioned decryption capability includes calling the image viewer built into the operating system to decode, using the document opening password known to the user, and using the user's biological characteristics (fingerprint, face, etc.) to authorize access to the stored password in the system key chain.

[0010] Furthermore, the aforementioned organization information editor also includes a region customization selector, which is configured to allow users to freely define a non-standardized private region on the document preview interface through interactive methods such as mouse selection and clicking, and add the text content corresponding to the private region as a new organization information entry to the aforementioned user-defined organization information library.

[0011] Furthermore, the aforementioned static document privacy protection system also includes an information database management module, which is configured to allow users to add, delete, modify, query, and classify entries in the aforementioned user-defined organizational information database, and supports exporting a set of organizational information entries into a "privacy protection scenario package" for one-click import and use when processing documents with similar content characteristics.

[0012] Furthermore, the aforementioned static document privacy protection system also includes an encryption and output module, configured to output the aforementioned privacy-cleaning document in the same static format as the original document or a static format specified by the user. If the original document is an encrypted document, the aforementioned privacy-cleaning document is re-encrypted using an encryption method before output, according to the user's instructions.

[0013] This invention also provides a static document privacy protection method based on source file restoration and a user-defined information database, comprising the following steps: S1, receiving a static document uploaded by a user, parsing its source file, and directly extracting the editable text stream from the source file, completely avoiding information errors that may be introduced by optical character recognition technology; S2, loading a user-defined organizational information database, which includes user-defined organizational information entries used to identify sensitive information; S3, locating all matching sensitive information in the editable text stream according to the entries in the organizational information database, and displaying it in the document preview interface; S4, receiving user operation instructions to hide the displayed sensitive information with one click or confirm it item by item through an organizational information editor; S5, generating a privacy-cleaning document with unchanged content and layout structure but with sensitive information hidden according to the user's operation instructions.

[0014] Furthermore, step S1 above also includes: when the static document is an encrypted document, decrypting the encrypted document to restore the editable source file; the decryption capability includes calling the image viewer built into the operating system to decode, using the document opening password known to the user, and using the user's biological characteristics to authorize access to the stored password in the system key chain, etc.

[0015] Furthermore, step S2 above also includes: allowing users to select or click any text area in the document preview interface with the mouse, and dynamically add the text content corresponding to that area as a new organizational information entry to the user-defined organizational information library.

[0016] Furthermore, the "one-click hiding" in step S4 above includes: in response to the user's one-click hiding command, replacing all the sensitive information displayed in the document preview interface with corresponding, distinguishable placeholders in one batch according to the categories of entries in the organization information database.

[0017] Furthermore, the above-mentioned static document privacy protection method also includes the following steps: S6, outputting the generated privacy-purifying document in the same static format as the original document or specified by the user, and if the original document is an encrypted document, then according to the user's instructions, re-encrypting the above-mentioned privacy-purifying document using encryption methods before output, so as to realize a closed loop of privacy protection throughout the entire process from decryption, processing to re-encryption.

[0018] The beneficial effects of this invention are as follows: By directly parsing static document source files to extract editable text streams, this invention fundamentally avoids the inherent defect that OCR technology cannot achieve a 100% recognition rate, ensuring the absolute accuracy of information extraction; through user-defined information databases and region-defined selectors, users are given complete control over defining all sensitive information freely using natural language, keywords, regular expressions, or direct selection, achieving a "what you see is what you get" privacy definition; by calling the decryption capabilities already available on the user's end (such as system application programming interfaces (APIs), known passwords, biometric authorization, etc.) through the static encrypted document decryption module, a secure closed loop of "decryption-processing-re-encryption" for encrypted documents is achieved, eliminating the need to export the plaintext document to an insecure environment; through one-click hiding controls and scene package management, after the user completes the information database definition, batch sensitive information can be quickly hidden and reused in various scenarios, significantly improving processing efficiency while ensuring the absolute accuracy of hiding.

[0019] In summary, this invention solves the technical problems of unreliable OCR recognition, insufficient user control, inconvenient processing of encrypted documents, and difficulty in balancing efficiency and security in the prior art, and achieves the certainty goal of 100% privacy protection.

[0020] The core advantage of this invention lies in the following: For static documents containing editable text layers, the editable text stream is extracted directly from the source file, fundamentally and completely eliminating OCR technology, thus completely avoiding OCR recognition errors in this type of document; for pure image documents without text layers, this invention does not rely on OCR for automatic recognition, but instead allows users to manually select privacy areas using the aforementioned custom area selector, similarly avoiding the risk of leakage caused by OCR misjudgments. Through the above-mentioned layered processing strategy, this invention achieves deterministic control of privacy protection results in all scenarios.

[0021] The static document privacy protection system and method based on source file restoration and user-defined information database provided by this invention can be widely applied to document privacy protection scenarios in government agencies, enterprises, medical institutions, financial institutions, legal service agencies, and individual users. This invention can efficiently, accurately, and securely process various types of static documents, especially encrypted documents, and has significant industrial practical value and social benefits. Attached Figure Description

[0022] Figure 1 This is a schematic diagram of a static document privacy protection system based on source file restoration and user-defined information database in one embodiment of the present invention.

[0023] Figure 2This is a flowchart of a static document privacy protection method based on source file restoration and user-defined information database in one embodiment of the present invention.

[0024] The reference numerals in the above figures are as follows:

[0025] 10. Static Document Privacy Protection System; 100. Static Document Processing Module; 110. Document Format Parsing Unit; 120. Page Layout Analysis Unit; 200. Static Encrypted Document Decryption Module; 210. System Capability Invocation Unit; 220. Password Management Unit; 230. Biological Feature Authorization Unit; 300. User-Defined Organization Information Database; 310. Entry Storage Unit; 320. Category Management Unit; 400. Organization Information Editor; 410. Sensitive Information Location Unit; 420. Highlighting The following are the steps: 430, Region Custom Selector; 440, One-Click Hide Control; 450, Item-by-Item Confirmation Control; 500, Privacy Protection Execution Module; 510, Placeholder Replacement Unit; 520, Layout Preservation Unit; 530, Index Mapping Unit; 600, Encryption and Output Module; 610, Format Output Unit; 620, Re-encryption Unit; 630, Encryption Method Selection Unit; 700, Information Database Management Module; 710, Item Editing Unit; 720, Scene Package Management Unit; S1 to S6 are steps. Detailed Implementation

[0026] To better understand this invention, the following embodiments are provided in conjunction with the accompanying drawings. It should be understood that the embodiments of this invention are for illustrative purposes only and not for limiting the invention; the scope of protection of this invention is defined solely by the claims. The embodiments provided are merely preferred embodiments and are not intended to limit the invention in any way. Those skilled in the art can make changes, equivalent substitutions, or modifications based on the content of this invention, resulting in different implementation methods. However, any changes and modifications, or equivalent substitutions, made to the method of this invention without departing from the inventive concept are within the scope of protection of this invention.

[0027] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.

[0028] It should be noted that the following detailed descriptions are exemplary and intended to provide further illustration of the invention. Unless otherwise specified, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention pertains.

[0029] It should be noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to limit the scope of exemplary embodiments according to the invention. As used herein, the singular form is intended to include the plural form as well, unless the context clearly indicates otherwise. Furthermore, it should be understood that when the terms “comprising” and / or “including” are used in this specification, they indicate the presence of features, steps, operations, and / or combinations thereof.

[0030] First, please refer to Figure 1 , Figure 1 This is a schematic diagram of a static document privacy protection system 10 based on source file restoration and a user-defined information database, according to one embodiment of the present invention. Figure 1 As shown, the static document privacy protection system 10 based on source file restoration and user-defined information database of the present invention includes a static document processing module 100, a static encrypted document decryption module 200, a user-defined organizational information database 300, an organizational information editor 400, a privacy protection execution module 500, an encryption and output module 600, and an information database management module 700.

[0031] The static document processing module 100 is configured to receive and parse the source file of the static document, and directly extract the editable text stream and layout structure information in the source file to completely avoid the information errors that may be introduced by optical character recognition (OCR) technology.

[0032] Specifically, the static document processing module 100 includes a document format parsing unit 110 and a layout structure analysis unit 120. The document format parsing unit 110 supports parsing various formats such as PDF, DOCX, XLSX, PPTX, JPEG, PNG, and TIFF. For PDF documents, the document format parsing unit 110 directly extracts the text layer content; for office documents, the document format parsing unit 110 uses the corresponding format parsing library to extract the text content; for image formats, if the image has an embedded text layer (such as PDFs or images with text layers generated by some scanning software), the document format parsing unit 110 prioritizes extracting the text layer; otherwise, it processes it directly as an image, but the processing still relies on a user-defined information database for region matching, rather than OCR recognition. The layout structure analysis unit 120 extracts information such as the document's page size, text block coordinates, paragraph structure, and table areas to ensure that subsequent hiding operations maintain the original document's layout.

[0033] For example, regarding image formats, the document format parsing unit 110 employs the following processing strategy: if the image contains an embedded text layer (such as PDFs or images with text layers generated by certain scanning software), the text layer is extracted first, and then automatic matching is performed in the text stream based on a user-defined information database; if the image does not contain any text layer (such as ordinary photos or pure scanned images), the system cannot perform automatic region matching. In this case, the sensitive information positioning unit 410 will call the region custom selector 430 to guide the user to visually observe and manually select the privacy area in the preview interface. It is worth noting that in this scenario, the static document privacy protection system 10 does not rely on OCR technology for automatic recognition; the definition of the privacy area is entirely done manually by the user, ensuring 100% certainty.

[0034] The aforementioned user-defined organizational information database 300 is configured to store user-defined organizational information entries used to identify sensitive information. These organizational information entries can be freely defined by the user in any one or more forms, including natural language, keywords, regular expressions, or format patterns.

[0035] Specifically, the user-defined organizational information database 300 includes an entry storage unit 310 and a category management unit 320. The entry storage unit 310 stores organizational information entries, each entry including attributes such as an identifier, entry content, matching type (natural language / keyword / regular expression / format pattern), and creation time. The category management unit 320 is used to classify and manage the entries, such as personal identification information, financial information, medical and health information, and trade secrets.

[0036] It is worth noting that, in one embodiment of the present invention, users can centrally store all sensitive information items such as personal ID numbers, corporate bank accounts, and government document numbers in the same information database and manage them flexibly through classification tags (such as "personal identity information", "financial information", "government information" etc.).

[0037] For example, corporate legal counsel Li is handling a government bidding contract. This contract includes the company's unified social credit code and bank account (originally part of the enterprise data package), the government department's document number and the name of the person in charge (originally part of the government data package), and the legal counsel's contact information (originally part of the individual data package). With the user-defined organizational information database of this invention, Li only needs to define the unified social credit code and bank account using regular expressions, the document number and the name of the person in charge using keywords, and the contact information using natural language within a unified interface. All entries are centrally stored, uniformly matched, and can be hidden with a single click, achieving a leapfrog integration from "five isolated data packages" to "one unified information database." Therefore, the aforementioned user-defined organizational information database 300 of this invention is a fundamental technological replacement for the five data packages: individual data package, family data package, enterprise data package, village data package, and government data package, completely solving the technical problems of multiple data packages being unable to communicate and low efficiency in cross-scenario processing.

[0038] The aforementioned organization information editor 400 is connected to the aforementioned user-defined organization information database 300 and is configured to automatically locate and highlight all matching sensitive information in the aforementioned editable text stream based on the entries in the aforementioned user-defined organization information database 300, and provide a user interface for users to hide the matched sensitive information with one click or confirm it item by item.

[0039] Specifically, the aforementioned organization information editor 400 includes a sensitive information location unit 410, a highlighting unit 420, a one-click hide control 440, and an item-by-item confirmation control 450. The sensitive information location unit 410 traverses the editable text stream, locates all matching sensitive information based on entries in the organization information database using string matching, regular expression matching, or semantic similarity calculation, and records their positions (page number, coordinates, text range). The highlighting unit 420 highlights all matched sensitive information in the document preview interface in a visually prominent manner (e.g., yellow background, red border). The one-click hide control 440 is configured to respond to the user's one-click hide command, replacing all highlighted sensitive information in the document preview interface with corresponding, distinguishable placeholders in a batch, according to the categories in the organization information database. The item-by-item confirmation control 450 is configured to allow the user to confirm each highlighted sensitive information item by item, and the user can choose to hide, retain, or modify the matching range.

[0040] The aforementioned privacy protection execution module 500 is configured to replace the confirmed hidden sensitive information with placeholders based on the user's operation in the aforementioned organization information editor 400, and generate a privacy-cleaning document with the content and layout unchanged but the sensitive information hidden.

[0041] Specifically, the privacy protection execution module 500 includes a placeholder replacement unit 510, a layout preservation unit 520, and an index mapping unit 530. The placeholder replacement unit 510 replaces the confirmed hidden sensitive information with structured placeholders in the format "{{type:number}}" (e.g., "{{ID number:001}}"), or sets it to other formats according to user preferences (e.g., "****"). The layout preservation unit 520 maintains the original document's layout structure during the replacement process. For text documents, inline replacement preserves the text flow; for image documents, visual hiding is achieved by overlaying color blocks at corresponding coordinate positions. The index mapping unit 530 establishes an encrypted mapping table between placeholders and the original sensitive information, stored locally. This mapping table is encrypted using the user's master key, ensuring that even if the privacy-protected document is leaked, the original information cannot be recovered.

[0042] It is worth noting that, in one embodiment of the present invention, the static document privacy protection system 10 further includes the static encrypted document decryption module 200. The static encrypted document decryption module 200 is connected to the static document processing module 100 and is configured to, when the static document is encrypted, invoke at least one decryption capability already available on the user terminal to decrypt the encrypted document, thereby restoring the editable source file. The decryption capabilities include, but are not limited to: using the operating system's built-in image viewer for decoding, using a document opening password known to the user, and using the user's biological characteristics (fingerprint, facial recognition, etc.) to authorize access to the stored password in the system key chain.

[0043] Specifically, the aforementioned static encrypted document decryption module 200 includes: a system capability invocation unit 210 and a biological feature authorization unit 230. The system capability invocation unit 210 is configured to invoke the decryption capabilities built into the operating system.

[0044] For example, in iOS or macOS systems, the system's built-in image decoder or PDF reader's decryption function is invoked; in Windows systems, the Data Protection API (DPAPI) is invoked for decryption. The password management unit 220 is configured to decrypt using a known document opening password. The password management unit 220 supports integration with the system keychain or password manager, allowing users to automatically retrieve stored passwords after authorization via biometrics (fingerprint, facial recognition, etc.). The biometric authorization unit 230 is configured to authenticate the user using their biometrics (fingerprint, facial recognition, etc.) when decryption is required, authorizing access to stored passwords or keys.

[0045] It is worth noting that, in one embodiment of the present invention, the organization information editor 400 further includes a region customization selector 430, which is configured to allow users to freely define a non-standardized private region on the document preview interface by means of mouse selection, clicking and other interactive methods, and add the text content corresponding to the private region as a new organization information entry to the user-defined organization information library 300.

[0046] It is worth noting that, in one embodiment of the present invention, the static document privacy protection system 10 further includes an information database management module 700. The information database management module 700 is connected to the user-defined organizational information database 300 and is configured to allow users to add, delete, modify, query and classify entries in the user-defined organizational information database 300. It also supports exporting a set of organizational information entries into a "privacy protection scenario package" for one-click import and use when processing documents with similar content characteristics.

[0047] Specifically, the aforementioned information database management module 700 includes an entry editing unit 710 and a scenario package management unit 720. The entry editing unit 710 provides a user interface, supporting operations such as adding, deleting, modifying, and querying organizational information entries. The scenario package management unit 720 is configured to export a set of organizational information entries into a "privacy protection scenario package" file and supports importing entries from the scenario package file into the user-defined organizational information database 300.

[0048] It is worth noting that, in a preferred embodiment of the present invention, the static document privacy protection system 10 further includes the encryption and output module 600, which is connected to the privacy protection execution module 500 and configured to output the privacy-purified document in the same static format (PDF, image, etc.) as the original document or specified by the user. If the original document is an encrypted document, the privacy-purified document is re-encrypted before output using the same or stronger encryption method as the decryption process, according to the user's instructions.

[0049] Specifically, the encryption and output module 600 includes a format output unit 610, a re-encryption unit 620, and an encryption method selection unit 630. The format output unit 610 supports outputting the privacy-cleaning document in multiple formats such as PDF, JPEG, PNG, and DOCX. If the original document is encrypted, the re-encryption unit 620, according to user instructions, re-encrypts the output privacy-cleaning document using the same or stronger encryption method as the decryption process (such as 256-bit Advanced Encryption Standard (AES-256)). The user can choose to use the same password or set a new password. The encryption method selection unit 630 allows the user to select the encryption algorithm and key strength to meet different security level requirements.

[0050] Please refer to Figure 2 , Figure 2 This is a flowchart of a static document privacy protection method based on source file restoration and a user-defined information database, according to one embodiment of the present invention. Figure 2 As shown, the present invention provides a static document privacy protection method based on source file restoration and a user-defined information database, comprising the following steps: S1, receiving a static document uploaded by a user, parsing its source file, and directly extracting the editable text stream from the source file, completely avoiding information errors that may be introduced by optical character recognition technology; S2, loading a user-defined organizational information database, which includes user-defined organizational information entries used to identify sensitive information; S3, locating all matching sensitive information in the editable text stream according to the entries in the organizational information database, and displaying it in the document preview interface. S4. Display the information; S5. Receive user instructions to hide sensitive information with one click or confirm it item by item through the information editor; S6. Generate a privacy-cleaning document with the same content and layout structure but with sensitive information hidden, based on the user's instructions; S7. Output the generated privacy-cleaning document in the same static format as the original document or specified by the user. If the original document is encrypted, re-encrypt the privacy-cleaning document using the same or stronger encryption method as the decryption process before output, based on the user's instructions, to achieve a closed-loop privacy protection process from decryption, processing to re-encryption.

[0051] It is worth noting that, in one embodiment of the present invention, step S1 (receiving static documents and restoring source files) receives static documents uploaded by users, parses their source files, and directly extracts the editable text stream and layout structure information from the source files, completely avoiding information errors that may be introduced by optical character recognition (OCR) technology.

[0052] In a preferred embodiment, when the static document is an encrypted document, at least one decryption capability already available on the user's device is invoked to decrypt the encrypted document, thereby restoring the editable source file. The decryption capabilities include, but are not limited to: using the operating system's built-in image viewer for decoding, utilizing a document opening password known to the user, and using the user's biometric characteristics to authorize access to the stored password in the system's keychain.

[0053] Step S2 (Loading User-Defined Organization Information Base): Load the user-defined organization information base, which includes user-defined organization information entries used to identify sensitive information.

[0054] As a preferred implementation, users can select or click any text area in the document preview interface with their mouse to dynamically add the corresponding text content as a new organizational information entry to the aforementioned user-defined organizational information database.

[0055] Step S3 (Locating Sensitive Information): In the editable text stream described above, based on the entries in the organizational information database, all matching sensitive information is automatically located and highlighted in the document preview interface.

[0056] Step S4 (Receiving User Operation Instructions): Through the information organization editor, receive user operation instructions to hide highlighted sensitive information with one click or confirm each item.

[0057] In a preferred embodiment, in response to the user's one-click hide command, all the sensitive information highlighted in the document preview interface is replaced in batches with corresponding, distinguishable placeholders according to the categories of entries in the organization information database.

[0058] Step S5 (Perform Privacy Protection): Based on the user's operation instructions, the confirmed hidden sensitive information is replaced with placeholders, generating a privacy-cleaning document with the content and layout unchanged but the sensitive information hidden.

[0059] Step S6 (output and re-encryption) outputs the generated privacy-cleaning document in the same or user-specified static format as the original document. If the original document is an encrypted document, it is re-encrypted before output using the same or stronger encryption method as the decryption process, according to the user's instructions, so as to realize a closed loop of privacy protection from decryption, processing to re-encryption.

[0060] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be described in further detail below with reference to the accompanying drawings and specific embodiments. The following embodiments are for illustrative purposes only and should not be used to limit the scope of protection of this invention.

[0061] Example 1: Corporate Legal Affairs Processing Encrypted Contract Documents

[0062] Li, a legal counsel at a company, needs to process 50 encrypted PDF procurement contracts, each with a password. These contracts contain sensitive information such as the Unified Social Credit Code, bank account details, and the internal project codename "Project Polaris." Li needs to anonymize these contracts before uploading them to an AI contract review system for automated analysis.

[0063] Step S1: Document Upload and Decryption. Mr. Li activates the static document privacy protection system 10 of this invention and drags 50 encrypted contracts into the system. The static document processing module 100 detects that the documents are encrypted PDFs and automatically triggers the static encrypted document decryption module 200. The static document privacy protection system 10 pops up a decryption interface displaying "Encrypted document detected, please enter the password." Mr. Li enters a unified contract password. The static document privacy protection system 10 records this password through the password management unit 220 and automatically applies it in subsequent processing. Simultaneously, the static document privacy protection system 10 calls the system capability call unit 210 to decrypt the documents using the operating system's built-in PDF decryption API, restoring the editable source file. The document format parsing unit 110 directly extracts the text layer content of the PDF, and the page layout analysis unit 120 extracts the text block coordinate information of each page.

[0064] Step S2: Load the user-defined organization information database. Li had previously processed similar contracts, and the aforementioned static document privacy protection system 10 automatically recommended loading the "Procurement Contract Privacy Protection Scenario Package." This scenario package includes the following organization information entries: Entry A: Unified Social Credit Code (regular expression: [0-9A-HJ-NPQRTUWXY]{2}\d{6}[0-9A-HJ-NPQRTUWXY]{10}); Entry B: Bank Account (regular expression: \d{16,19}); Entry C: Project Code "Polaris Project" (keyword matching). Li confirmed the loading, and the entry storage unit 310 of the aforementioned user-defined organization information database 300 loaded these entries.

[0065] Step S3: Locating Sensitive Information. The aforementioned sensitive information locating unit 410 traverses the text stream of 50 contracts, matching them against entries in the organization's information database. A total of the following were matched: Unified Social Credit Code: 50 occurrences (1 per contract); Bank Account: 150 occurrences (approximately 3 per contract); "Polaris Project": 80 occurrences (including the main text, header, and footer). The aforementioned highlighting unit 420 highlights all matching items in red on the document preview interface. Mr. Li can quickly browse the matching results through the interface.

[0066] Step S4: Receive user operation instructions. Li checks the highlighted area and confirms that all matching items are sensitive information that needs to be hidden. He clicks the one-click hide control 440. The static document privacy protection system 10 responds to the one-click hide instruction and replaces all the highlighted sensitive information in the document preview interface with corresponding, distinguishable placeholders in one batch, according to the categories in the organization information database.

[0067] Step S5: Perform privacy protection. The placeholder replacement unit 510 of the privacy protection execution module 500 replaces all confirmed hidden sensitive information with placeholders: the Unified Social Credit Code is replaced with “{{Unified Social Credit Code}}”; the bank account is replaced with “{{Bank Account}}”; and “Polaris Project” is replaced with “{{Project Code}}”. The layout preservation unit 520 ensures that the layout structure of the text stream remains unchanged after the replacement. The index mapping unit 530 establishes an encrypted mapping table, stores it in a local SQLite database, and uses Li's fingerprint-derived key for AES-256 encryption.

[0068] Step S6: Output and Re-encryption. The output unit 610 outputs the processed document as a PDF. Since the original document is encrypted, the re-encryption unit 620 prompts Li to choose whether to re-encrypt. Li selects "Use the same password to encrypt," and the static document privacy protection system 10 uses the same password as in the decryption process to encrypt the output privacy-cleaning document. The encryption method selection unit 630 records this operation for later use.

[0069] In this way, Li processed 50 encrypted contracts, taking approximately 8 minutes from upload to output. The aforementioned static document privacy protection system accurately identified all sensitive information without omission or misjudgment. Because it processes entirely based on the source file text layer, it avoids recognition errors that might arise from OCR. The decryption and re-encryption processes of encrypted documents are completed seamlessly, eliminating the need for Li to export the documents to an insecure environment.

[0070] Example 2: Individual users process private documents and customize sensitive information.

[0071] An individual user, Zhang, has three private documents: a photo of his ID card (JPEG format, no text layer), a PDF copy of his medical examination report (scanned copy, no text layer), and a scanned copy of his property ownership certificate (JPEG format). Zhang wants to organize these documents into a privacy notebook but is concerned about the leakage of his ID card number, address, and medical information. Additionally, Zhang's ID card photo includes unique "issuing authority" information (e.g., "XX City Public Security Bureau XX Branch"), which cannot be covered by the system's default rules and requires user customization.

[0072] Step S1: Zhang drags three documents into the system. For the ID card photos and scanned copies of the property ownership certificates, the document format parsing unit 110 of the static document processing module 100 detects that these images do not have an embedded text layer. However, the system does not perform OCR recognition but directly extracts the pixel data of the images and records their size information. The layout structure analysis unit 120 treats the entire image as a single region and does not extract text. For the physical examination report PDF, the absence of a text layer is also detected, and it is processed as an image.

[0073] Step S2: Zhang launches the aforementioned organization information editor 400 and uses the region custom selector 430 to select the "Issuing Authority" text area on the ID card photo. The aforementioned static document privacy protection system 10 pops up a dialog box, and Zhang enters the entry content "XX Municipal Public Security Bureau XX Branch", selecting "Keyword" as the matching type. This entry is added to the aforementioned user-defined organization information database 300. Zhang continues to add other organization information entries through the aforementioned information database management module 700: ID card number, using the regular expression \d{17}[\dXx] (format pattern); address, using the natural language "address" (keyword matching); disease keywords, hypertension, diabetes, liver function (keyword matching).

[0074] Step S3: Since the documents are all in image format, the aforementioned sensitive information location unit 410 uses an image region-based approach. For the ID card photo, the aforementioned static document privacy protection system 10 directly locates the region based on the coordinates of the "Issuing Authority" region selected by the user. For other keywords, Zhang manually selected the ID card number region, the address region, and the "hypertension" text region in the medical examination report using the aforementioned region custom selector 430 in the preview interface. The aforementioned highlighting unit 420 highlights all selected regions with a red border.

[0075] Step S4: After checking all highlighted areas and confirming that everything was correct, Zhang clicked the one-click hide control 440. Regarding the ID card number, the static document privacy protection system 10 prompted "Bind numeric identifier?", and Zhang selected "No," opting for only visual hiding.

[0076] Step S5: The placeholder replacement unit 510 of the privacy protection execution module 500 covers the corresponding area on the image with a black block (the user can choose mosaic, blur, or other methods). The layout preservation unit 520 ensures that the covered area is accurately positioned and does not affect other areas. The index mapping unit 530 establishes a mapping table to record the position and original content of each hidden area.

[0077] Step S6: The above-mentioned format output unit 610 outputs the processed image as a JPEG format. Since the original document was not encrypted, Zhang chose not to encrypt it and saved it directly as a privacy note.

[0078] In this way, Zhang successfully processed three private documents, and all sensitive information was hidden. In particular, the protection of the non-standard sensitive information, "issuing authority," was achieved through the use of the region custom selector 430. OCR technology was not used throughout the entire process in this embodiment, avoiding the risk of privacy leaks due to OCR recognition errors.

[0079] Example 3: Batch processing of encrypted medical image reports in hospitals

[0080] A top-tier hospital needs to anonymize 1,000 encrypted medical imaging reports (Digital Imaging and Communications in Medicine (DICOM) format converted to PDF with a text layer) for use in AI-assisted diagnostic research. These reports contain sensitive information such as patient names, ID numbers, diagnoses, and medication records.

[0081] Wang, a staff member in the hospital's information department, was responsible for handling the matter and was required to achieve highly efficient and absolutely accurate privacy protection.

[0082] Step S1: Wang drags 1000 encrypted PDFs into the system. The static encrypted document decryption module 200 detects that all documents are encrypted using a unified internal hospital password. Wang enters the password once, and the static document privacy protection system 10 caches the password through the password management unit 220 and uses the system capability call unit 210 to call the operating system's PDF decryption API to decrypt all documents in batches, restoring the editable source files.

[0083] Step S2: Wang had previously created a "Medical Report Privacy Protection Scenario Package" for the medical report, including the following organizational information entries: Patient name, keywords ("Name:" followed by Chinese name); ID number, regular expression \d{17}[\dXx], where \d{17} matches the first 17 digits (including 6-digit address code + 8-digit birth date + 3-digit sequence code), and [\dXx] matches the 18th check digit (number or letter X / x); Diagnosis conclusion, based on the format pattern of the 10th revision of the International Classification of Diseases (ICD-10) (e.g., [AZ]\d{2}\.\d); Medication records, a generic drug keyword database (including more than 500 common drug names). Wang imported the scenario package with one click through the aforementioned scenario package management unit 720, and the aforementioned entry storage unit 310 of the user-defined organizational information database 300 loaded all entries.

[0084] Step S3: The aforementioned sensitive information location unit 410 batch-traverses the text stream of 1000 reports, matching entries based on the organization's information database. For "patient name," the system identifies the text after "name:"; for "ID number," it uses regular expressions for matching; for "diagnosis conclusion," it matches the ICD-10 encoding pattern; for "medication record," it matches the drug keyword database. A total of 1000 matches were found for: patient name; ID number; diagnosis conclusion (approximately 3500, averaging 3-4 diagnoses per report); and medication record (approximately 8000, averaging 8 drugs per report). The aforementioned highlighting unit 420 highlights all matches in the preview interface, allowing Mr. Wang to sample and check.

[0085] Step S4: Wang confirms that all matching items are sensitive information that needs to be hidden. Wang clicks the one-click hide control 440. In response to the one-click hide command, the static document privacy protection system 10 replaces all the highlighted sensitive information in the document preview interface with corresponding, distinguishable placeholders in one batch, according to the categories of entries in the organization information database.

[0086] Step S5: The privacy protection execution module 500 replaces the hidden sensitive information with placeholders: the patient's name is replaced with "{{patient name}}"; the ID card number is replaced with "{{ID card number}}"; the diagnosis conclusion is replaced with "{{diagnosis}}"; and the medication record is replaced with "{{medication}}". The index mapping unit 530 establishes an independent encrypted mapping table for each report and stores it encrypted using the hospital's master key.

[0087] Step S6: The above-mentioned output unit 610 outputs the processed 1000 reports as PDF format. The above-mentioned re-encryption unit 620 detects that the original document is an encrypted document and prompts Wang to select an encryption method. Wang selects "Use stronger encryption (AES-256)" and sets a new research-specific password. The above-mentioned encryption method selection unit 630 performs encryption and outputs a privacy-cleaned research dataset.

[0088] In this way, Wang completed the batch de-identification of 1,000 encrypted medical reports within 30 minutes. The aforementioned static document privacy protection system accurately matched all preset sensitive information types without omission. Because it is based on the PDF text layer rather than OCR, even if the scanned images in the report are of poor quality, the text extraction is still 100% accurate. The decryption and re-encryption processes of encrypted documents are completed automatically, ensuring the security of data during transmission and processing.

[0089] The embodiments of the present invention described above can be implemented in various hardware, software codes, or combinations thereof. For example, embodiments of the present invention can also be program code executing the above methods in a Digital Signal Processor (DSP). The present invention can also relate to various functions executed by a computer processor, digital signal processor, microprocessor, or Field Programmable Gate Array (FPGA). The processor described above can be configured to perform specific tasks according to the present invention, which are accomplished by executing machine-readable software code or firmware code defining the specific methods disclosed in the present invention. The software code or firmware code can be developed into different programming languages ​​and different formats or forms. The software code can also be compiled for different target platforms. However, the different code styles, types, and languages ​​of the software code performing tasks according to the present invention and other types of configuration code do not depart from the spirit and scope of the present invention.

[0090] Therefore, those skilled in the art will recognize that although embodiments of the present invention have been shown and described in detail herein, many other variations or modifications conforming to the principles of the present invention can be directly determined or derived from the disclosure of the present invention without departing from the spirit and scope of the invention. Therefore, the scope of the present invention should be understood and recognized as covering all such other variations or modifications.

Claims

1. A static document privacy protection system based on source file restoration and a user-defined information database, comprising: A static document processing module is configured to receive and parse the source file of a static document, and to directly extract the editable text stream from the source file; A user-defined organizational information base is configured to store user-defined organizational information entries used to identify sensitive information; An organization information editor, connected to the user-defined organization information database, is configured to locate and display all matching sensitive information in the editable text stream based on the organization information entries in the user-defined organization information database, and provide a user interface for users to hide the matched sensitive information with one click or confirm it item by item. A privacy protection execution module is configured to replace the confirmed hidden sensitive information and generate a privacy-cleaning document with the same content and layout structure but with the sensitive information hidden, based on the user's operation in the organization information editor.

2. The static document privacy protection system according to claim 1, characterized in that: It also includes a static encrypted document decryption module, which is configured to call at least one decryption capability already available on the user terminal to decrypt the encrypted document when the static document is an encrypted document, so as to restore the editable source file; The decryption capabilities include calling the operating system's built-in image viewer to decode, using the user's known document opening password, and using the user's biological characteristics to authorize access to the stored password in the system's key chain.

3. The static document privacy protection system according to claim 1, characterized in that: The organization information editor also includes a region customization selector, which is configured to allow users to freely define a non-standardized private region on the document preview interface by using interactive methods such as mouse selection and clicking, and add the text content corresponding to the private region as a new organization information entry to the user-defined organization information library.

4. The static document privacy protection system according to claim 1, characterized in that: It also includes an information database management module, which is configured to allow users to add, delete, modify, query and classify entries in the user-defined organizational information database, and supports exporting a set of organizational information entries into a privacy protection scenario package for one-click import when processing documents with similar content characteristics.

5. The static document privacy protection system according to any one of claims 1 to 4, characterized in that: It also includes an encryption and output module, configured to output the privacy-purifying document in the same format as the original document or in a static format specified by the user, and before outputting, if the original document is an encrypted document, to re-encrypt the privacy-purifying document using an encryption method according to the user's instructions.

6. A method for protecting the privacy of static documents based on source file restoration and a user-defined information database, comprising the following steps: S1. Receive static documents uploaded by users, parse their source files, and directly extract the editable text stream from the source files, completely avoiding information errors that may be introduced by optical character recognition technology; S2. Load the user-defined organization information database, which contains user-defined organization information entries used to identify sensitive information. S3. In the editable text stream, locate all matching sensitive information according to the entries in the organization information database, and display them in the document preview interface; S4. Through the information editor, receive user commands to hide sensitive information with one click or confirm it item by item. S5. Based on the user's operation instructions, generate a privacy-cleaning document with the same content and layout structure but with sensitive information hidden.

7. The static document privacy protection method according to claim 6, characterized in that, Step S1 also includes: When the static document is an encrypted document, the encrypted document is decrypted to restore the editable source file; The decryption process includes calling the operating system's built-in image viewer to decode, using the user's known document opening password, and using the user's biological characteristics to authorize access to the stored password in the system's key chain.

8. The static document privacy protection method according to claim 6, characterized in that, Step S2 also includes: Users can select or click any text area in the document preview interface with their mouse to dynamically add the corresponding text content as a new organizational information entry to the user-defined organizational information library.

9. The static document privacy protection method according to claim 6, characterized in that, The one-click hiding in step S4 includes: In response to the user's one-click hide command, all sensitive information displayed in the document preview interface is replaced in batches with corresponding, distinguishable placeholders according to the categories in the organization information database.

10. The static document privacy protection method according to any one of claims 6 to 9, characterized in that, It also includes the following steps: S6. Output the generated privacy-cleaning document in the same format as the original document or in a static format specified by the user. If the original document is an encrypted document, the privacy-cleaning document is re-encrypted using an encryption method before output, according to the user's instructions.