CN108418802A - A kind of access control method and system of shared file - Google Patents
A kind of access control method and system of shared file Download PDFInfo
- Publication number
- CN108418802A CN108418802A CN201810107309.9A CN201810107309A CN108418802A CN 108418802 A CN108418802 A CN 108418802A CN 201810107309 A CN201810107309 A CN 201810107309A CN 108418802 A CN108418802 A CN 108418802A
- Authority
- CN
- China
- Prior art keywords
- shared file
- user
- file
- access
- management end
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides a kind of access control method of shared file and systems, and wherein method includes that management end is installed on file server, installs user terminal on the user computer, further comprising the steps of:Management end installation file filtration drive on the network interface card of file server;The permission that local account accesses shared file is configured by the management end;Subscriber computer passes through client connection management end;Subscriber computer input file server local Account Logon file server;Subscriber computer initiates to access shared file request, and filter Driver on FSD judges whether the user is mounted with client;Otherwise, refusal subscriber computer accesses the request of shared file;Filter Driver on FSD parse its access shared file request whether meet management end configure access shared file permission, if so, allowing to access;Otherwise, refusal subscriber computer accesses the request of shared file.This programme disclosure satisfy that the demand for security of shared file.
Description
Technical field
The present invention relates to file-sharing access control technology field more particularly to a kind of access control methods of shared file
And system.
Background technology
Currently, realizing that the specific method of file-sharing access control has three based on SMB/SMB2 agreements and ntfs file system
Kind:
1, the file access permission control based on Windows server OS local accounts.Concrete methods of realizing is:
Shared file is set in a Windows server OS, then file system type ntfs configures local account pair
The corresponding access rights of shared file when other computer to access shared files of LAN, need to input server local account first
Family carries out sign-on access, then controls it and accesses the permission of shared file.
2, the file access permission control based on the domains Windows user.Shared file, file are set on a server
System type is ntfs, and the corresponding authority that domain account accesses different sharing file then is arranged by domain controller, and user accesses
Input domain account is logged in when shared file, is then controlled it and is accessed the permission of shared file.
3, by adding a file-sharing proxy server, user between subscriber computer and file-sharing server
Computer threaded file shares proxy server, and file-sharing proxy server threaded file shared server is total by file
Proxy server is enjoyed to realize access control of the subscriber computer to file in file-sharing server.
Although by the above-mentioned means, the control to Windows server shared file access rights can be realized.But
It is, as enterprise-essential classified papers, critical data are on the increase, to be proposed to the protection of server file data higher
It is required that.Technological means originally can no longer meet the protection that enterprise protects these vital documents, critical data, especially when this
When a little files are accessed in a manner of shared file by LAN subscriber, the safety of these file datas how is protected, enterprise is become
The importance of network management.
Invention content
In view of this, the technical problem to be solved in the present invention is to provide a kind of access control method of shared file and being
System, disclosure satisfy that the demand for security of shared file.
The technical proposal of the invention is realized in this way:
A kind of access control method of shared file, management end is installed on file server, is pacified on the user computer
User terminal is filled, it is further comprising the steps of:
S1:Management end installation file filtration drive on the network interface card of file server;It is configured by the management end local
The permission of account access shared file;Subscriber computer passes through client connection management end;
S2:Subscriber computer input file server local Account Logon file server;
S3:Subscriber computer initiates to access shared file request, and filter Driver on FSD judges whether the user is mounted with
Client;If so, executing S4;Otherwise, refusal subscriber computer accesses the request of shared file, and management end will refuse result encapsulation
And it is sent to user computer;
S4:Filter Driver on FSD parse its access shared file request whether meet management end configuration access share
The permission of file, if so, allowing to access;Otherwise, refusal subscriber computer accesses the request of shared file, and management end will be refused
As a result it encapsulates and is sent to user computer.
Preferably, the management end is attached and is communicated by SMB/SMB2 agreements with the client.
Preferably, the permission for accessing shared file includes:
Policer operation:User is recorded to act the access of shared file;
And/or;
Forbid changing:User is forbidden to change shared file or Shared Folders;
And/or;
Deletion disabled:User is forbidden to delete shared file or Shared Folders;
And/or;
Forbid shearing:User is forbidden to shear shared file or Shared Folders;
And/or;
Forbid renaming:Forbid user's renaming shared file or Shared Folders;
And/or;
Forbid replicating shared file:User is forbidden to replicate shared file when being not switched on shared file;
And/or;
Forbid replicating shared file content:Its content is replicated after forbidding user to open shared file;
And/or;
Forbid saving as:Other paths are saved as after forbidding user to open shared file;
And/or;
Forbid pulling:User is forbidden to drag shared file;
And/or;
Non-print:User is forbidden to print shared file;
And/or;
Forbid reading:User is forbidden to read shared file.
Preferably, after the S4, further include:
S5:The request that subscriber computer is accessed shared file by filter Driver on FSD is transmitted to management end, management end record
The access log of user.
Preferably, the access log record content includes:The IP address of subscriber computer, MAC Address, login service device
Local account, the action for accessing shared file, the shared file accessed and its path, the time for accessing shared file and pipe
Reason person logs in the daily record of this system, the permission of administrator configurations local user access shared file.
A kind of access control system of shared file, management end is installed on file server, is pacified on the user computer
User terminal is filled, further includes:
Link block, for controlling management end installation file filtration drive on the network interface card of file server;By described
Management end configures the permission that local account accesses shared file;Control subscriber computer passes through client connection management end;
Log-in module, for controlling subscriber computer input file server local Account Logon file server;
Client judgment module, for initiating to access shared file request when subscriber computer, filter Driver on FSD judges
Whether the user is mounted with client;If so, shared file request is sent to permission judgment module;Otherwise, refuse user
Computer accesses the request of shared file, and management end will refuse result and encapsulate and be sent to user computer;
Permission judgment module, for parsing whether the request of shared file of its access meets pipe by filter Driver on FSD
The permission for managing the access shared file of end configuration, if so, allowing to access;Otherwise, refusal subscriber computer accesses shared file
Request, management end encapsulates by result is refused and is sent to user computer.
Preferably, further include:
Access permission module accesses the function of shared file for the taken third party software of license user to be arranged.
Preferably, further include:
Binding authentication module, for when user accesses shared file, IP and MAC Address and local account to be carried out to it
Multiple bindings certification, meet binding user allow access shared file, otherwise by denied access shared file.
Preferably, further include:
Global setup module:Operation, client instructions distribution and user function list for system to be arranged.
Preferably, further include:
Log audit module is used for record access daily record.
The access control method and system of shared file proposed by the present invention, user are not necessarily to control in file server or domain
It is local account or the specific access rights of domain account setup shared file on device, it is only necessary to be set on the server by management end
Full access right is set, all specific access rights of shared file can click directly on mouse on the management end interface of system
Can be completed setting, setting is quick and easy, it is efficient the features such as, be suitble to all levels network management personnel to use;It is not necessarily to simultaneously
The mode that proxy server is set up on user and file server accesses shared file, on the one hand save spending, keeps away
Exempt from user separately to purchase and installation agent service, reduces workload;On the other hand, due between user and file server not
By the transfer and filtering of proxy server shared file caused by frequent transfer is avoided so as to realize that linear speed accesses
Access speed is slack-off, delay phenomenon, ensure that shared file access efficiency to greatest extent.In addition it is also possible to avoid because installing additional
Proxy server and the Single Point of Faliure risk that may cause.
Description of the drawings
Fig. 1 is the flow chart of the access control method for the shared file that the embodiment of the present invention proposes;
Fig. 2 is the structure diagram of the access control system for the shared file that the embodiment of the present invention proposes.
Specific implementation mode
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation describes, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the embodiment of the present invention proposes a kind of access control method of shared file, on file server
Management end is installed, user terminal is installed on the user computer, it is further comprising the steps of:
S101:Management end installation file filtration drive on the network interface card of file server;This is configured by the management end
The permission of ground account access shared file;Subscriber computer passes through client connection management end;
S102:Subscriber computer input file server local Account Logon file server;
S103:Subscriber computer initiates to access shared file request, and filter Driver on FSD judges whether the user installs
Client;If so, executing S4;Otherwise, refusal subscriber computer accesses the request of shared file, and management end will refuse result envelope
It fills and is sent to user computer;
S104:Filter Driver on FSD parse its access shared file request whether meet management end configuration access be total to
The permission of file is enjoyed, if so, allowing to access;Otherwise, refusal subscriber computer accesses the request of shared file, and management end will refuse
Exhausted result encapsulates and is sent to user computer.
As it can be seen that the access control method for the shared file that the embodiment of the present invention proposes, user be not necessarily in file server or
It is local account or the specific access rights of domain account setup shared file on domain controller, it is only necessary to pass through pipe on the server
Manage end be arranged full access right, all specific access rights of shared file can on the management end interface of system direct point
Hit mouse and can be completed setting, setting is quick and easy, it is efficient the features such as, be suitble to all levels network management personnel to use;Together
The mode that Shi Wuxu sets up proxy server on user and file server accesses shared file, on the one hand save out
Branch, avoid user separately purchase with installation agent service, reduce workload;On the other hand, due to user and file server
Between avoided caused by frequent transfer altogether without the transfer and filtering of proxy server so as to realize that linear speed accesses
Enjoy file access slow, delay phenomenon, ensure that shared file access efficiency to greatest extent.In addition it is also possible to avoid because
The Single Point of Faliure risk that may cause to have installed proxy server additional.
In the present embodiment, client can be connect with management end automatically, (such as pass through L3 Switching if it is cross-network segment
Machine has divided multiple network segments), then need the IP address for being manually entered server in client that can connect).
In a preferred embodiment of the invention, the management end is carried out with the client by SMB/SMB2 agreements
It is connected and communicate with.
Specifically, SMB (full name is Server Message Block) is a protocol name, it can be used for Web connections
Information communication between client and server.
In a preferred embodiment of the invention, state access shared file permission include:
Policer operation:User is recorded to act all access of shared file;
And/or;
Forbid changing:User is forbidden to change shared file or Shared Folders;
And/or;
Deletion disabled:User is forbidden to delete shared file or Shared Folders;
And/or;
Forbid shearing:User is forbidden to shear shared file or Shared Folders;
And/or;
Forbid renaming:Forbid user's renaming shared file or Shared Folders;
And/or;
Forbid replicating shared file:User is forbidden to replicate shared file when being not switched on shared file;
And/or;
Forbid replicating shared file content:Its content is replicated after forbidding user to open shared file;
And/or;
Forbid saving as:Other paths are saved as after forbidding user to open shared file;
And/or;
Forbid pulling:User is forbidden to drag shared file;
And/or;
Non-print:User is forbidden to print shared file;
And/or;
Forbid reading:User is forbidden to read shared file.
In the present embodiment, for " policer operation ", " forbidding changing ", " deletion disabled ", " forbidding shearing/renaming ",
The shared file of " forbidding replicating file ", " forbidding pulling ", " forbidding creating " and " forbidding reading " routine accesses the pipe of behavior
Control.
Wherein, for " policer operation ", " forbidding changing ", " deletion disabled ", " forbidding shearing/renaming ", " forbid new
Build " and the functions such as " forbidding reading " realization, be to be realized by the deep analysis to network share agreement SMB/SMB2.When
When user accesses shared file, system will capture the SMB/SMB2 messages of its share and access, and preserve the net of its beginning and end
Network session (Net Session) information, then during network share session carries out, according to the setting of management end application program
Rule accesses the path of shared file to user and behavior judges, if not meeting jurisdictions mandate (as without deleting permission
When attempt delete shared file), then change the information of share and access network message so that SMB server denied access, to hinder
Only it accesses behavior, and records relevant interception daily record;If meeting the access rights rule of management end setting, allow its visit
It asks and records its access log.
The management and control of behavior is accessed for " forbidding saving as ", " non-print ", " forbidding replicating file content " etc..Due to
When carrying out above-mentioned shared file access behavior, local is opened and be cached to shared file in user computer, manages at this time at family
Reason end can not access the management and control of permission again.Therefore, in such cases, it is necessary to which fit end is realized.That is, working as
When user chooses this three functions, management end then can real-time verification client whether install and be successfully connected to management end, if
Client is not successfully connected to management end, is now in the needs of shared file safety management, and management end can refuse this client
Hold computer to access shared file.And once client is connected to management end, then management end can send authority information in real time
To client, shared file path that then client can be sent according to management end and shared file name monitor user's opening
Whether file is shared file, once being confirmed as shared file, then monitors it in real time and opens the specific access row after shared file
For.When carrying out " printing ", " saving as " two kinds of access behaviors due to user, the window containing " printing ", " saving as " can be popped up
Keyword, then client will close its window information in real time, and terminate the access of shared file, prevent its unauthorized access shared
The behavior of file.For " forbid replicate shared file content " realized based on HOOK technologies, when management end enables needle
When to " forbid replicate file content " function of shared file, then be notified that client by HOOK.DLL be loaded into system operation into
Cheng Zhong, in application layer using HOOK interceptions to all system call functions of clipbook.Meanwhile in order to prevent user by third
In the case that square software replicates shared file content without the shear plate by operating system, system can be further to visitor
Family end carries out keyboard HOOK when accessing shared file (such as Ctrl+C, Ctrl+V and Ctrl+Alt+A etc. supports user to make by oneself
Justice) and right-click menu the Copy button HOOK, prevent user to be copied directly to let out in third party software by shared file content
The behavior of close shared file.
In addition, client also closes window name (Window Name), window class name using application program or operating system
(Windows Class), window progress information (Window Process), window description (Windows Description) etc.
Further realize the control of " access permission ", that is, directly refusal client computer operation third party software (such as will be shared
File drags to chat software window and sends, shared file is uploaded to Dropbox, shared file is added to Email attachment
Send), it prevents through third party software come the behavior of unauthorized access shared file.
In a preferred embodiment of the invention, after the S104, further include:
S105:The request that subscriber computer is accessed shared file by filter Driver on FSD is transmitted to management end, management end note
Employ the access log at family.
In the present embodiment, access log is recorded, can be traced with incense follow-up audit and mistake.
In a preferred embodiment of the invention, the access log record content includes:The IP of subscriber computer
Location, MAC Address, login service device local account, the action for accessing shared file, the shared file accessed and its path, visit
Ask that the time of shared file and administrator log in the daily record of this system, the power of administrator configurations local user access shared file
Limit.
As shown in Fig. 2, the invention also provides a kind of access control system of shared file, installed on file server
Management end installs user terminal on the user computer, further includes:
Link block 201, for controlling management end installation file filtration drive on the network interface card of file server;Pass through institute
State the permission that management end configuration local account accesses shared file;Control subscriber computer passes through client connection management end;
Log-in module 202, for controlling subscriber computer input file server local Account Logon file server;
Client judgment module 203, for initiating to access shared file request when subscriber computer, filter Driver on FSD is sentenced
Whether the user of breaking is mounted with client;If so, shared file request is sent to permission judgment module;Otherwise, refusal is used
Family computer accesses the request of shared file, and management end will refuse result and encapsulate and be sent to user computer;
Permission judgment module 204, for parsing whether the request of shared file of its access accords with by filter Driver on FSD
The permission for closing the access shared file of management end configuration, if so, allowing to access;Otherwise, refusal subscriber computer accesses shared
The request of file, management end will refuse result and encapsulate and be sent to user computer.
As it can be seen that the access control system for the shared file that the embodiment of the present invention proposes, user be not necessarily in file server or
It is local account or the specific access rights of domain account setup shared file on domain controller, it is only necessary to pass through pipe on the server
Manage end be arranged full access right, all specific access rights of shared file can on the management end interface of system direct point
Hit mouse and can be completed setting, setting is quick and easy, it is efficient the features such as, be suitble to all levels network management personnel to use;Together
The mode that Shi Wuxu sets up proxy server on user and file server accesses shared file, on the one hand save out
Branch, avoid user separately purchase with installation agent service, reduce workload;On the other hand, due to user and file server
Between avoided caused by frequent transfer altogether without the transfer and filtering of proxy server so as to realize that linear speed accesses
Enjoy file access slow, delay phenomenon, ensure that shared file access efficiency to greatest extent.In addition it is also possible to avoid because
The Single Point of Faliure risk that may cause to have installed proxy server additional.
In a preferred embodiment of the invention, system further includes:
Access permission module accesses the function of shared file for the taken third party software of license user to be arranged.
This module passes through primarily to further control of the cooperation main program realization to user's access shared file behavior
Client (FileLockerMain.exe) saves as local disk, forbids replicating altogether after user can be forbidden to open shared file
Enjoy file (including the content of the inside is replicated after opening), non-print shared file etc..Meanwhile enabling secondary user in main program
In the case of verification, accessed again after visitor stops accessing and share shared, it is necessary to which in client, input administrator is it
Preset username and password can just access shared file again, otherwise will refuse its access.
By the coordinated of system client and management end, management end can monitor client and access shared text in real time
Used third party's tool software when part, if unlicensed tool, management end can provide integrated " access permission " work(
Can, real-time command client is turned off, and the behavior for forbidding user to access shared file using third party software may be implemented, from
And the unauthorized access behavior of shared file is avoided, protect the safety of shared file.
In a preferred embodiment of the invention, system further includes:
Binding authentication module, for when user accesses shared file, IP and MAC Address and local account to be carried out to it
Multiple bindings certification, meet binding user allow access shared file, otherwise by denied access shared file.
After enabling " binding authentication ", LAN subscriber, which must be added to list of bindings (white list), can access shared text
Otherwise part will be refused.
In a preferred embodiment of the invention, system further includes:
Global setup module:Operation, client instructions distribution and user function list for system to be arranged.
In a preferred embodiment of the invention, system further includes:
Log audit module is used for record access daily record.
Access log records content:IP address, MAC Address, the login service device local account of subscriber computer
Family, the action for accessing shared file, the shared file accessed and its path, the time of access shared file and administrator step on
Record the daily record of this system, the permission of administrator configurations local user access shared file.
In conclusion following effect at least may be implemented in the embodiment of the present invention:
In embodiments of the present invention, user is not necessarily to set for local account or domain account on file server or domain controller
Set the specific access rights of shared file, it is only necessary to which full access right is set on the server, and shared file is all specific
Access rights can click directly on mouse on the management end interface of system and setting can be completed, and have objective interface, setting fast
It is prompt simple, it is efficient the features such as, be suitble to all levels network management personnel to use.
In embodiments of the present invention, administrator visits without setting up the mode of proxy server on user and file server
Shared file is asked, on the one hand save spending so that user separately purchases and installation agent service, reduces workload;
On the other hand, due between user and file server without the transfer of proxy server and filtering, so as to realize line
Speed accesses, and shared file access speed caused by avoiding frequent transfer is slack-off, delay phenomenon, ensure that shared text to greatest extent
Part access efficiency.In addition it is also possible to avoid because of the Single Point of Faliure risk that has installed proxy server additional and may cause.
In embodiments of the present invention, system may be implemented the finest by the coordinated of management end and client
Shared file access privilege control.It reads shared file currently, exclusively realizing and only allowing and forbids replicating shared file content, only
It allows and opens shared file and forbidding and save as local disk, only allow modification shared file and deletion disabled shared file, Yi Jijin
The behavior for only dragging shared file, non-print shared file, greatly protects the safety of shared file, prevents user random
The risk of divulging a secret for accessing shared file and causing.In addition, by the coordinated of management end and client, real-time verification function,
It can prevent unauthorized user from arbitrarily accessing the behavior that unit Intranet accesses shared file, further protect shared file
Safety.
In embodiments of the present invention, by the coordinated of system client and management end, management end can monitor in real time
Client used third party's tool software when accessing shared file, if unlicensed tool, management end can provide
Integrated " access permission " function, real-time command client are turned off, and may be implemented that user is forbidden to visit using third party software
The behavior for asking shared file protects the safety of shared file so as to avoid the unauthorized access behavior of shared file.
In embodiments of the present invention, by the coordinated of client and management end, management end can pass through the system integration
" binding authentication " function, can to user carry out IP and MAC Address and logon account multiple bindings function, once client
End computer arbitrarily changes the IP address or MAC Address of oneself computer, and system accesses the behavior of shared file by it is refused, to protect
The safety of shared file is protected.
In embodiments of the present invention, the real-time linkage function that system passes through client and management end so that user can be
Management end carries out personalized access privilege extension setting function, and can be with real-time delivery to client, to realize
Personalized, expansible shared file access rights setting, can meet the shared file access right that user is lasting, personalized
Limit management.
In embodiments of the present invention, shared file access log is recorded, convenient for subsequent for future reference and audit
Finally, it should be noted that:The foregoing is merely presently preferred embodiments of the present invention, is merely to illustrate the skill of the present invention
Art scheme, is not intended to limit the scope of the present invention.Any modification for being made all within the spirits and principles of the present invention,
Equivalent replacement, improvement etc., are included within the scope of protection of the present invention.
Claims (10)
1. a kind of access control method of shared file, which is characterized in that install management end on file server, counted in user
User terminal is installed on calculation machine, it is further comprising the steps of:
S1:Management end installation file filtration drive on the network interface card of file server;Local account is configured by the management end
Access the permission of shared file;Subscriber computer passes through client connection management end;
S2:Subscriber computer input file server local Account Logon file server;
S3:Subscriber computer initiates to access shared file request, and filter Driver on FSD judges whether the user is mounted with client
End;If so, executing S4;Otherwise, refusal subscriber computer accesses the request of shared file, and it is concurrent that management end will refuse result encapsulation
Give user computer;
S4:Whether the request that filter Driver on FSD parses the shared file of its access meets the access shared file that management end configures
Permission, if so, allowing to access;Otherwise, refusal subscriber computer accesses the request of shared file, and management end will refuse result
It encapsulates and is sent to user computer.
2. the access control method of shared file as described in claim 1, which is characterized in that the management end and the client
End is attached and is communicated by SMB/SMB2 agreements.
3. the access control method of shared file as described in claim 1, which is characterized in that the power for accessing shared file
Limit includes:
Policer operation:User is recorded to act the access of shared file;
And/or;
Forbid changing:User is forbidden to change shared file or Shared Folders;
And/or;
Deletion disabled:User is forbidden to delete shared file or Shared Folders;
And/or;
Forbid shearing:User is forbidden to shear shared file or Shared Folders;
And/or;
Forbid renaming:Forbid user's renaming shared file or Shared Folders;
And/or;
Forbid replicating shared file:User is forbidden to replicate shared file when being not switched on shared file;
And/or;
Forbid replicating shared file content:Its content is replicated after forbidding user to open shared file;
And/or;
Forbid saving as:Other paths are saved as after forbidding user to open shared file;
And/or;
Forbid pulling:User is forbidden to drag shared file;
And/or;
Non-print:User is forbidden to print shared file;
And/or;
Forbid reading:User is forbidden to read shared file.
4. the access control method of shared file as described in any one of claims 1-3, which is characterized in that the S4 it
Afterwards, further include:
S5:The request that subscriber computer is accessed shared file by filter Driver on FSD is transmitted to management end, and management end records user
Access log.
5. the access control method of shared file as claimed in claim 4, which is characterized in that the access log records content
Including:The IP address of subscriber computer, login service device local account, the action for accessing shared file, is accessed MAC Address
Shared file and its path, access the time of shared file and administrator logs in the daily record of this system, administrator configurations sheet
Ground user accesses the permission of shared file.
6. a kind of access control system of shared file, which is characterized in that install management end on file server, counted in user
User terminal is installed on calculation machine, further includes:
Link block, for controlling management end installation file filtration drive on the network interface card of file server;Pass through the management
End configuration local account accesses the permission of shared file;Control subscriber computer passes through client connection management end;
Log-in module, for controlling subscriber computer input file server local Account Logon file server;
Client judgment module, described in when subscriber computer initiation access shared file request, filter Driver on FSD judges
Whether user is mounted with client;If so, shared file request is sent to permission judgment module;Otherwise, refusal user calculates
Machine accesses the request of shared file, and management end will refuse result and encapsulate and be sent to user computer;
Permission judgment module, for parsing whether the request of shared file of its access meets management end by filter Driver on FSD
The permission of the access shared file of configuration, if so, allowing to access;Otherwise, refusal subscriber computer accesses asking for shared file
It asks, management end will refuse result and encapsulate and be sent to user computer.
7. the access control system of shared file as claimed in claim 6, which is characterized in that further include:
Access permission module accesses the function of shared file for the taken third party software of license user to be arranged.
8. the access control system of shared file as claimed in claim 6, which is characterized in that further include:
Binding authentication module, for when user accesses shared file, the more of IP and MAC Address and local account to be carried out to it
Weight binding authentication, the user for meeting binding allows to access shared file, otherwise by denied access shared file.
9. the access control system of shared file as claimed in claim 6, which is characterized in that further include:
Global setup module:Operation, client instructions distribution and user function list for system to be arranged.
10. the access control system of shared file as claimed in claim 6, which is characterized in that further include:
Log audit module is used for record access daily record.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810107309.9A CN108418802A (en) | 2018-02-02 | 2018-02-02 | A kind of access control method and system of shared file |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810107309.9A CN108418802A (en) | 2018-02-02 | 2018-02-02 | A kind of access control method and system of shared file |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN108418802A true CN108418802A (en) | 2018-08-17 |
Family
ID=63126792
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810107309.9A Pending CN108418802A (en) | 2018-02-02 | 2018-02-02 | A kind of access control method and system of shared file |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108418802A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109495487A (en) * | 2018-12-03 | 2019-03-19 | 杭州数梦工场科技有限公司 | Manage the method and device of data |
| CN109858243A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | The method and apparatus for tracking viral source |
| CN111092845A (en) * | 2018-10-24 | 2020-05-01 | 珠海格力电器股份有限公司 | Early warning evaluation method and system for accessing confidential files |
| CN111399927A (en) * | 2018-12-14 | 2020-07-10 | 北京奇虎科技有限公司 | Method and device for sharing Class file by application and computing equipment |
| CN111953714A (en) * | 2019-05-14 | 2020-11-17 | 华为技术有限公司 | File sharing method, communication device and storage medium |
| CN112019516A (en) * | 2020-08-03 | 2020-12-01 | 杭州迪普科技股份有限公司 | Access control method, device, equipment and storage medium for shared file |
| CN114816203A (en) * | 2022-06-30 | 2022-07-29 | 天津联想协同科技有限公司 | Shortcut operation method, device, terminal and storage medium suitable for network disk drive letter |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101256570A (en) * | 2008-02-22 | 2008-09-03 | 山东中创软件工程股份有限公司 | File protection technique based on Windows system files filtering drive |
| CN101459697A (en) * | 2009-01-07 | 2009-06-17 | 清华大学 | Access method and apparatus for shared document |
| CN101916349A (en) * | 2010-07-30 | 2010-12-15 | 中山大学 | File access control method based on filter driving, system and filer manager |
| CN201682524U (en) * | 2010-04-19 | 2010-12-22 | 北京时代亿信科技有限公司 | Document transfer authority control system based on document filtering driver |
| CN101944107A (en) * | 2010-08-31 | 2011-01-12 | 南京赛孚科技有限公司 | Document management method |
| CN102467618A (en) * | 2010-11-04 | 2012-05-23 | 上海宝信软件股份有限公司 | Auditing system and method for shared file operation in local area network |
| CN103561034A (en) * | 2013-11-11 | 2014-02-05 | 武汉理工大学 | Secure file sharing system |
| CN106203187A (en) * | 2016-06-26 | 2016-12-07 | 厦门天锐科技股份有限公司 | The USB storage device method for limiting of a kind of filter Driver on FSD and system |
-
2018
- 2018-02-02 CN CN201810107309.9A patent/CN108418802A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101256570A (en) * | 2008-02-22 | 2008-09-03 | 山东中创软件工程股份有限公司 | File protection technique based on Windows system files filtering drive |
| CN101459697A (en) * | 2009-01-07 | 2009-06-17 | 清华大学 | Access method and apparatus for shared document |
| CN201682524U (en) * | 2010-04-19 | 2010-12-22 | 北京时代亿信科技有限公司 | Document transfer authority control system based on document filtering driver |
| CN101916349A (en) * | 2010-07-30 | 2010-12-15 | 中山大学 | File access control method based on filter driving, system and filer manager |
| CN101944107A (en) * | 2010-08-31 | 2011-01-12 | 南京赛孚科技有限公司 | Document management method |
| CN102467618A (en) * | 2010-11-04 | 2012-05-23 | 上海宝信软件股份有限公司 | Auditing system and method for shared file operation in local area network |
| CN103561034A (en) * | 2013-11-11 | 2014-02-05 | 武汉理工大学 | Secure file sharing system |
| CN106203187A (en) * | 2016-06-26 | 2016-12-07 | 厦门天锐科技股份有限公司 | The USB storage device method for limiting of a kind of filter Driver on FSD and system |
Non-Patent Citations (2)
| Title |
|---|
| 于少华: "基于文件过滤驱动的文件内容保护系统的设计与实现", 《中国优秀硕士学位论文全文数据库信息科技辑》 * |
| 张焕国等: "《可信计算》", 31 August 2011, 武汉:武汉大学出版社 * |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111092845A (en) * | 2018-10-24 | 2020-05-01 | 珠海格力电器股份有限公司 | Early warning evaluation method and system for accessing confidential files |
| CN111092845B (en) * | 2018-10-24 | 2021-02-26 | 珠海格力电器股份有限公司 | Early warning evaluation method and system for accessing confidential files |
| CN109495487A (en) * | 2018-12-03 | 2019-03-19 | 杭州数梦工场科技有限公司 | Manage the method and device of data |
| CN111399927A (en) * | 2018-12-14 | 2020-07-10 | 北京奇虎科技有限公司 | Method and device for sharing Class file by application and computing equipment |
| CN109858243A (en) * | 2018-12-29 | 2019-06-07 | 北京奇安信科技有限公司 | The method and apparatus for tracking viral source |
| CN111953714A (en) * | 2019-05-14 | 2020-11-17 | 华为技术有限公司 | File sharing method, communication device and storage medium |
| CN111953714B (en) * | 2019-05-14 | 2022-07-12 | 华为技术有限公司 | File sharing method, communication device and storage medium |
| CN112019516A (en) * | 2020-08-03 | 2020-12-01 | 杭州迪普科技股份有限公司 | Access control method, device, equipment and storage medium for shared file |
| CN112019516B (en) * | 2020-08-03 | 2023-03-24 | 杭州迪普科技股份有限公司 | Access control method, device, equipment and storage medium for shared file |
| CN114816203A (en) * | 2022-06-30 | 2022-07-29 | 天津联想协同科技有限公司 | Shortcut operation method, device, terminal and storage medium suitable for network disk drive letter |
| CN114816203B (en) * | 2022-06-30 | 2022-11-11 | 天津联想协同科技有限公司 | Shortcut operation method, device, terminal and storage medium suitable for network disk drive letter |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108418802A (en) | A kind of access control method and system of shared file | |
| US10685107B2 (en) | Detection of malicious intent in privileged identity environments | |
| US7565683B1 (en) | Method and system for implementing changes to security policies in a distributed security system | |
| US7478418B2 (en) | Guaranteed delivery of changes to security policies in a distributed system | |
| US9917863B2 (en) | Method and system for implementing mandatory file access control in native discretionary access control environments | |
| AU658720B2 (en) | Computer system security | |
| KR101229205B1 (en) | Ip for switch based acl's | |
| DE60218615T2 (en) | Method and architecture for the pervasive protection of digital goods | |
| CN101594360B (en) | Local area network system and method for maintaining safety thereof | |
| CN104978543A (en) | Mobile terminal information safety protection system and method | |
| CN111988292B (en) | Method, device and system for accessing Internet by intranet terminal | |
| CN102693373A (en) | Service information protective device | |
| CN114244651A (en) | Cloud desktop-based remote office implementation system and method | |
| KR101299051B1 (en) | Environment setting device and method according to the user account | |
| CN111815301A (en) | Cooperative office management and control method and device and readable storage medium | |
| JP2002324011A (en) | Storage system | |
| KR101056423B1 (en) | Program Execution Management Method and Record Media Using Logged-In Account Control | |
| WO2023142087A1 (en) | Method for realizing cloud resource multi-account permission management and control for cloud host and cloud bastion host | |
| US10284554B2 (en) | Systems for providing device-specific access to an e-mail server | |
| EP2790123B1 (en) | Generating A Data Audit Trail For Cross Perimeter Data Transfer | |
| EP2431906B1 (en) | Method for inspecting actions with data | |
| KR101992972B1 (en) | A safety access control system for risky commands using a session sharing of server remote access | |
| KR102269885B1 (en) | An access control system of making up customized server work environment for each user | |
| US20240171528A1 (en) | Information processing method and storage medium | |
| KR102110821B1 (en) | A rights converting system for user accounts using rights of the super account |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180817 |