CN106971120B - Method and device for realizing file protection and computing equipment - Google Patents
Method and device for realizing file protection and computing equipment Download PDFInfo
- Publication number
- CN106971120B CN106971120B CN201710184527.8A CN201710184527A CN106971120B CN 106971120 B CN106971120 B CN 106971120B CN 201710184527 A CN201710184527 A CN 201710184527A CN 106971120 B CN106971120 B CN 106971120B
- Authority
- CN
- China
- Prior art keywords
- file
- protected
- files
- backup
- modified
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/07—Responding to the occurrence of a fault, e.g. fault tolerance
- G06F11/14—Error detection or correction of the data by redundancy in operation
- G06F11/1402—Saving, restoring, recovering or retrying
- G06F11/1446—Point-in-time backing up or restoration of persistent data
- G06F11/1458—Management of the backup or restore process
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a method, a device and computing equipment for realizing file protection. The method comprises the following steps: determining a file needing to be protected; judging whether a file needing to be protected is modified, if so, backing up the file to obtain a backup file; the backup file is saved to a specific location. The technical scheme can effectively protect the file, solves the problem that the file is illegally modified, and enhances the user experience while maintaining the benefits of the user.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device and computing equipment for realizing file protection.
Background
With the popularization of computer technology in social life and work, a large number of files are stored in various terminal devices, such as mobile phones, pads, desktop computers and the like, and some of the important files are not lacked. However, some lawbreakers will use various methods to invade private terminal equipment to perform operations such as illegal modification of files, and require a certain reward from users to recover the modified files, so as to gain benefits illegally, and if users listen to them, they will cause a certain economic loss, and will also make sure that the behavior will occur again; if the user dismisses, the modified files, especially some important files, cannot be restored to the original state or are directly lost, so that certain influence and loss are brought to the life or work of the user, and the user experience is reduced. How to effectively protect the file and prevent the file from being illegally modified becomes a crucial problem.
Disclosure of Invention
In view of the above problems, the present invention is proposed to provide a corresponding apparatus, computing device, and method for implementing file protection that overcome or at least partially solve the above problems.
According to an aspect of the present invention, there is provided a method for implementing file protection, the method including:
determining a file needing to be protected;
judging whether a file needing to be protected is modified, if so, backing up the file to obtain a backup file;
the backup file is saved to a specific location.
Optionally, the determining of the file needing to be protected includes one or more of the following:
taking one or more specified types of files as default files needing to be protected;
receiving a user instruction, and determining a file to be protected according to the user instruction;
scanning files stored on a local machine, displaying type information of various files stored on the local machine to a user for selection, and determining the files corresponding to the types selected by the user as files needing to be protected;
and displaying the type information of various files which are vulnerable to attack to a user for selection, and determining the file corresponding to the type selected by the user as the file to be protected.
Optionally, the determining whether the file to be protected is modified, and if so, backing up the file includes:
if the content of the file needing protection is modified and the modified file is saved, the file is backed up.
Optionally, the saving the backup file to the specific location includes:
encrypting the backup file to obtain an encrypted file;
taking the combination of the file name, the original path and the original size of the backup file as an index of the backup file;
and correspondingly storing the index of the backup file and the encrypted file to a specific position.
Optionally, the MD5 value of the content of the file needing protection is used as the file name of the corresponding backup file.
Optionally, the method further comprises: selecting a disk with the largest disk residual space according to the size of the disk residual space of each local disk, and newly building a folder on the disk;
the saving the backup file to the specific location comprises: and saving the backup file into the newly-built folder.
Optionally, the method further comprises:
recording the file modification operation of the process for modifying the file to be protected;
when the file modification operation of the process meets one or more of the following conditions, alarming and prompting are carried out:
the number of files modified within a predetermined time exceeds a threshold;
the modification proportion of the content of one file exceeds a threshold value;
the number of modified files of the same type exceeds a threshold;
the amount of modified data for the same type of file exceeds a threshold.
Optionally, the performing the alarm prompt includes: performing popup prompt and providing three operation options of 'allow', 'prevent' and 'rollback';
when the user selects the 'allow' operation option, the process is not processed;
when the user selects the 'block' operation option, forcibly stopping the process;
and when the user selects the 'rollback' operation option, rolling back the modification operation of the process according to the recorded file modification operation and the backup file, and restoring the file to the state before being modified by the process.
Optionally, the method further comprises:
when the file needing to be protected is opened, judging whether the file needing to be protected is opened by a default tool of a system; if not, alarm prompt is carried out.
According to another aspect of the present invention, there is provided an apparatus for implementing file protection, the apparatus including:
the file determining unit is suitable for determining a file needing to be protected;
the file backup unit is suitable for judging whether the file needing to be protected is modified or not, and if so, backing up the file to obtain a backup file;
and the file saving unit is suitable for saving the backup file to a specific position.
Optionally, the file determining unit is adapted to determine the file that needs to be protected in one or more of the following ways:
taking one or more specified types of files as default files needing to be protected;
receiving a user instruction, and determining a file to be protected according to the user instruction;
scanning files stored on a local machine, displaying type information of various files stored on the local machine to a user for selection, and determining the files corresponding to the types selected by the user as files needing to be protected;
and displaying the type information of various files which are vulnerable to attack to a user for selection, and determining the file corresponding to the type selected by the user as the file to be protected.
Optionally, the file backup unit is adapted to backup a file that needs to be protected when the content of the file is modified and the modified file is saved.
Optionally, the file saving unit is adapted to encrypt the backup file to obtain an encrypted file; taking the combination of the file name, the original path and the original size of the backup file as an index of the backup file; and correspondingly saving the index of the backup file and the encrypted file to a specific position.
Optionally, the file saving unit is adapted to use the MD5 value of the content of the file to be protected as the file name of the corresponding backup file.
Optionally, the file saving unit is further adapted to select a disk with the largest disk remaining space according to the size of the disk remaining space of each local disk, and create a folder on the disk; and saving the backup file into the newly-built folder.
Optionally, the apparatus further comprises:
the alarm processing unit is suitable for recording the file modification operation of the process for modifying the file, and when the file modification operation of the process meets one or more of the following conditions, an alarm is given out:
the number of files modified within a predetermined time exceeds a threshold;
the modification proportion of the content of one file exceeds a threshold value;
the number of modified files of the same type exceeds a threshold;
the amount of modified data for the same type of file exceeds a threshold.
Optionally, the performing the alarm prompt includes: performing popup prompt and providing three operation options of 'allow', 'prevent' and 'rollback';
the alarm processing unit is further suitable for not performing any processing on the process when the user selects an 'allow' operation option; when the user selects the 'block' operation option, forcibly stopping the process; and when the user selects the 'rollback' operation option, rolling back the modification operation of the process according to the recorded file modification operation and the backup file, and restoring the file to the state before being modified by the process.
Optionally, the alarm processing unit is adapted to determine whether to open the file to be protected with a default tool of the system when the file to be protected is opened; if not, alarm prompt is carried out.
According to another aspect of the present invention, there is provided a computing device comprising the apparatus for implementing file protection as described above.
According to the technical scheme of the invention, the file is protected by backing up the file to be protected, specifically, when the file to be protected is modified, the file is backed up, the backed-up file is stored to a specific position, the file is immediately tampered, and the tampered file can be restored by the backed-up file. Therefore, the technical scheme can effectively protect the file, solves the problem that the file is illegally modified, and enhances the user experience while maintaining the benefits of the user.
The foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
Drawings
Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:
FIG. 1 is a flow diagram illustrating a method for implementing file protection according to an embodiment of the present invention;
FIG. 2 is a schematic structural diagram of an apparatus for implementing file protection according to an embodiment of the present invention;
FIG. 3 is a schematic structural diagram of an apparatus for implementing file protection according to another embodiment of the present invention;
FIG. 4 shows a schematic structural diagram of a computing device according to an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
Fig. 1 is a flowchart illustrating a method for implementing file protection according to an embodiment of the present invention. As shown in fig. 1, the method includes:
step S110, determining a file to be protected.
The file to be protected may be one or more types of files which are default or customized by a user, one or more files which are selected by the user, or some files which are easily modified illegally. In this embodiment, the file to be protected is not specifically limited, and both the default file and the file designated by the user may be files to be protected; or simply a file or folder selected by the user on their own.
Step S120, determining whether the file to be protected is modified, if so, backing up the file to obtain a backup file.
When files needing to be protected are determined, monitoring and judging whether the files needing to be protected are modified or not, and once the files are modified, backing up the modified files needing to be protected to obtain backup files in order to prevent illegal modification by non-users.
Step S130, saving the backup file to a specific location.
After the backup file is obtained, the backup file is stored to a designated position, so that a user can restore the modified file to be protected according to the stored backup file, and the file content loss caused by illegal modification of a non-user can be prevented. The specific location may be a default location of the system or may be a location specified by the user.
Therefore, the user can restore the modified file to be protected through the backup file, the file protection is effectively realized, the problem that the file is modified illegally is solved, and the user experience is enhanced while the benefit of the user is maintained.
In an embodiment of the present invention, the file determined in step S110 to need protection may be protected by one or more of the following methods:
(1) the specified one or more types of files are taken as default files that need to be protected. For example, a picture file and a text file are designated as files that need to be protected, and these files in the terminal device are set as files that need to be protected by default.
(2) And determining the file to be protected according to the instruction of the user. For example, a user-defined interface may be provided, and the file to be protected may be determined according to the user instruction received through the user-defined interface. In addition to the default files in (1), the user can also customize the files needing to be protected, so as to determine the files needing to be protected, such as videos, audios and the like, according to the customization of the user. The user may also specify one or more folders in which files are files that need to be protected, regardless of file type.
(3) The method comprises the steps of scanning files stored on a local machine, displaying type information of various files stored on the local machine to a user for selection, and determining the files corresponding to the types selected by the user as files needing to be protected. In order to facilitate user selection, the types of the files stored on the local computer are scanned in advance and displayed to the user, and after the user knows the types of the files on the local computer, the user selects the types of the files needing to be protected according to the requirements of the user, so that the user experience is improved. In another embodiment, all files stored locally may also be listed for the user to select a particular file to protect.
(4) And displaying the type information of various files which are vulnerable to attack to a user for selection, and determining the file corresponding to the type selected by the user as the file to be protected. For further convenience of user selection, the user may also be presented with only the types of files that are more vulnerable to attack for user selection. For example, files of document class are relatively easy to be tampered, so that type information (such as word, PDF, and the like) of such files is displayed to a user for the user to check.
In this embodiment, the file to be protected may be any one of the above files or any combination of the above files.
The invention realizes the protection of the file by adopting a mode of backing up the file and storing the file when the file is modified. In an embodiment of the present invention, the determination in step S120 is to determine whether the file to be protected is modified, and if so, the file may be backed up in the following manner: if the content of a file that needs to be protected is modified and the modification is saved, the file is backed up. When a non-user himself modifies a file to be protected, the content of the file to be protected is usually modified, so that the embodiment mainly monitors whether the file to be protected is modified and stores the modification, and if so, the file is backed up, namely, backed up during writing, so that the file is prevented from being lost due to illegal modification. That is, the operation of modifying a file here refers to an operation of completing modification of a file and saving the file. The determination of whether the file to be protected is modified may be mainly performed by opening the file to be protected in the editing mode, modifying the content, and then saving the modified content, or by opening the file to be protected in the editing mode, closing the modified content, and when the "whether the file needs to be saved" is prompted, a yes instruction is received. That is, when the file to be protected is modified and the saving instruction is triggered, the file is backed up.
It will be appreciated by those skilled in the art that if a file is opened only in edit mode, or opened and modified in edit mode, no backup will be made as long as the modifications are not saved. Further, the backup does not backup the modified file, but backups the original file before modification, so that the modified file can be restored in the subsequent process.
In order to prevent the backup file from being illegally modified, in one embodiment of the present invention, saving the backup file to a specific location in step S130 includes: encrypting the backup file to obtain an encrypted file; taking the combination of the file name, the original path and the original size of the backup file as an index of the backup file; and correspondingly saving the index of the backup file and the encrypted file to a specific position. The encryption processing of the backup file can be carried out by a pre-configured encryption algorithm, and the index of the backup file is acquired at the same time, so that a user can find the modified file according to the information in the index through the index and restore the original file to the original state by using the backup file.
Specifically, the above encryption Algorithm may be an MD5(Message-Digest Algorithm 5) encryption Algorithm, which performs MD5 calculation on the content of the original file, and then uses only the MD5 value of the content of the file to be protected as the file name of the corresponding backup file, so that the file name of the backup file is not suffixed. For example, after a word document is backed up, the file name of the backed-up file is only an MD5 value, and does not have a suffix of ". doc".
Specifically, the encryption Algorithm may be a sha (Secure Hash Algorithm) encryption Algorithm. For example, the sha-1 encryption algorithm performs sha-1 encryption calculation on the content of the original file, and then only takes the sha-1 value of the content of the file to be protected as the file name of the corresponding backup file, similar to the MD5 encryption, so that the file name of the backup file is not suffixed.
Or, the DES encryption algorithm or the RSA encryption algorithm is used, in this embodiment, the encryption algorithm is not specifically limited, and the present solution can provide various encryption algorithm tools, and the user can select the encryption algorithm tool according to his own needs.
In one embodiment of the present invention, the method shown in fig. 1 further comprises: and selecting a disk with the largest disk residual space according to the size of the disk residual space of each local disk, and newly building a folder on the disk.
Then saving the backup file to the specific location in step S130 includes: the backup file is saved in the newly-built folder, so that the storage space of the local computer can be reasonably utilized, and the file backup is carried out under the condition that the storage space of the local computer is fully used. It should be noted that, if the remaining space of the disk where the folder is located is not enough in the process of saving the backup file into the folder, the user may be prompted that the disk space is not enough. Of course, while prompting, the backup file can be saved on the reselected disk, or the modification of the file is directly rejected without saving the backup file, so that the file is ensured not to be modified illegally to the greatest extent.
The technical scheme of the invention is that when the file to be protected is modified, the file to be protected is backed up, so as to achieve the effect of file protection. In general, the operation of performing an illegal modification on a file to be protected generally executes a corresponding process through an illegal program, and performs a large-area deletion or modification on the file to be protected, and in order to further determine that the modification performed on the file to be protected is an illegal modification, in an embodiment of the present invention, the method shown in fig. 1 further includes:
the method comprises the steps of recording file modification operation of a file modification process, backing up a file when a program modifies the file, and recording which operation and which operation are performed on the file by the program. When the file modification operation of the process meets one or more of the following conditions, alarming and prompting are carried out:
(1) and when the number of the files modified by the process exceeds a first preset value and the ratio of the modified data volume to the total data volume of the files reaches a second preset value, giving an alarm prompt. Only if both of the above conditions are satisfied, it is determined that the modification of the file to be protected is an illegal modification. For example, the first preset value is 50%, the second preset value is 80%, and in a short time, the number of text documents in the local computer exceeds 50% of the total number of text documents stored in the local computer, and the word number of the modification of each text document exceeds 80% of the total word number of the text document, then the modification of the program is determined to be illegal, and an alarm prompt needs to be given to a user of the local computer so that corresponding measures can be taken to protect the files of the local computer. If the number of text documents in the local machine is only 10% of the total number of text documents stored in the local machine and the number of words of the modification made to each text document is only 20% of the total number of words of the text document, it is determined that the modification of the program is not an illegal modification.
(2) The number of files modified within a predetermined time exceeds a threshold. For example, the preset threshold is 50%, and within 1h, the alarm prompt is performed when the number of the text documents in the local computer exceeds 50% of the total number of the text documents stored in the local computer. The preset time may be self-defined and is not limited herein.
(3) The proportion of modifications to the content of a file exceeds a threshold. Here, the determination may be made by the number of words, for example, a preset threshold of 80%, and an alarm prompt may be made when the number of words modified for each text document has exceeded 80% of the total number of words for that text document.
(4) The number of files of the same type that are modified exceeds a threshold. For example, an alarm prompt may be made if the number of modifications to a file of the same type exceeds 50% of the total number of files of the same type.
(5) The amount of modified data for the same type of file exceeds a threshold. For example, an alarm prompt may be made if the modified data size (e.g., words) for a file of the same type exceeds 50% of the total data size (e.g., total words for all files of the same type) for that same file type.
It should be noted that, when determining whether the file modification operation of the process satisfies the condition, any one of the above conditions may be used, or any combination of the above conditions may be used. In another embodiment, it can also be determined that the modification made to the file that needs to be protected is an illegal modification by: when the file needing to be protected is modified, judging whether the file needing to be protected is modified by a default tool of the system, if not, judging that the modification is illegal modification.
Specifically, the above alarm prompting includes: and performing popup prompt to inform a user that the file is modified, and providing three operation options of 'allow', 'block' and 'rollback'. Each operation option corresponds to a different processing strategy:
A. when the user selects the "allow" operation option, no processing is performed on the process.
B. When the user selects the operation option of 'block', the process is forced to stop, and the process is prevented from doing any operation in the local machine.
C. When the user selects the 'rollback' operation option, according to the recorded file modification operation and the backup file, the modification operation of the rollback process restores the file to the state before the file is modified by the process. Because the backup file is already stored and the file modification operation of the process is already recorded when the file is modified, when the user selects the "rollback" operation, the modified file can be restored by rolling back the operation of the process using the backup file.
Typically, a native user opens a file using a default tool of the system, or a default tool specified by the user. In the case that a non-user himself/herself may use his/her own tool to open a file when performing an illegal modification of the file, in an embodiment of the present invention, the method shown in fig. 1 further includes: when a file needing to be protected is opened, judging whether the file needing to be protected is opened by a default tool of a system; if not, alarm prompt is carried out.
For example, a file in the folder "my documents" is opened, the default tool of the system is a microsoft office tool, but when the file in the folder is opened, the standby tool is not a microsoft office tool, an alarm prompt is given. Similarly, the alarm prompt here also adopts a popup prompt, and provides three operation options of "allow", "block" and "rollback", and the specific corresponding strategy is as described above.
Fig. 2 is a schematic structural diagram of an apparatus for implementing file protection according to an embodiment of the present invention. As shown in fig. 2, the apparatus 200 for implementing file protection includes:
a file determining unit 210 adapted to determine a file that needs to be protected.
The file to be protected may be one or more types of files which are default or customized by a user, one or more files which are selected by the user, or some files which are easily modified illegally. In this embodiment, the file to be protected is not specifically limited, and both the default file and the file designated by the user may be files to be protected; or simply a file or folder selected by the user on their own.
The file backup unit 220 is adapted to determine whether a file to be protected is modified, and if so, backup the file to obtain a backup file.
When files needing to be protected are determined, monitoring and judging whether the files needing to be protected are modified or not, and once the files are modified, backing up the modified files needing to be protected to obtain backup files in order to prevent illegal modification by non-users.
A file saving unit 230 adapted to save the backup file to a specific location.
After the backup file is obtained, the backup file is stored to a designated position, so that a user can restore the modified file to be protected according to the stored backup file, and the file content loss caused by illegal modification of a non-user can be prevented. The specific location may be a default location of the system or may be a location specified by the user.
Therefore, the user can restore the modified file to be protected through the backup file, the file protection is effectively realized, the problem that the file is modified illegally is solved, and the user experience is enhanced while the benefit of the user is maintained.
In an embodiment of the invention, the file determining unit 210 is adapted to determine the file that needs to be protected in one or more of the following ways:
(1) the specified one or more types of files are taken as default files that need to be protected. For example, a picture file and a text file are designated as files that need to be protected, and these files in the terminal device are set as files that need to be protected by default.
(2) And determining the file to be protected according to the instruction of the user. For example, a user-defined interface may be provided, and the file to be protected may be determined according to the user instruction received through the user-defined interface. In addition to the default files in (1), the user can also customize the files needing to be protected, so as to determine the files needing to be protected, such as videos, audios and the like, according to the customization of the user. The user may also specify one or more folders in which files are files that need to be protected, regardless of file type.
(3) The method comprises the steps of scanning files stored on a local machine, displaying type information of various files stored on the local machine to a user for selection, and determining the files corresponding to the types selected by the user as files needing to be protected. In order to facilitate user selection, the types of the files stored on the local computer are scanned in advance and displayed to the user, and after the user knows the types of the files on the local computer, the user selects the types of the files needing to be protected according to the requirements of the user, so that the user experience is improved. In another embodiment, all files stored locally may also be listed for the user to select a particular file to protect.
(4) And displaying the type information of various files which are vulnerable to attack to a user for selection, and determining the file corresponding to the type selected by the user as the file to be protected. For further convenience of user selection, the user may also be presented with only the types of files that are more vulnerable to attack for user selection. For example, files of document class are relatively easy to be tampered, so that type information (such as word, PDF, and the like) of such files is displayed to a user for the user to check.
In this embodiment, the file to be protected may be any one of the above files or any combination of the above files.
The invention realizes the protection of the file by adopting a mode of backing up the file and storing the file when the file is modified. In an embodiment of the invention, the file backup unit 220 is adapted to backup a file that needs to be protected if its content is modified and the modification is saved. When a non-user modifies a file to be protected, the content of the file to be protected is usually modified, so that the embodiment mainly monitors whether the file to be protected is modified and stored, and then backups the file, namely backups in writing, and prevents the file from being lost due to illegal modification.
That is, the operation of modifying a file here refers to an operation of completing modification of a file and saving the file. The determination of whether the file to be protected is modified may be mainly performed by opening the file to be protected in the editing mode, modifying the content, and then saving the modified content, or by opening the file to be protected in the editing mode, closing the modified content, and when the "whether the file needs to be saved" is prompted, a yes instruction is received. That is, when the file to be protected is modified and the saving instruction is triggered, the file is backed up.
It will be appreciated by those skilled in the art that if a file is opened only in edit mode, or opened and modified in edit mode, no backup will be made as long as the modifications are not saved. Further, the backup does not backup the modified file, but backups the original file before modification, so that the modified file can be restored in the subsequent process.
In order to prevent the backup file from being modified illegally, in an embodiment of the present invention, the file saving unit 230 is adapted to perform an encryption process on the backup file to obtain an encrypted file; taking the combination of the file name, the original path and the original size of the backup file as an index of the backup file; and correspondingly saving the index of the backup file and the encrypted file to a specific position. The encryption processing of the backup file can be carried out by a pre-configured encryption algorithm, and the index of the backup file is acquired at the same time, so that a user can find the modified file according to the information in the index through the index and restore the original file to the original state by using the backup file.
Specifically, the above-mentioned encryption Algorithm may be an MD5(Message-Digest Algorithm 5) encryption Algorithm, and if the data of the original file is subjected to MD5 calculation, the file saving unit 230 is adapted to use the MD5 value of the content of the file to be protected as the file name of the corresponding backup file, so that the file name of the backup file is not suffixed. For example, after a word document is backed up, the file name of the backed-up file is only an MD5 value, and does not have a suffix of ". doc".
Specifically, the encryption Algorithm may be a sha (Secure Hash Algorithm). For example, the sha-1 encryption algorithm performs sha-1 encryption calculation on the content of the original file, and then only takes the sha-1 value of the content of the file to be protected as the file name of the corresponding backup file, similar to the MD5 encryption, so that the file name of the backup file is not suffixed.
Or, the DES encryption algorithm or the RSA encryption algorithm is used, in this embodiment, the encryption algorithm is not specifically limited, and the present solution can provide various encryption algorithm tools, and the user can select the encryption algorithm tool according to his own needs.
In an embodiment of the present invention, the file saving unit 230 is further adapted to select a disk with the largest disk remaining space according to the size of the disk remaining space of each local disk, and create a folder on the disk; and saving the backup file in the newly-built folder, so that the storage space of the local computer can be reasonably utilized, and the file backup is carried out under the condition that the storage space of the local computer is fully used. It should be noted that, if the remaining space of the disk where the folder is located is not enough in the process of saving the backup file into the folder, the user may be prompted that the disk space is not enough. Of course, while prompting, the backup file can be saved on the reselected disk, or the modification of the file is directly rejected without saving the backup file, so that the file is ensured not to be modified illegally to the greatest extent.
Fig. 3 is a schematic structural diagram of an apparatus for implementing file protection according to another embodiment of the present invention. As shown in fig. 3, the apparatus 300 for implementing file protection includes: a file determination unit 310, a file backup unit 320, a file saving unit 330, and an alarm processing unit 340. The file determining unit 310, the file backup unit 320, and the file saving unit 330 have the same functions as the file determining unit 210, the file backup unit 220, and the file saving unit 230 shown in fig. 2, and the same parts are not described herein again.
The technical scheme of the invention is that when the file to be protected is modified, the file to be protected is backed up, so as to achieve the effect of file protection. Generally, the illegal modification of a file to be protected is performed by executing a corresponding process through an illegal program, and deleting or modifying the file to be protected in a large area. When the file modification operation of the process meets one or more of the following conditions, alarming and prompting are carried out:
(1) and when the number of the files modified by the process exceeds a first preset value and the ratio of the modified data volume to the total data volume of the files reaches a second preset value, giving an alarm prompt. Only if both of the above conditions are satisfied, it is determined that the modification of the file to be protected is an illegal modification. For example, the first preset value is 50%, the second preset value is 80%, and in a short time, the number of text documents in the local computer exceeds 50% of the total number of text documents stored in the local computer, and the word number of the modification of each text document exceeds 80% of the total word number of the text document, then the modification of the program is determined to be illegal, and an alarm prompt needs to be given to a user of the local computer so that corresponding measures can be taken to protect the files of the local computer. If the number of text documents in the local machine is only 10% of the total number of text documents stored in the local machine and the number of words of the modification made to each text document is only 20% of the total number of words of the text document, it is determined that the modification of the program is not an illegal modification.
(2) The number of files modified within a predetermined time exceeds a threshold. For example, the preset threshold is 50%, and within 1h, the alarm prompt is performed when the number of the text documents in the local computer exceeds 50% of the total number of the text documents stored in the local computer. The preset time may be self-defined and is not limited herein.
(3) The proportion of modifications to the content of a file exceeds a threshold. Here, the determination may be made by the number of words, for example, a preset threshold of 80%, and an alarm prompt may be made when the number of words modified for each text document has exceeded 80% of the total number of words for that text document.
(4) The number of files of the same type that are modified exceeds a threshold. For example, an alarm prompt may be made if the number of modifications to a file of the same type exceeds 50% of the total number of files of the same type.
(5) The amount of modified data for the same type of file exceeds a threshold. For example, an alarm prompt may be made if the modified data size (e.g., words) for a file of the same type exceeds 50% of the total data size (e.g., total words for all files of the same type) for that same file type.
It should be noted that, when determining whether the file modification operation of the process satisfies the condition, any one of the above conditions may be used, or any combination of the above conditions may be used. In another embodiment, it can also be determined that the modification made to the file that needs to be protected is an illegal modification by: when the file needing to be protected is modified, judging whether the file needing to be protected is modified by a default tool of the system, if not, judging that the modification is illegal modification.
Specifically, the above alarm prompting includes: and performing popup prompt to inform a user that a file is being modified, and providing three operation options of 'allow', 'block' and 'rollback', wherein each operation option corresponds to a different processing strategy.
An alarm processing unit 340 further adapted to not perform any processing on the process when the user selects the "allow" operation option; when the user selects the operation option of 'blocking', forcibly stopping the process and preventing the process from performing any operation in the local computer; when the user selects the 'rollback' operation option, according to the recorded file modification operation and the backup file, the modification operation of the rollback process restores the file to the state before the file is modified by the process. Because the backup file is already stored and the file modification operation of the process is already recorded when the file is modified, when the user selects the "rollback" operation, the modified file can be restored by rolling back the operation of the process using the backup file.
Typically, a native user opens a file using a default tool of the system, or a default tool specified by the user. Therefore, in an embodiment of the present invention, the alarm processing unit 340 is adapted to determine whether to open the file to be protected with a default tool of the system when the file to be protected is opened; if not, alarm prompt is carried out. For example, a file in a folder "my documents" is opened, the default tool of the system is a microsoft office word, but when the file in the folder is opened, the standby tool is not a microsoft office word, an alarm prompt is given. Similarly, the alarm prompt here also adopts a popup prompt, and provides three operation options of "allow", "block" and "rollback", and the specific corresponding strategy is as described above.
FIG. 4 shows a schematic structural diagram of a computing device according to an embodiment of the invention. As shown in FIG. 4, the computing device 400 includes an apparatus 410 for implementing file protection as shown in FIG. 2 or FIG. 3.
It should be noted that the apparatuses shown in fig. 2 and fig. 3 and the embodiments of the computing device shown in fig. 4 are the same as the embodiments of the method shown in fig. 1, and the above detailed description has been given, and is not repeated herein.
In summary, according to the technical solution of the present invention, the protection of the file is implemented by backing up the file to be protected, specifically, when the file to be protected is being modified, the file is backed up, and the backed-up file is stored in a specific location, so that the file is immediately tampered, and the tampered file can also be restored by the backed-up file. Therefore, the technical scheme can effectively protect the file, solves the problem that the file is illegally modified, and enhances the user experience while maintaining the benefits of the user.
It should be noted that:
the algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose devices may be used with the teachings herein. The required structure for constructing such a device will be apparent from the description above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in an apparatus and computing device implementing file protection in accordance with embodiments of the present invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
Claims (13)
1. A method of implementing file protection, comprising:
determining a file needing to be protected;
judging whether a file needing to be protected is modified, if so, backing up the file to obtain a backup file;
saving the backup file to a specific position;
the judging whether the file needing to be protected is modified, if so, the backing up the file comprises the following steps:
if the content of the file needing to be protected is modified and the modified result is stored, backing up the file;
wherein the saving the backup file to the specific location comprises:
encrypting the backup file to obtain an encrypted file;
taking the combination of the file name, the original path and the original size of the backup file as an index of the backup file;
correspondingly storing the index of the backup file and the encrypted file to a specific position;
the file which needs to be protected is determined to comprise one or more of the following:
taking one or more specified types of files as default files needing to be protected;
receiving a user instruction, and determining a file to be protected according to the user instruction;
scanning files stored on a local machine, displaying type information of various files stored on the local machine to a user for selection, and determining the files corresponding to the types selected by the user as files needing to be protected;
and displaying the type information of various files which are vulnerable to attack to a user for selection, and determining the file corresponding to the type selected by the user as the file to be protected.
2. The method of claim 1, wherein,
and taking the MD5 value of the content of the file needing protection as the file name of the corresponding backup file.
3. The method of claim 1, wherein,
the method further comprises the following steps: selecting a disk with the largest disk residual space according to the size of the disk residual space of each local disk, and newly building a folder on the disk;
the saving the backup file to the specific location comprises: and saving the backup file into the newly-built folder.
4. The method of any one of claims 1-3, wherein the method further comprises:
recording the file modification operation of the process for modifying the file to be protected;
when the file modification operation of the process meets one or more of the following conditions, alarming and prompting are carried out:
the number of files modified within a predetermined time exceeds a threshold;
the modification proportion of the content of one file exceeds a threshold value;
the number of modified files of the same type exceeds a threshold;
the amount of modified data for the same type of file exceeds a threshold.
5. The method of claim 4, wherein,
the alarm prompting comprises the following steps: performing popup prompt and providing three operation options of 'allow', 'prevent' and 'rollback';
when the user selects the 'allow' operation option, the process is not processed;
when the user selects the 'block' operation option, forcibly stopping the process;
and when the user selects the 'rollback' operation option, rolling back the modification operation of the process according to the recorded file modification operation and the backup file, and restoring the file to the state before being modified by the process.
6. The method of any one of claims 1-3, wherein the method further comprises:
when the file needing to be protected is opened, judging whether the file needing to be protected is opened by a default tool of a system; if not, alarm prompt is carried out.
7. An apparatus for implementing file protection, wherein the apparatus comprises:
the file determining unit is suitable for determining a file needing to be protected;
the file backup unit is suitable for judging whether the file needing to be protected is modified or not, and if so, backing up the file to obtain a backup file;
a file saving unit adapted to save the backup file to a specific location;
the file backup unit is suitable for backing up the file when the content of the file needing to be protected is modified and the modified file is saved;
the file storage unit is suitable for encrypting the backup file to obtain an encrypted file; taking the combination of the file name, the original path and the original size of the backup file as an index of the backup file; correspondingly storing the index of the backup file and the encrypted file to a specific position;
the file determination unit is adapted to determine the file that needs to be protected in one or more of the following ways:
taking one or more specified types of files as default files needing to be protected;
receiving a user instruction, and determining a file to be protected according to the user instruction;
scanning files stored on a local machine, displaying type information of various files stored on the local machine to a user for selection, and determining the files corresponding to the types selected by the user as files needing to be protected;
and displaying the type information of various files which are vulnerable to attack to a user for selection, and determining the file corresponding to the type selected by the user as the file to be protected.
8. The apparatus of claim 7, wherein,
the file saving unit is suitable for using the MD5 value of the content of the file needing to be protected as the file name of the corresponding backup file.
9. The apparatus of claim 7, wherein,
the file saving unit is further suitable for selecting a disk with the largest disk residual space according to the size of the disk residual space of each local disk, and newly building a folder on the disk; and saving the backup file into the newly-built folder.
10. The apparatus of any one of claims 7-9, wherein the apparatus further comprises:
the alarm processing unit is suitable for recording the file modification operation of the process for modifying the file, and when the file modification operation of the process meets one or more of the following conditions, an alarm is given out:
the number of files modified within a predetermined time exceeds a threshold;
the modification proportion of the content of one file exceeds a threshold value;
the number of modified files of the same type exceeds a threshold;
the amount of modified data for the same type of file exceeds a threshold.
11. The apparatus of claim 10, wherein,
the alarm prompting comprises the following steps: performing popup prompt and providing three operation options of 'allow', 'prevent' and 'rollback';
the alarm processing unit is further suitable for not performing any processing on the process when the user selects an 'allow' operation option; when the user selects the 'block' operation option, forcibly stopping the process; and when the user selects the 'rollback' operation option, rolling back the modification operation of the process according to the recorded file modification operation and the backup file, and restoring the file to the state before being modified by the process.
12. The apparatus of claim 10, wherein,
the alarm processing unit is suitable for judging whether the file needing to be protected is opened by a default tool of a system when the file needing to be protected is opened; if not, alarm prompt is carried out.
13. A computing device, wherein the computing device comprises an apparatus to implement file protection as recited in any of claims 7-12.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710184527.8A CN106971120B (en) | 2017-03-24 | 2017-03-24 | Method and device for realizing file protection and computing equipment |
| PCT/CN2017/119503 WO2018171283A1 (en) | 2017-03-24 | 2017-12-28 | Method and apparatus for realizing file protection, and computing device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710184527.8A CN106971120B (en) | 2017-03-24 | 2017-03-24 | Method and device for realizing file protection and computing equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN106971120A CN106971120A (en) | 2017-07-21 |
| CN106971120B true CN106971120B (en) | 2020-11-03 |
Family
ID=59330094
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710184527.8A Active CN106971120B (en) | 2017-03-24 | 2017-03-24 | Method and device for realizing file protection and computing equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN106971120B (en) |
Families Citing this family (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2018171283A1 (en) * | 2017-03-24 | 2018-09-27 | 北京奇虎科技有限公司 | Method and apparatus for realizing file protection, and computing device |
| CN108459927B (en) * | 2018-02-28 | 2021-11-26 | 北京奇艺世纪科技有限公司 | Data backup method and device and server |
| CN108573022B (en) * | 2018-02-28 | 2019-03-26 | 广东聚联电子商务股份有限公司 | Computer log based on image procossing records system and method |
| CN108805817A (en) * | 2018-02-28 | 2018-11-13 | 山峰 | Computer log based on image procossing records system |
| CN110674530B (en) * | 2019-09-29 | 2021-06-18 | 绿盟科技集团股份有限公司 | File access control method, equipment and device based on user mode |
| CN110941852A (en) * | 2019-11-15 | 2020-03-31 | 珠海豹趣科技有限公司 | File encryption and decryption method and device and electronic equipment |
| CN111639338A (en) * | 2020-05-11 | 2020-09-08 | 珠海豹趣科技有限公司 | Document backup method and related equipment |
| CN115586990B (en) * | 2022-10-09 | 2023-08-04 | 上海一个橙信息技术有限公司 | Intelligent data multiple backup system |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105528263A (en) * | 2015-12-10 | 2016-04-27 | 北京金山安全管理系统技术有限公司 | Method and device for repairing document |
| CN105760759A (en) * | 2015-12-08 | 2016-07-13 | 哈尔滨安天科技股份有限公司 | Method and system for protecting documents based on process monitoring |
| CN106446718A (en) * | 2016-09-13 | 2017-02-22 | 郑州云海信息技术有限公司 | File protection method and system based on event-driven mechanism |
-
2017
- 2017-03-24 CN CN201710184527.8A patent/CN106971120B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105760759A (en) * | 2015-12-08 | 2016-07-13 | 哈尔滨安天科技股份有限公司 | Method and system for protecting documents based on process monitoring |
| CN105528263A (en) * | 2015-12-10 | 2016-04-27 | 北京金山安全管理系统技术有限公司 | Method and device for repairing document |
| CN106446718A (en) * | 2016-09-13 | 2017-02-22 | 郑州云海信息技术有限公司 | File protection method and system based on event-driven mechanism |
Also Published As
| Publication number | Publication date |
|---|---|
| CN106971120A (en) | 2017-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106971120B (en) | Method and device for realizing file protection and computing equipment | |
| US9852289B1 (en) | Systems and methods for protecting files from malicious encryption attempts | |
| EP3502943B1 (en) | Method and system for generating cognitive security intelligence for detecting and preventing malwares | |
| EP3568791B1 (en) | Early runtime detection and prevention of ransomware | |
| US9317686B1 (en) | File backup to combat ransomware | |
| KR102270096B1 (en) | Data protection based on user and gesture recognition | |
| US9697375B2 (en) | Fast data protection using dual file systems | |
| WO2016101384A1 (en) | Dual-system switch based data security processing method and apparatus | |
| US20150172304A1 (en) | Secure backup with anti-malware scan | |
| CN105519038B (en) | User input data protection method and system | |
| US9805218B2 (en) | Technique for data loss prevention through clipboard operations | |
| US10740461B2 (en) | Identification of entity performing operation on local file(s) and notification to reduce misuse risk | |
| CN107563192B (en) | Lesso software protection method and device, electronic equipment and storage medium | |
| WO2016019893A1 (en) | Application installation method and apparatus | |
| WO2017107896A1 (en) | Document protection method and device | |
| CN107944292B (en) | Privacy data protection method and system | |
| JP6196740B2 (en) | System and method for informing users about applications available for download | |
| CN106980797A (en) | A kind of method, device and computing device for realizing file protection | |
| US20160078227A1 (en) | Data processing system security device and security method | |
| CN107704337B (en) | Factory setting restoring method, mobile terminal and device with storage function | |
| US9785775B1 (en) | Malware management | |
| CN109145602B (en) | Lesso software attack protection method and device | |
| WO2015176673A1 (en) | Method and device for storing status bar notification, and management handover method and device | |
| US10909245B1 (en) | Secure quarantine of potentially malicious content | |
| JP2019095882A (en) | Program and information processing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |