CN102868748B - A kind of file security shared system and file security shared server, client - Google Patents
A kind of file security shared system and file security shared server, client Download PDFInfo
- Publication number
- CN102868748B CN102868748B CN201210350417.1A CN201210350417A CN102868748B CN 102868748 B CN102868748 B CN 102868748B CN 201210350417 A CN201210350417 A CN 201210350417A CN 102868748 B CN102868748 B CN 102868748B
- Authority
- CN
- China
- Prior art keywords
- module
- client
- file
- server
- shared
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012544 monitoring process Methods 0.000 claims description 19
- 238000000034 method Methods 0.000 claims description 7
- 239000000284 extract Substances 0.000 claims description 3
- 230000005540 biological transmission Effects 0.000 abstract description 8
- 238000007726 management method Methods 0.000 description 54
- 238000012546 transfer Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000010606 normalization Methods 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Abstract
The invention provides a kind of file security shared system and file security shared server, client, utilize network TCP/IP transmission technology and file filter technology, the file of Intranet inside is copied to arbitrarily shared file underedge realize encryption, the computer in Intranet must access shared file must enter a safety desktop just can access file.Otherwise all clients can only read the data of oneself, thus realize carrying out effective management and pre-Anti-theft to inner shared file.
Description
Technical field
The present invention relates to a kind of secret and safe technology based on file-sharing, particularly relate to and be a kind ofly applied to file security shared system in the network architecture and file security shared server, client
Background technology
In recent years, along with the development of network and universal, internet (Internet) and LAN (LocalAreaNetwork; LAN) main tool of office automation is become gradually.And the transmission of network file is undoubtedly the primary demand of people to network, so-called web document transfer refers to that file is followed certain rule and transmitted between each computer by internet or LAN, such as the exchange between client and client, between client and server or between server and server, realize resource-sharing.
Present many enterprises, especially the scale of group enterprise is increasing, all establishing branch company all over the world, in order to realize general headquarters and branch company or the file transfer between branch company and branch company or resource-sharing, mostly all having set up LAN in each branch company inside.In order to realize the transfer of data of high speed, large carrying capacity and high security, most employing private line access, namely by special circuit, respective LAN is carried out interconnected, the feature of private line access is that transmission speed is fast, on-line normalization stable and transmission data encipher, and its attainable business has Enterprise Resources Planning (EnterpriseResourcePlanning; ERP), office automation (OfficeAutomation; OA) copy etc. of data interconnection, ERP or OA file.
Client in existing network and the exchange between client, between client and server or between server and server, realizing resource-sharing is based on the technology of sharing of windows acquiescence, utilizes network TCP/IP transmission technology to realize resource-sharing.But, in the application of reality, need file-sharing to be required usually operator has certain computer knowledge and technical ability, and in the process of file-sharing, movement and the event trace of intra-sharing file can not be recorded, and then with sharing, safe hidden danger and the increase of management cost are caused to the safe transmission of file.
Thus, how a kind of effective management means is provided, to solve the aforementioned problems in the prior, has become practitioner in the art's problem demanding prompt solution in fact.
Summary of the invention
The shortcoming of prior art in view of the above, the object of the present invention is to provide a kind of file security shared system and file security shared server, client, for solving in prior art the problems such as the increase that there is safe hidden danger and management cost.
For achieving the above object and other relevant objects, the invention provides a kind of file security shared server, be applied in the network architecture including multiple client, described file security shared server at least comprises: initialization module, generates the file of a server ID and permission client-access when initialization procedure; Monitoring module, connecting described initialization module, for monitoring the information from each client; Log management module, connects described monitoring module, for recording operation and the Operation Log of described server; Client manager module, connects described monitoring module, after receiving the information from a client, divides into groups to make can mutually access between the client of same group to described client; Statistics management module, connects described client manager module, for adding up the operation note of shared file in each client; Strategy distribution module, connect described client manager module, group for distributing described client manager module is encrypted with generation server key, generates the read-write of Long-distance Control shared file and the strategy of number of operations simultaneously, and gives each client by this strategy and server key distribution.
In file security shared server of the present invention, also comprise network management module, connect described client manager module, after receiving the information from a client, extract the IP information of this client and mac address information with the long-range IP arranging each client.
In file security shared server of the present invention, also comprise access administration module, connect described network management module, the IP arranged according to described network management module is to make access or mutually isolated mutually between client.
In file security shared server of the present invention, also comprise Sharing Management module, connect described log management module, Long-distance Control with open or close respectively this client share.
In file security shared server of the present invention, the described monitoring module information monitored from each client comprises the machine number information of client, IP address information and mac address information.
In file security shared server of the present invention, the operation note of described shared file comprises opens at least one in number of times, establishment fileinfo and deleted file information.
The present invention also provides a kind of file security to share client, be applied to and include in the network architecture of server, and be connected with at least another client in same group in the described network architecture, described file security is shared client and is at least comprised: obtain sharing module, the communal space of the client in traversal server or same group, and when prestoring shared file in the described communal space, it is monitored; Controlling sharing module, connecting described acquisition sharing module, for choosing the shared file of monitoring; Cipher key initialization module, connects described control shared file module, according to machine number and the user number generation symmetric key of described client; File encryption module, connects described control shared file module, is encrypted according to described symmetric key to the shared file chosen; Key management module, connects described cipher key initialization module, the symmetric key of described cipher key initialization CMOS macro cell and machine number and user number is matched, and generates related information; Key Acquisition Module, connects described key management module, according to described related information demand file management; Strategy acquisition module, connects described server, obtain that described server issues for the read-write of Long-distance Control shared file and the strategy of number of operations and server key; Document management module, connect described Key Acquisition Module, file sharing module and tactful acquisition module, according to described related information, the strategy issue described server and the symmetric key of server key and cipher key initialization CMOS macro cell contrast, and in contrast by rear request decryption sharing file; Deciphering module, connects described document management module, provides the read-write operation of shared file after receiving the decoding request of described document management module; Logging modle, connects described deciphering module, in order to record the operation note of described deciphering module and to be uploaded to described server.
Share in client at file security of the present invention, the shared file of described file encryption module encryption comprises from the shared file in the server communal space and from the shared file in the communal space of the client in same group.
Another file security shared system of the present invention, comprises above-mentioned file security shared server and file security shares client.
As mentioned above, file security shared system of the present invention and file security shared server, client, do not require that operator has certain computer knowledge and technical ability, and in the process of file-sharing, movement and the event trace of intra-sharing file can be recorded, and then strengthen the safe transmission of file and share and cause safety management, thus realize carrying out effective management and pre-Anti-theft to inner shared file.
Accompanying drawing explanation
Fig. 1 is shown as file security shared system structural representation of the present invention.
Element numbers explanation
1 file security shared server
10 initialization modules
11 monitor module
12 log management module
13 client manager module
14 statistics management module
15 strategy distribution modules
16 network management modules
17 access administration module
18 Sharing Management modules
3 file securities share client
30 obtain sharing module
31 control sharing module
32 cipher key initialization modules
33 file encryption module
34 key management module
35 Key Acquisition Modules
36 document management modules
37 tactful acquisition modules
38 deciphering modules
39 logging modles
Embodiment
Below by way of specific instantiation, embodiments of the present invention are described, those skilled in the art the content disclosed by this specification can understand other advantages of the present invention and effect easily.The present invention can also be implemented or be applied by embodiments different in addition, and the every details in this specification also can based on different viewpoints and application, carries out various modification or change not deviating under spirit of the present invention.
Refer to Fig. 1.It should be noted that, the diagram provided in the present embodiment only illustrates basic conception of the present invention in a schematic way, then only the assembly relevant with the present invention is shown in graphic but not component count, shape and size when implementing according to reality is drawn, it is actual when implementing, and the kenel of each assembly, quantity and ratio can be a kind of change arbitrarily, and its assembly layout kenel also may be more complicated.
Refer to Fig. 1, the invention provides a kind of file security shared system, share client 3 by file security shared server 1 and multiple file security to form, multiple file securities in the described network architecture share client 3 can be arranged in same group or different groups, described file security shared server 1 at least comprises: initialization module 10, monitor module 11, log management module 12, client manager module 13, statistics management module 14, strategy distribution module 15, network management module 16, access administration module 17, and Sharing Management module 18.
Described initialization module 10 generates a server ID and allows the file of client-access when initialization procedure; When namely authorizing initialization, the server ID generated when mainly server is installed allows the shared file of client with adding, server is put and can be worked.
Described monitoring module 11 connects described initialization module 10, for monitoring the information from each client; Described monitoring module 11 information monitored from each client comprises the machine number information of client, IP address information and mac address information.
Described log management module 12 connects described monitoring module 11, for recording operation and the Operation Log of described server; Described log management module 12 is also for daily record and the server Operation Log of management server operation.
Described client manager module 13 connects described monitoring module 11, after receiving the information from a client, divides into groups to make can mutually access between the client of same group to described client; Particularly, the machine number information of described client manager module 13 client of supervising based on described monitoring module 11, IP address information or mac address information divide into groups to it.
Described statistics management module 14 connects described client manager module 13, for adding up the operation note of shared file in each client; In the present embodiment, the operation note of described shared file comprises opens at least one or multiple in number of times, establishment fileinfo and deleted file information.In the implementation process of reality, described statistics management module 14 is connected to the logging modle that described file security shares client 3, receives the operation note that described logging modle is uploaded.
Described strategy distribution module 15 connects described client manager module 13, group for distributing described client manager module 13 is encrypted with generation server key, generate the read-write of Long-distance Control shared file and the strategy of number of operations simultaneously, and give each client by this strategy and server key distribution.
Described network management module 16 connects described client manager module 13, after receiving the information from a client, extracts the IP information of this client and mac address information with the long-range IP arranging each client.Namely monitor and pass the IP information and mac address information of coming from client, and can the IP of long-range this client of change, to realize the network management to each client.
Described access administration module 17 connects described network management module 16, and the IP arranged according to described network management module 16 is to make access or mutually isolated mutually between client.
Described Sharing Management module 18 connects described log management module 12, Long-distance Control with open or close respectively this client share.
Described file security is shared client 3 and is at least comprised: obtain sharing module 30, controls sharing module 31, cipher key initialization module 32, file encryption module 33, key management module 34, Key Acquisition Module 35, document management module 36, strategy acquisition module 37, deciphering module 38, logging modle 39.
The communal space of the client in described acquisition sharing module 30 traversal server or same group, and when prestoring shared file in the described communal space, it being monitored, from computer traversal share and supervise whether create shared.
Described control sharing module 31 connects described acquisition sharing module 30, for choosing the shared file of monitoring; Namely shared file is controlled, and could must access and normal read-write by remote computer under permission.
Described cipher key initialization module 32 connects described control shared file module, according to machine number and the user number generation symmetric key AES(AdvancedEncryptionStandard of described client, and the Advanced Encryption Standard in cryptography).
Described file encryption module 33 connects described control shared file module, is encrypted the shared file chosen according to described symmetric key; In the present embodiment, the shared file that described file encryption module 33 is encrypted comprises from the shared file in the server communal space and from the shared file in the communal space of the client in same group.
Described key management module 34 connects described cipher key initialization module 32, and the symmetric key generate described cipher key initialization module 32 and machine number and user number match, and generates related information.
Described Key Acquisition Module 35 connects described key management module 34, according to described related information demand file management.
Described tactful acquisition module 37 connects described server, obtain that described server issues for the read-write of Long-distance Control shared file and the strategy of number of operations and server key.
Described document management module 36 connects described Key Acquisition Module 35, file sharing module and tactful acquisition module 37, according to described related information, the symmetric key that the strategy issue described server and server key and cipher key initialization module 32 generate contrasts, and in contrast by rear request decryption sharing file.
Described deciphering module 38 connects described document management module 36, provides the read-write operation of shared file after receiving the decoding request of described document management module 36.Described logging modle 39 connects described deciphering module 38, in order to record the operation note of described deciphering module 38 and to be uploaded to described server.
In summary, after client initialization is complete, start TSR, and detect whether carry out unhook test, then travel through all share directories of machine and share directory monitored and uses the user name of machine number and machine to carry out symmetric cryptography.By replacement of keys (key management) and tactful contrast, read-write operation and record are carried out to shared file.And got on by the server that is saved in that log pattern is real-time, provide data to the statistics management module 14 of server.File management is liked shared safety by the strategy of comparison server, resides and accepts the policy information from server.
File security shared system provided by the invention mainly solves the mutual copied files of Intranet does not have file to move the problem with event trace, adopt the management system of this patent design can managing internal shared file effectively, and do not need the computer knowledge that the document management of great number also need not be too many, its main performing step is as follows:
First, initialization server, authorizes this computer according to the ID of a machine, and realizes the monitor function of server; Secondly, install client in inside, client generates a user name according to every platform computer and machine number is sent to server end, and detects intra-sharing file and be dealt into server in the lump, and is encrypted by file; Then, allow user be in identical group as long as divide to mix at the strategy of server and allow access mutually, client computer is just with normally equally accessing the computer that other are equipped with client, can certainly change after the user name of the automatic generation of client on server and machine number carry out certification and access, finally, everyone operation note and the File Open situation of client computer shared file is checked with the journal function of server.
In sum, file security shared system of the present invention and file security shared server, client, do not require that operator has certain computer knowledge and technical ability, and in the process of file-sharing, movement and the event trace of intra-sharing file can be recorded, and then strengthen the safe transmission of file and share and cause safety management, thus realize carrying out effective management and pre-Anti-theft to inner shared file.So the present invention effectively overcomes various shortcoming of the prior art and tool high industrial utilization.
Above-described embodiment is illustrative principle of the present invention and effect thereof only, but not for limiting the present invention.Any person skilled in the art scholar all without prejudice under spirit of the present invention and category, can modify above-described embodiment or changes.Therefore, such as have in art usually know the knowledgeable do not depart from complete under disclosed spirit and technological thought all equivalence modify or change, must be contained by claim of the present invention.
Claims (6)
1. a file security shared server, is applied in the network architecture including multiple client, it is characterized in that, described file security shared server at least comprises:
Initialization module, generates the file of a server ID and permission client-access when initialization procedure;
Monitoring module, connecting described initialization module, for monitoring the information from each client;
Log management module, connects described monitoring module, for recording operation and the Operation Log of described server;
Client manager module, connects described monitoring module, after receiving the information from a client, divides into groups to make can mutually access between the client of same group to described client;
Statistics management module, connects described client manager module, for adding up the operation note of shared file in each client;
Strategy distribution module, connect described client manager module, group for distributing described client manager module is encrypted with generation server key, generates the read-write of Long-distance Control shared file and the strategy of number of operations simultaneously, and gives each client by this strategy and server key distribution;
Network management module, connects described client manager module, after receiving the information from a client, extracts the IP information of this client and mac address information with the long-range IP arranging each client;
Access administration module, connects described network management module, and the IP arranged according to described network management module is to make access or mutually isolated mutually between client;
Sharing Management module, connects described log management module, Long-distance Control with open or close respectively this client share.
2. file security shared server according to claim 1, is characterized in that: the described monitoring module information monitored from each client comprises the machine number information of client, IP address information and mac address information.
3. file security shared server according to claim 1, is characterized in that: the operation note of described shared file comprises opens at least one in number of times, establishment fileinfo and deleted file information.
4. file security shares a client, is applied to and includes in the network architecture of server, and is connected with at least another client in same group in the described network architecture, and it is characterized in that, described file security is shared client and at least comprised:
Obtain sharing module, the communal space of the client in traversal server or same group, and when prestoring shared file in the described communal space, it is monitored;
Controlling sharing module, connecting described acquisition sharing module, for choosing the shared file of monitoring;
Cipher key initialization module, connects described control shared file module, according to machine number and the user number generation symmetric key of described client;
File encryption module, connects described control shared file module, is encrypted according to described symmetric key to the shared file chosen;
Key management module, connects described cipher key initialization module, the symmetric key of described cipher key initialization CMOS macro cell and machine number and user number is matched, and generates related information;
Key Acquisition Module, connects described key management module, manages according to the related information demand file including described symmetric key and machine number and user number;
Strategy acquisition module, connects described server, obtain that described server issues for the read-write of Long-distance Control shared file and the strategy of number of operations and server key;
Document management module, connect described Key Acquisition Module, file sharing module and tactful acquisition module, according to described related information, the strategy issue described server and the symmetric key of server key and cipher key initialization CMOS macro cell contrast, and in contrast by rear request decryption sharing file;
Deciphering module, connects described document management module, provides the read-write operation of shared file after receiving the decoding request of described document management module;
Logging modle, connects described deciphering module, in order to record the operation note of described deciphering module and to be uploaded to described server.
5. file security according to claim 4 shares client, it is characterized in that: the shared file of described file encryption module encryption comprises from the shared file in the server communal space and from the shared file in the communal space of the client in same group.
6. a file security shared system, is characterized in that, comprises above-mentioned file security shared server according to claim 1 and above-mentioned file security according to claim 4 shares client.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210350417.1A CN102868748B (en) | 2012-09-19 | 2012-09-19 | A kind of file security shared system and file security shared server, client |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210350417.1A CN102868748B (en) | 2012-09-19 | 2012-09-19 | A kind of file security shared system and file security shared server, client |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102868748A CN102868748A (en) | 2013-01-09 |
| CN102868748B true CN102868748B (en) | 2016-03-09 |
Family
ID=47447334
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210350417.1A Expired - Fee Related CN102868748B (en) | 2012-09-19 | 2012-09-19 | A kind of file security shared system and file security shared server, client |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102868748B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103634320A (en) * | 2013-12-05 | 2014-03-12 | 青岛海尔软件有限公司 | Novel remote access system |
| CN106919828B (en) * | 2017-04-20 | 2023-04-07 | 北京蓝海华业科技股份有限公司 | IDC computer lab intelligent management system |
| CN107948184A (en) * | 2017-12-07 | 2018-04-20 | 温州你创我帮网络科技有限公司 | A kind of teledata shared system based on internet |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1832398A (en) * | 2006-04-14 | 2006-09-13 | 中国软件与技术服务股份有限公司 | Method and system of file encipher share |
| CN101320414A (en) * | 2007-06-05 | 2008-12-10 | 精品科技股份有限公司 | Electronic document information security control system and method thereof |
| CN102111376A (en) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | Network safe |
| CN102333076A (en) * | 2011-07-21 | 2012-01-25 | 上海互联网软件有限公司 | File sharing system and method, and network information integration system and method |
-
2012
- 2012-09-19 CN CN201210350417.1A patent/CN102868748B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1832398A (en) * | 2006-04-14 | 2006-09-13 | 中国软件与技术服务股份有限公司 | Method and system of file encipher share |
| CN101320414A (en) * | 2007-06-05 | 2008-12-10 | 精品科技股份有限公司 | Electronic document information security control system and method thereof |
| CN102111376A (en) * | 2009-12-25 | 2011-06-29 | 上海格尔软件股份有限公司 | Network safe |
| CN102333076A (en) * | 2011-07-21 | 2012-01-25 | 上海互联网软件有限公司 | File sharing system and method, and network information integration system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102868748A (en) | 2013-01-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102761521B (en) | Cloud security storage and sharing service platform | |
| CN104871172B (en) | Equipment for connection allocates framework | |
| CN103763313B (en) | File protection method and system | |
| CA2946157C (en) | Method and apparatus for multi-tenancy secrets management | |
| CN109104281A (en) | Tokenized hardware security module | |
| CN102156844A (en) | Implementation method of electronic document on-line/off-line safety management system | |
| CN103220141B (en) | A kind of protecting sensitive data method and system based on group key strategy | |
| CN103326999A (en) | File safety management system based on cloud service | |
| CN102930216B (en) | Based on the encrypt file management method of wireless U-disc | |
| CN109525570A (en) | A kind of data hierarchy safety access control method of Cargo Oriented on Group client | |
| CN105516117A (en) | Cloud computing based power data security storage method | |
| CN112053274B (en) | Construction guide method and device for government block chain network | |
| CN103475474B (en) | Method for providing and acquiring shared enciphered data and identity authentication equipment | |
| CN112861157A (en) | Data sharing method based on decentralized identity and proxy re-encryption | |
| CN112532718A (en) | Block chain based offshore equipment data sharing system, method and medium | |
| CN102868748B (en) | A kind of file security shared system and file security shared server, client | |
| CN104468491A (en) | Virtual desktop system and method based on secure channel | |
| Shen et al. | Design of trusted aviation data exchange platform based on blockchain | |
| CN103152328B (en) | A kind of conferencing information control system based on wireless network and control method thereof | |
| WO2017165948A1 (en) | Data storage and access platform with jurisdictional control | |
| Sanghi et al. | Enhance the data security in cloud computing by text steganography | |
| CN201805447U (en) | Electronic information management platform system of Intranet | |
| CN202059438U (en) | Information protection system of enterprise computer terminal | |
| Andersen | Decentralized authorization with private delegation | |
| Palencia et al. | Kerberized Lustre 2.0 over the WAN |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C56 | Change in the name or address of the patentee | ||
| CP03 | Change of name, title or address |
Address after: 214081. -20-403, 58 embroidered Road, Binhu District, Binhu District, Jiangsu, Wuxi Patentee after: JIANGSU CINSEC INFORMATION TECHNOLOGY CO., LTD. Address before: Jinxi road Binhu District 214081 Jiangsu province Wuxi Henghua Science Park No. 100, No. 20 building, 4 floor Patentee before: Wuxi Cinsec Information Technology Co., Ltd. |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: File secure sharing system, file secure sharing server and client side Effective date of registration: 20170620 Granted publication date: 20160309 Pledgee: Agricultural Bank of China, Limited by Share Ltd, Wuxi branch Pledgor: JIANGSU CINSEC INFORMATION TECHNOLOGY CO., LTD. Registration number: 2017990000506 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210409 Granted publication date: 20160309 Pledgee: Agricultural Bank of China Limited by Share Ltd. Wuxi branch Pledgor: JIANGSU CINSEC INFORMATION TECHNOLOGY Co.,Ltd. Registration number: 2017990000506 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20160309 Termination date: 20200919 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |