CN112329036A - File security processing method, device, equipment and storage medium - Google Patents
File security processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112329036A CN112329036A CN202011213045.9A CN202011213045A CN112329036A CN 112329036 A CN112329036 A CN 112329036A CN 202011213045 A CN202011213045 A CN 202011213045A CN 112329036 A CN112329036 A CN 112329036A
- Authority
- CN
- China
- Prior art keywords
- file
- processed
- decryption
- internal
- encryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/22—Matching criteria, e.g. proximity measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F18/00—Pattern recognition
- G06F18/20—Analysing
- G06F18/24—Classification techniques
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0481—Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/01—Input arrangements or combined input and output arrangements for interaction between user and computer
- G06F3/048—Interaction techniques based on graphical user interfaces [GUI]
- G06F3/0484—Interaction techniques based on graphical user interfaces [GUI] for the control of specific functions or operations, e.g. selecting or manipulating an object, an image or a displayed text element, setting a parameter value or selecting a range
- G06F3/0485—Scrolling or panning
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Data Mining & Analysis (AREA)
- Bioinformatics & Computational Biology (AREA)
- Human Computer Interaction (AREA)
- Evolutionary Computation (AREA)
- Computer Vision & Pattern Recognition (AREA)
- Bioinformatics & Cheminformatics (AREA)
- Artificial Intelligence (AREA)
- Life Sciences & Earth Sciences (AREA)
- Evolutionary Biology (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to the technical field of Internet, and discloses a file security processing method, a device, equipment and a storage medium, wherein the method comprises the following steps: when a service request sent by a user through a service system is detected, calling a corresponding internal file to be processed according to a service request instruction; extracting a plurality of file key features from the internal file to be processed, and determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features; and determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed, and performing security processing on the internal file to be processed according to the encryption and decryption strategy. Because the file is not required to be encrypted by manually setting a password, the encryption and decryption strategies are determined only according to the file type, and then the file is automatically and safely processed according to the encryption and decryption types, the security of the file is improved, and the security processing efficiency of the file is improved.
Description
Technical Field
The present invention relates to the field of internet technologies, and in particular, to a method, an apparatus, a device, and a storage medium for secure processing of a file.
Background
The information data of the enterprise is intangible assets, and the leakage can cause benefit loss. Enterprises generally conduct some information security control, such as optical disk drives, floppy drives and USB (universal serial bus) external transmission interface plugging, but information leakage is still not stopped. In the development process of enterprise information security work, the most common disposal method is to set a password for sensitive files, and when accessing the files, access needs to be performed through the password. But the biggest disadvantage is that the encryption needs to be actively and consciously performed depending on the activity of the personnel. This results in a lower security of the document and also reduces the efficiency of the secure processing of the document.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a file security processing method, a file security processing device, file security processing equipment and a storage medium, and aims to solve the technical problem of how to improve the security of a file and further improve the efficiency of file security processing.
In order to achieve the above object, the present invention provides a file security processing method, including:
when a service request sent by a user through a service system is detected, calling a corresponding internal file to be processed according to the service request;
extracting a plurality of file key features from the internal file to be processed, and determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features;
and determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed, and carrying out security processing on the internal file to be processed according to the encryption and decryption strategy.
Optionally, before the step of invoking the corresponding to-be-processed internal file according to the service request when the service request sent by the user through the service system is detected, the method further includes:
monitoring an interactive interface in a service system, and judging whether cursor sliding operation exists in the interactive interface according to a monitoring result;
if the cursor sliding operation exists, generating a cursor sliding track according to the cursor sliding operation;
determining a starting point coordinate and an end point coordinate according to the cursor sliding track, and judging whether the starting point coordinate and the end point coordinate are consistent;
and when the starting point coordinate and the end point coordinate are not consistent, determining a cursor trigger area according to the cursor sliding track and the end point coordinate, and detecting a detection service request triggered based on the cursor trigger area.
Optionally, after the step of monitoring an interactive interface in the service system and determining whether a cursor sliding operation exists in the interactive interface according to a monitoring result, the method further includes:
if the cursor sliding operation does not exist, acquiring a file storage path corresponding to the internal file to be processed;
and generating a service request according to the file storage path.
Optionally, the step of determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features includes;
respectively determining characteristic index values corresponding to the key characteristics of the files to obtain all the characteristic index values;
selecting a target key feature corresponding to the maximum feature index value from all the feature index values;
and determining the file feature type corresponding to the internal file to be processed according to the target key feature.
Optionally, the step of determining a file feature type corresponding to the internal file to be processed according to the target key feature includes:
inputting the target key features into a feature classification model to obtain feature type matching degrees and sample feature types corresponding to the feature type matching degrees;
judging whether the matching degree of the feature types is greater than a preset matching threshold value or not;
and when the feature type matching degree is greater than the preset matching threshold, taking the sample feature type as a file feature type corresponding to the internal file to be processed.
Optionally, the step of performing security processing on the internal file to be processed according to the encryption and decryption policy includes:
acquiring the current encryption and decryption state of the internal file to be processed;
when the current encryption and decryption state is an encryption state, detecting whether the current operation of a user triggers a file decryption instruction;
when the current operation of the user triggers the file decryption instruction, detecting abnormal behaviors of the current operation of the user;
judging whether the internal file to be processed is sent to an external system or not according to an abnormal behavior detection result;
and if the internal file to be processed is sent to an external system, marking the internal file to be processed according to the file decryption instruction and the encryption and decryption strategy to obtain an external marked file, and sending the external marked file to the external system.
Optionally, the step of performing a mark processing on the internal file to be processed according to the file decryption instruction and the encryption and decryption policy to obtain an external mark file includes:
acquiring identity information of the user;
performing instruction response verification on the file decryption instruction according to the identity information, and acquiring a verification result;
when the auditing result meets the preset verifying condition, acquiring the auditing time corresponding to the internal file to be processed;
and generating an operation and maintenance log according to the auditing time, the identity information and the internal file to be processed, and marking the internal file to be processed according to the file decryption instruction and the encryption and decryption strategy to obtain an external marked file.
In order to achieve the above object, the present invention also provides a document security processing apparatus, including:
the receiving module is used for calling a corresponding internal file to be processed according to a service request when the service request sent by a user through a service system is detected;
the determining module is used for extracting a plurality of file key features from the internal file to be processed and determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features;
and the processing module is used for determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed and carrying out security processing on the internal file to be processed according to the encryption and decryption strategy.
In addition, in order to achieve the above object, the present invention also provides a document security processing apparatus, including: a memory, a processor and a computer program stored on the memory and executable on the processor, the computer program being configured to implement the steps of the file security processing method as described above.
Furthermore, to achieve the above object, the present invention further proposes a computer storage medium having a computer program stored thereon, which, when executed by a processor, implements the steps of the file security processing method as described above.
The method comprises the steps of firstly calling a corresponding internal file to be processed according to a service request instruction when detecting a service request sent by a user through a service system, then extracting a plurality of file key features from the internal file to be processed, determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features, then determining an encryption and decryption strategy according to the file feature type corresponding to the internal file to be processed, and carrying out security processing on the internal file to be processed according to the encryption and decryption strategy. Because the file is not required to be encrypted by manually setting a password, the invention only needs to determine an encryption and decryption strategy according to the file type and then automatically carries out security processing on the file according to the encryption and decryption type, thereby improving the security of the file and improving the security processing efficiency of the file.
Drawings
FIG. 1 is a schematic structural diagram of a file security processing device of a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart illustrating a first embodiment of a method for securely processing a document according to the present invention;
FIG. 3 is a flowchart illustrating a second embodiment of a method for securely processing a document according to the present invention;
FIG. 4 is a block diagram of a first embodiment of a document security processing apparatus according to the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a file security processing device in a hardware operating environment according to an embodiment of the present invention.
As shown in fig. 1, the document security processing apparatus may include: a processor 1001, such as a Central Processing Unit (CPU), a communication bus 1002, a user interface 1003, a network interface 1004, and a memory 1005. Wherein a communication bus 1002 is used to enable connective communication between these components. The user interface 1003 may include a Display screen (Display), an input unit such as a Keyboard (Keyboard), and the optional user interface 1003 may also include a standard wired interface, a wireless interface. The network interface 1004 may optionally include a standard wired interface, a WIreless interface (e.g., a WIreless-FIdelity (WI-FI) interface). The Memory 1005 may be a Random Access Memory (RAM) Memory, or may be a Non-Volatile Memory (NVM), such as a disk Memory. The memory 1005 may alternatively be a storage device separate from the processor 1001.
Those skilled in the art will appreciate that the configuration shown in FIG. 1 does not constitute a limitation of the document security processing apparatus and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
As shown in fig. 1, a memory 1005, which is a kind of storage medium, may include therein an operating system, a data storage module, a network communication module, a user interface module, and a computer program.
In the document security processing apparatus shown in fig. 1, the network interface 1004 is mainly used for data communication with a network server; the user interface 1003 is mainly used for data interaction with a user; the processor 1001 and the memory 1005 of the file security processing device of the present invention may be provided in the file security processing device, and the file security processing device calls the computer program stored in the memory 1005 through the processor 1001 and executes the file security processing method provided by the embodiment of the present invention.
An embodiment of the present invention provides a file security processing method, and referring to fig. 2, fig. 2 is a schematic flow diagram of a first embodiment of the file security processing method according to the present invention.
In this embodiment, the file security processing method includes the following steps:
step S10: when a service request sent by a user through a service system is detected, a corresponding internal file to be processed is called according to the service request.
It is easy to understand that the execution subject of this embodiment may be a file security processing device having functions of data processing, network communication, program operation, and the like, or may be other computer devices having similar functions, and this embodiment is not limited thereto. In this embodiment, the file security processing device may be an operation and maintenance terminal capable of receiving a service request, and detecting and processing the service request.
It is understood that the internal file to be processed may be one or more files selected by the user from the service system, and the like. Wherein, a plurality of internal files and the like can be stored in the service system.
In a specific implementation, the operation and maintenance end may perform request analysis according to the received service request to obtain a corresponding file identifier, and then the operation and maintenance end may search for a corresponding internal file according to the file identifier and use the internal file as a to-be-processed internal file corresponding to the service request, where the file identifier may be a file name or a file storage size, and the like.
Further, in order to determine a service request more accurately, before the service request is detected, an interactive interface in a service system needs to be monitored, whether cursor sliding operation exists in the interactive interface is judged according to a monitoring result, when the cursor sliding operation exists in the interactive interface, a cursor sliding track is generated according to the cursor sliding operation, a starting point coordinate and an end point coordinate are determined according to the cursor sliding track, whether the starting point coordinate and the end point coordinate are consistent is judged, when the starting point coordinate and the end point coordinate are not consistent, a cursor triggering area is determined according to the cursor sliding track and the end point coordinate, and a service detection request triggered based on the cursor triggering area is detected.
It should be understood that the operation and maintenance terminal may also monitor, in real time, an operation process in which a user clicks an internal file on the service system through a mouse, and the like.
When the user uses the mouse, the operation and maintenance end can receive the cursor track operation generated by the mouse, the operation and maintenance end can also obtain the corresponding cursor position when the mouse slides in real time, generating a cursor sliding track according to the moved cursor position, determining a starting point coordinate corresponding to the cursor sliding track and an end point coordinate corresponding to the cursor sliding track according to the cursor sliding track, judging whether the starting point coordinate and the end point coordinate are consistent, when the starting point coordinate and the end point coordinate are not consistent, the cursor trigger area is determined according to the cursor sliding track and the end point coordinate, then whether the cursor trigger area corresponding to the end point coordinate can normally click the mouse or not is judged, when the mouse can be normally clicked and corresponding operation occurs, and detecting a service detection request triggered based on the cursor triggering area, and calling a corresponding internal file to be processed in the service system according to the service request when detecting the service request sent by a user through the service system.
Considering that in practical application, there may be a situation that a start point coordinate and an end point coordinate of a cursor are consistent, when an operation and maintenance end detects that the start point coordinate and the end point coordinate are consistent, it is necessary to determine a cursor trigger area according to a cursor sliding track and the end point coordinate, and it is also necessary to determine whether a mouse can be normally clicked in the current cursor trigger area, and a corresponding operation occurs.
Further, when the operation and maintenance end does not monitor the cursor sliding operation in the interactive interface corresponding to the service system, the operation and maintenance end may also determine the service request according to the storage path of the file pre-stored in the service system, that is, the operation and maintenance end may generate the corresponding service request according to the file storage path by obtaining the file storage path corresponding to the internal file to be processed.
It can be understood that the file storage path may be D: \ wenjian file \9 month \ new application, or C: \ Program Files (x86), and after receiving the service request, the operation and maintenance end may obtain the corresponding internal file to be processed according to the instruction file storage path D: \ wenjian file \9 month \ new application, or obtain the corresponding internal file to be processed according to the instruction file storage path C: \ Program Files (x86), and the embodiment is not limited.
It should be noted that there may be multiple internal files in the service system, and the operation and maintenance end selects a single or multiple internal files to be processed and the like required by the user from the multiple internal files according to the service request.
When the operation and maintenance end monitors cursor sliding operation in the interactive interface corresponding to the service system, the operation and maintenance end can directly acquire the corresponding internal file to be processed according to the cursor triggering operation, when the operation and maintenance end does not monitor cursor sliding operation in the interactive interface corresponding to the service system, a user can directly input a storage path command corresponding to the internal file to be processed in the interactive interface corresponding to the service system, and the operation and maintenance end directly acquires the corresponding internal file to be processed according to the storage path command corresponding to the internal file to be processed.
Step S20: extracting a plurality of file key features from the internal file to be processed, and determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features.
It can be understood that, the step of extracting a plurality of file key features from the internal file to be processed may be that the operation and maintenance end may select a keyword with a large number of times, that is, a keyword exceeding a preset occurrence threshold value, from the internal file to be processed, and then the operation and maintenance end may determine corresponding key features according to the keywords, where the file key features are key features corresponding to the internal file to be processed, may be gourmet character features, may also be entertainment data features, and the like.
The file feature type is a feature type corresponding to the file to be processed, and may be a food type, an entertainment text type, or the like, which is not limited in this embodiment.
Assuming that the occurrence times of the keywords 'gourmet food', 'cooking', 'deliciousness' and the like in the internal file to be processed are all 8 times, and the preset occurrence threshold value is 7 times, the occurrence times of the 'gourmet food', 'cooking' and the 'deliciousness' are all 8 times greater than the preset occurrence threshold value for 7 times, and judging that the type of the internal file to be processed is the gourmet character characteristic; assuming that the occurrence frequencies of the keywords "entertainment", "star" and "red blanket" in the internal file to be processed are all 6 times, and the preset occurrence threshold is 5 times, the occurrence frequencies of the keywords "entertainment", "star" and "red blanket" are all 6 times greater than the preset occurrence threshold 5 times, and it is determined that the type of the internal file to be processed is the feature of the entertainment text, etc., which is not limited in this example.
It should be noted that, the operation and maintenance end needs to check the called internal file to be processed before the step of extracting the key features of the plurality of files from the internal file to be processed, wherein the specific implementation manner of the check may be to obtain the key features corresponding to the plurality of internal files in the service system, wherein the key features are single or multiple keywords corresponding to each internal file, and the like, and then the key features of the internal file to be processed are input into the trained convolutional neural network, if the key features of the file to be processed are multiple keywords, the multiple keywords may be fused to obtain target keywords, i.e., target key features, and then the target key features and the key features corresponding to the internal files are compared one by one, and the multiple internal files to be processed may be selected according to the comparison result, or may be a single internal file to be processed, if a plurality of internal files to be processed are selected, the user may select a required internal file to be processed from the plurality of internal files to be processed, and use the selected internal file to be processed as the internal file to be processed corresponding to the service request, and the like.
Further, the step of determining the file feature type corresponding to the internal file to be processed according to the plurality of file key features may be to extract a plurality of file key features from the internal file to be processed, determine a plurality of feature index values corresponding to the plurality of key features respectively, sort the plurality of feature index values to obtain a feature sorting result, and determine the file feature type corresponding to the internal file to be processed according to the feature sorting result, wherein the step of extracting the plurality of file key features from the internal file to be processed may be to input the internal file to be processed into a preset feature extraction model to obtain a single or a plurality of file key features, and the preset feature extraction model is to input a large number of sample files and sample key features into a convolutional neural network in advance for training, so as to obtain a trained preset feature advance model.
It can be understood that each key feature has a corresponding feature index value, and the feature index value may be a proportion value content corresponding to the key feature in the internal file to be processed, and may be 50% or 70%. The characteristic index values corresponding to each key characteristic in the internal file to be processed may be different or the same.
In practical application, the operation and maintenance terminal can sort according to the characteristic index values of the key characteristics from large to small, and selects the maximum characteristic index value from the sorting result, so as to determine the corresponding file characteristic type according to the maximum characteristic index value. The larger the characteristic index value is, the larger the corresponding characteristic proportion in the internal file to be processed is, and conversely, the smaller the characteristic index value is, the smaller the characteristic proportion in the internal file to be processed is.
Further, in order to verify the file feature type, the operation and maintenance terminal may input the key feature with the largest feature index value into the feature classification model to obtain the feature type matching degree and the sample feature type corresponding to the feature type matching degree, determine whether the feature type matching degree is greater than a preset matching threshold, and when the feature type matching degree is greater than the preset matching threshold, use the sample feature type as the file feature type corresponding to the internal file to be processed. The feature type matching degree may be 80%, 90%, or the like. The sample characteristic type can be a food type, an entertainment type and the like. The preset matching threshold may be set by a user in a self-defined manner, and may be 70%, or 80%, and the present embodiment is not limited.
It can be understood that the feature classification model is obtained by training a plurality of key features and a plurality of standard feature types, and in practical application, the corresponding feature matching degree and the result of the type to be determined can be obtained by inputting the key feature types into the feature classification model. The feature classification model can also output a result of the type to be determined corresponding to the feature matching degree.
If the feature matching degree is 89% and the preset matching threshold is 90%, the feature matching degree is smaller than the preset matching threshold, and a plurality of corresponding key features in the internal file to be processed need to be extracted again. And assuming that the matching degree of the feature types corresponding to the internal files to be processed is 80%, the sample feature types corresponding to 80% of the matching degree of the feature types are gourmet types, the preset matching threshold is 70%, and the matching degree of the feature types is greater than 70% of the preset matching threshold, and taking the sample feature type-gourmet type as the file feature type corresponding to the internal files to be processed. The present embodiment is not limited.
Step S30: and determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed, and carrying out security processing on the internal file to be processed according to the encryption and decryption strategy.
It should be noted that the encryption and decryption policy may be set by the user, and may be set as a simple encryption policy, a simple decryption policy, or a marked encryption policy, a marked decryption policy, and the like, where the simple encryption policy is explicit security control over the file, such as adding a watermark or a mark, and the marked encryption policy is implicit security control, and the present embodiment is not limited, such as marking the identity information in the file data packet and viewing a time mark.
Further, the method for determining the encryption and decryption strategies according to the file feature types corresponding to the internal files to be processed can be understood as that one-to-one mapping relation or one-to-many mapping relation exists between the file feature types and the encryption and decryption strategies in the mapping relation table, and then the corresponding encryption and decryption strategies can be searched according to the file feature types. The mapping relation table is constructed according to a plurality of file feature types and a plurality of encryption and decryption strategies.
In this embodiment, assuming that the file feature type is a gourmet feature, the corresponding encryption and decryption policy may be a simple encryption policy or a simple decryption policy. Assuming that the file feature type is an entertainment feature, the corresponding encryption and decryption policy may be a tagged encryption policy or a tagged decryption policy, and the embodiment is not limited.
The encryption and decryption policies need to be determined not only according to the file feature types of the internal files to be processed, but also according to the current states of the internal files to be processed, a corresponding encryption policy or decryption policy needs to be further determined, and the embodiment is not limited.
It can be understood that, if the current usage state of the internal file to be processed is an unencrypted state, the internal file to be processed is encrypted according to the encryption and decryption policy, that is, when the current usage state of the internal file to be processed is unencrypted and a user needs to check the file, the corresponding encryption and decryption policy is searched according to the type corresponding to the file, so that the encryption and decryption program automatically encrypts the file according to the encryption and decryption policy (background silent encryption, user-friendliness), and normal operation and use of the application program are not hindered. When it is monitored that a user opens an encrypted file, the encryption and decryption program automatically decrypts the file (background silent decryption, which is not felt by the user), and does not hinder the normal operation and use of the application program, and meanwhile, a policy may be set to scan the file in the client regularly, and automatically perform an encryption action on the unencrypted file, and the normal operation of the application program is not affected, and the like.
In this embodiment, assuming that the current state of the internal file to be processed is an unencrypted state, selecting a corresponding encryption/decryption policy-simple encryption policy according to the file feature type-food type, and encrypting the internal file to be processed according to the simple encryption policy; assuming that the current state of the internal file to be processed is an encryption state and the file feature type of the internal file to be processed is a gourmet type, selecting a corresponding encryption and decryption strategy and a simple decryption strategy according to the file feature type and the gourmet type, and decrypting the internal file to be processed according to the simple decryption strategy; assuming that the current state of the internal file to be processed is an unencrypted state and the file feature type of the internal file to be processed is an entertainment type, selecting a corresponding encryption/decryption policy, namely, a marked encryption policy, according to the file feature type, the entertainment type, and performing encryption processing on the internal file to be processed according to the marked encryption policy, etc., which is not limited in this embodiment.
According to the embodiment, when a service request sent by a user through a service system is detected, a corresponding internal file to be processed is called according to a service request instruction, a plurality of file key features are extracted from the internal file to be processed, a file feature type corresponding to the internal file to be processed is determined according to the file key features, an encryption and decryption strategy is determined according to the file feature type corresponding to the internal file to be processed, and the internal file to be processed is safely processed according to the encryption and decryption strategy. Because the file is not required to be encrypted by manually setting a password, the embodiment only needs to determine the encryption and decryption strategy according to the file type, and then automatically carries out security processing on the file according to the encryption and decryption type, so that the security of the file is improved, and the security processing efficiency of the file is improved.
Referring to fig. 3, fig. 3 is a flowchart illustrating a document security processing method according to a second embodiment of the present invention.
Based on the first embodiment, in this embodiment, the step S30 further includes:
step S301: and determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed, and acquiring the current encryption and decryption state of the internal file to be processed.
It can be understood that the file feature types corresponding to the internal files to be processed are different, and the encryption and decryption policies corresponding to the internal files are different.
According to the file feature type corresponding to the internal file to be processed, the corresponding encryption and decryption policy may be searched from the encryption and decryption mapping relationship table, where the file feature type and the encryption and decryption policy in the encryption and decryption mapping relationship table may have a one-to-one relationship, a many-to-one relationship, and the like, and this embodiment is not limited.
In this embodiment, when the file feature type is assumed to be the gourmet type, the encryption and decryption policy corresponding to the gourmet type in the encryption and decryption mapping table may be a simple encryption and decryption policy, or an encryption and decryption policy with a flag, and the like, and this embodiment is not limited.
Step S302: and when the current encryption and decryption state is the encryption state, detecting whether the current operation of the user triggers a file decryption instruction.
It should be noted that the file decryption instruction is a file decryption request that a user needs to open an internal file to be processed.
The current operation triggering file decryption instruction may be a file decryption instruction triggered by a cursor, or a file decryption instruction triggered by an input command, and the like, which is not limited in this embodiment.
Step S303: and when the current operation of the user triggers the file decryption instruction, detecting abnormal behaviors of the current operation of the user.
The abnormal behavior detection may be a click operation of a mouse when the external system is transmitted, or an operation of inputting a special command for the user. When the current operation of the user triggers a file decryption instruction, whether the user normally checks the file or needs to send the file to the outside or the like can be judged according to the mouse clicking times or special command input by the user.
When a user clicks and checks a file, the operation and maintenance terminal needs to further check whether the current operation of the user has abnormal behavior operation according to the received mouse clicking times or special instruction input.
Step S304: and judging whether the internal file to be processed is sent to an external system or not according to the abnormal behavior detection result.
The external system may be a mobile terminal, a third party system, or the like, and the embodiment is not limited.
In practical application, it is assumed that when a user normally views a file, after the file is viewed, an operation and maintenance terminal determines whether the user performs multiple clicks or inputs a special command through a mouse, if the mouse clicks 1 time, the user can understand that the file is closed, and when the mouse clicks 3 times continuously, the user is proved to need to send the file to an external system, wherein the multiple clicks or the input of the special command can be set by the user in a user-defined manner, which is not limited in this embodiment.
Step S305: and if the internal file to be processed is sent to an external system, marking the internal file to be processed according to the file decryption instruction and the encryption and decryption strategy to obtain an external marked file, and sending the external marked file to the external system.
It should be noted that the operation and maintenance end may also perform encryption and decryption operations on the internal file to be processed, perform encryption and decryption control on the external file, control the external file to be uploaded, and the like.
It can be understood that the encryption and decryption policy may be set by a user in a self-defined manner, and may be a simple encryption and decryption policy, and may also be a marked encryption and decryption policy, an important encryption and decryption policy, and the like, where the simple encryption and decryption policy may be a company mark and a text-sending date file mark process, the marked encryption and decryption policy may be a company mark, a text-sending date and a text-sending name file mark process, and the important encryption and decryption policy may be a company mark, a text-sending date, a text-sending name and a receiving name file mark process, and the like, and this embodiment is not limited.
It should be noted that, the step of marking the internal file to be processed according to the file decryption instruction and the encryption and decryption policy to obtain the external marked file may be to obtain the identity information of the user, and perform instruction response audit on the file decryption instruction according to the identity information, that is, the operation and maintenance terminal may determine whether the user is qualified to send the file decryption instruction according to the identity information of the user, and obtain an audit result when the user is qualified to send the file decryption instruction, and when the audit result meets a preset verification condition, obtain the audit time corresponding to the internal file to be processed, generate an operation and maintenance log according to the audit time, the identity information, and the internal file to be processed, and mark the internal file to be processed according to the file decryption instruction and the encryption and decryption policy to obtain the external marked file. The preset verification condition can be understood as that the identity information of the user is qualified for sending the file decryption instruction. The identity information of the user may be an employee number and a name of the user, and the embodiment is not limited thereto.
Assuming that the type corresponding to the internal file to be processed is a food type, the encryption and decryption policy of the food type may be a simple encryption and decryption policy, that is, the internal file to be processed is subjected to company marking and text sending date processing according to the file decryption instruction and the simple encryption and decryption policy, and then an external marked file is obtained and sent to an external system, that is, the decrypted file may be uploaded and normally used by an external computer or terminal equipment. If the file is not transmitted through the decryption policy of the operation and maintenance terminal, the external terminal cannot normally view and use the file, and when the operation and maintenance terminal successfully decrypts the file, the operation and maintenance terminal records the person requesting decryption and the file requesting decryption to form an operation and maintenance log, so as to check and prepare for inspection, and the like.
In the embodiment, firstly, an encryption and decryption strategy is determined according to a file feature type corresponding to an internal file to be processed, a current encryption and decryption state of the internal file to be processed is obtained, whether a file decryption instruction is triggered by the current operation of a user is detected when the current encryption and decryption state is an encryption state, abnormal behavior detection is performed on the current operation of the user when the file decryption instruction is triggered by the current operation of the user, whether the internal file to be processed is sent to an external system is judged according to the abnormal behavior detection result, if the internal file to be processed is sent to the external system, the internal file to be processed is marked according to the file decryption instruction and the encryption and decryption strategy to obtain an external marked file, and the external marked file is sent to the external system, compared with the prior art, the file needs to be marked by manual labeling, and the implementation is that the internal file to be processed is marked according to the file decryption instruction and the encryption and decryption, the external marked file is obtained, so that the file processing efficiency and the user experience are improved, and the safety of the transmitted file is further ensured.
Referring to fig. 4, fig. 4 is a block diagram of a first embodiment of a document security processing apparatus according to the present invention.
As shown in fig. 4, a document security processing apparatus according to an embodiment of the present invention includes:
the receiving module 4001 is configured to, when a service request sent by a user through a service system is detected, call a corresponding to-be-processed internal file according to the service request instruction;
a determining module 4002, configured to extract a plurality of file key features from the to-be-processed internal file, and determine a file feature type corresponding to the to-be-processed internal file according to the plurality of file key features;
the processing module 4003 is configured to determine an encryption and decryption policy according to a file feature type corresponding to the internal file to be processed, and perform security processing on the internal file to be processed according to the encryption and decryption policy.
According to the embodiment, when a service request sent by a user through a service system is detected, a corresponding internal file to be processed is called according to a service request instruction, a plurality of file key features are extracted from the internal file to be processed, a file feature type corresponding to the internal file to be processed is determined according to the file key features, an encryption and decryption strategy is determined according to the file feature type corresponding to the internal file to be processed, and the internal file to be processed is safely processed according to the encryption and decryption strategy. Because the file is not required to be encrypted by manually setting a password, the embodiment only needs to determine the encryption and decryption strategy according to the file type, and then automatically carries out security processing on the file according to the encryption and decryption type, so that the security of the file is improved, and the security processing efficiency of the file is improved.
Further, the receiving module 4001 is further configured to monitor an interactive interface in a service system, and determine whether a cursor sliding operation exists in the interactive interface according to a monitoring result;
the receiving module 4001 is further configured to generate a cursor sliding track according to the cursor sliding operation when the cursor sliding operation exists;
the receiving module 4001 is further configured to determine a start point coordinate and an end point coordinate according to the cursor sliding track, and determine whether the start point coordinate and the end point coordinate are consistent;
the receiving module 4001 is further configured to determine a cursor triggering area according to the cursor sliding track and the end point coordinate when the start point coordinate and the end point coordinate are inconsistent, and detect a service detection request triggered based on the cursor triggering area.
Further, the receiving module 4001 is further configured to, when the cursor sliding operation does not exist, obtain a file storage path corresponding to the internal file to be processed;
the receiving module 4001 is further configured to generate a service request according to the file storage path.
Further, the determining module 4002 is further configured to determine feature index values corresponding to a plurality of the file key features, respectively, to obtain all the feature index values;
the determining module 4002 is further configured to select a target key feature corresponding to a maximum feature index value from all the feature index values;
the determining module 4002 is further configured to determine a file feature type corresponding to the internal file to be processed according to the target key feature.
Further, the determining module 4002 is further configured to input the target key features into a feature classification model to obtain a feature type matching degree and a sample feature type corresponding to the feature type matching degree;
the determining module 4002 is further configured to determine whether the feature type matching degree is greater than a preset matching threshold;
the determining module 4002 is further configured to, when the feature type matching degree is greater than the preset matching threshold, use the sample feature type as a file feature type corresponding to the internal file to be processed.
Further, the processing module 4003 is further configured to obtain a current encryption/decryption state of the internal file to be processed;
the processing module 4003 is further configured to detect whether a current operation of a user triggers a file decryption instruction when the current encryption/decryption state is an encryption state;
the processing module 4003 is further configured to perform abnormal behavior detection on the current operation of the user when the current operation of the user triggers the file decryption instruction;
the processing module 4003 is further configured to determine whether to send the to-be-processed internal file to an external system according to an abnormal behavior detection result;
the processing module 4003 is further configured to, when the to-be-processed internal file is sent to an external system, perform a marking process on the to-be-processed internal file according to the file decryption instruction and the encryption and decryption policy to obtain an external marked file, and send the external marked file to the external system.
Further, the processing module 4003 is further configured to obtain identity information of the user;
the processing module 4003 is further configured to perform instruction response verification on the file decryption instruction according to the identity information, and obtain a verification result;
the processing module 4003 is further configured to obtain an audit time corresponding to the internal file to be processed when the audit result meets a preset verification condition;
the processing module 4003 is further configured to generate an operation and maintenance log according to the audit time, the identity information, and the to-be-processed internal file, and perform a marking process on the to-be-processed internal file according to the file decryption instruction and the encryption and decryption policy to obtain an external marked file.
Other embodiments or specific implementation manners of the file security processing apparatus of the present invention may refer to the above method embodiments, and are not described herein again.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., a rom/ram, a magnetic disk, an optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (10)
1. A file security processing method is characterized by comprising the following steps:
when a service request sent by a user through a service system is detected, calling a corresponding internal file to be processed according to the service request;
extracting a plurality of file key features from the internal file to be processed, and determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features;
and determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed, and carrying out security processing on the internal file to be processed according to the encryption and decryption strategy.
2. The method of claim 1, wherein before the step of retrieving the corresponding internal file to be processed according to the service request when the service request sent by the user through the service system is detected, the method further comprises:
monitoring an interactive interface in a service system, and judging whether cursor sliding operation exists in the interactive interface according to a monitoring result;
if the cursor sliding operation exists, generating a cursor sliding track according to the cursor sliding operation;
determining a starting point coordinate and an end point coordinate according to the cursor sliding track, and judging whether the starting point coordinate and the end point coordinate are consistent;
and when the starting point coordinate and the end point coordinate are not consistent, determining a cursor trigger area according to the cursor sliding track and the end point coordinate, and detecting a detection service request triggered based on the cursor trigger area.
3. The method of claim 2, wherein after the step of monitoring the interactive interface in the service system and determining whether the cursor sliding operation exists in the interactive interface according to the monitoring result, the method further comprises:
if the cursor sliding operation does not exist, acquiring a file storage path corresponding to the internal file to be processed;
and generating a service request according to the file storage path.
4. The method according to claim 1, wherein the step of determining the file feature type corresponding to the internal file to be processed according to the plurality of file key features comprises;
respectively determining characteristic index values corresponding to the key characteristics of the files to obtain all the characteristic index values;
selecting a target key feature corresponding to the maximum feature index value from all the feature index values;
and determining the file feature type corresponding to the internal file to be processed according to the target key feature.
5. The method according to claim 4, wherein the step of determining the file feature type corresponding to the internal file to be processed according to the target key feature comprises:
inputting the target key features into a feature classification model to obtain feature type matching degrees and sample feature types corresponding to the feature type matching degrees;
judging whether the matching degree of the feature types is greater than a preset matching threshold value or not;
and when the feature type matching degree is greater than the preset matching threshold, taking the sample feature type as a file feature type corresponding to the internal file to be processed.
6. The method according to any one of claims 1 to 5, wherein the step of securely processing the internal file to be processed according to the encryption and decryption policy comprises:
acquiring the current encryption and decryption state of the internal file to be processed;
when the current encryption and decryption state is an encryption state, detecting whether the current operation of a user triggers a file decryption instruction;
when the current operation of the user triggers the file decryption instruction, detecting abnormal behaviors of the current operation of the user;
judging whether the internal file to be processed is sent to an external system or not according to an abnormal behavior detection result;
and if the internal file to be processed is sent to an external system, marking the internal file to be processed according to the file decryption instruction and the encryption and decryption strategy to obtain an external marked file, and sending the external marked file to the external system.
7. The method according to claim 6, wherein the step of performing a mark processing on the internal file to be processed according to the file decryption instruction and the encryption and decryption policy to obtain an external mark file comprises:
acquiring identity information of the user;
performing instruction response verification on the file decryption instruction according to the identity information, and acquiring a verification result;
when the auditing result meets the preset verifying condition, acquiring the auditing time corresponding to the internal file to be processed;
and generating an operation and maintenance log according to the auditing time, the identity information and the internal file to be processed, and marking the internal file to be processed according to the file decryption instruction and the encryption and decryption strategy to obtain an external marked file.
8. A document security processing apparatus, comprising:
the receiving module is used for calling a corresponding internal file to be processed according to the service request instruction when detecting a service request sent by a user through a service system;
the determining module is used for extracting a plurality of file key features from the internal file to be processed and determining a file feature type corresponding to the internal file to be processed according to the plurality of file key features;
and the processing module is used for determining an encryption and decryption strategy according to the file characteristic type corresponding to the internal file to be processed and carrying out security processing on the internal file to be processed according to the encryption and decryption strategy.
9. A document security processing apparatus, characterized in that the document security processing apparatus comprises: memory, processor and computer program stored on the memory and executable on the processor, the computer program, when executed by the processor, implementing the steps of the method of secure processing of documents as claimed in any one of claims 1 to 7.
10. A computer storage medium, characterized in that the computer storage medium has stored thereon a computer program which, when being executed by a processor, carries out the steps of the file security processing method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011213045.9A CN112329036A (en) | 2020-11-03 | 2020-11-03 | File security processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011213045.9A CN112329036A (en) | 2020-11-03 | 2020-11-03 | File security processing method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112329036A true CN112329036A (en) | 2021-02-05 |
Family
ID=74323265
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011213045.9A Pending CN112329036A (en) | 2020-11-03 | 2020-11-03 | File security processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112329036A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127905A (en) * | 2021-04-26 | 2021-07-16 | 重庆城市管理职业学院 | Information processing method and network security equipment |
| CN113438277A (en) * | 2021-05-28 | 2021-09-24 | 深圳证券通信有限公司 | File receiving and transmitting method for communication system |
| CN115238296A (en) * | 2022-09-23 | 2022-10-25 | 深圳雷柏科技股份有限公司 | HID (high intensity discharge) -based encryption and decryption method and device, computer equipment and storage medium |
-
2020
- 2020-11-03 CN CN202011213045.9A patent/CN112329036A/en active Pending
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113127905A (en) * | 2021-04-26 | 2021-07-16 | 重庆城市管理职业学院 | Information processing method and network security equipment |
| CN113127905B (en) * | 2021-04-26 | 2024-05-17 | 重庆城市管理职业学院 | Information processing method and network security equipment |
| CN113438277A (en) * | 2021-05-28 | 2021-09-24 | 深圳证券通信有限公司 | File receiving and transmitting method for communication system |
| CN115238296A (en) * | 2022-09-23 | 2022-10-25 | 深圳雷柏科技股份有限公司 | HID (high intensity discharge) -based encryption and decryption method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11089046B2 (en) | Systems and methods for identifying and mapping sensitive data on an enterprise | |
| US11082443B2 (en) | Systems and methods for remote identification of enterprise threats | |
| CN112329036A (en) | File security processing method, device, equipment and storage medium | |
| US9215197B2 (en) | System, method, and computer program product for preventing image-related data loss | |
| US8141159B2 (en) | Method and system for protecting confidential information | |
| US10095865B2 (en) | Detecting unauthorized remote administration using dependency rules | |
| CN108512854B (en) | System information safety monitoring method and device, computer equipment and storage medium | |
| US20130145483A1 (en) | System And Method For Processing Protected Electronic Communications | |
| JP2017532649A (en) | Confidential information processing method, apparatus, server, and security determination system | |
| CN112217835A (en) | Message data processing method and device, server and terminal equipment | |
| US10440050B1 (en) | Identifying sensitive data on computer networks | |
| CN109547426B (en) | Service response method and server | |
| US20130219453A1 (en) | Data leak prevention from a device with an operating system | |
| KR102098064B1 (en) | Method, Apparatus and System for Security Monitoring Based On Log Analysis | |
| CN113177205A (en) | Malicious application detection system and method | |
| CN111538978A (en) | System and method for executing tasks based on access rights determined from task risk levels | |
| CN114598671B (en) | Session message processing method, device, storage medium and electronic equipment | |
| Pistoia et al. | Labyrinth: Visually configurable data-leakage detection in mobile applications | |
| CN111181914B (en) | Method, device and system for monitoring internal data security of local area network and server | |
| CN117150453B (en) | Network application detection method, device, equipment, storage medium and program product | |
| CN110417743B (en) | Encrypted compressed packet analysis method and device | |
| US20240126869A1 (en) | Human interface device firewall | |
| Zhang et al. | An Empirical Study of Insecure Communication in Android Apps | |
| CN114006773A (en) | Weak password judgment method, device, equipment and storage medium | |
| KR20230100850A (en) | File copy leakage prevention method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |