CN112788146A - Sensitive information identification and automatic blocking file transmission method and system - Google Patents
Sensitive information identification and automatic blocking file transmission method and system Download PDFInfo
- Publication number
- CN112788146A CN112788146A CN202110085442.0A CN202110085442A CN112788146A CN 112788146 A CN112788146 A CN 112788146A CN 202110085442 A CN202110085442 A CN 202110085442A CN 112788146 A CN112788146 A CN 112788146A
- Authority
- CN
- China
- Prior art keywords
- transmission
- file
- information
- sensitive information
- obtaining
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 238
- 238000000034 method Methods 0.000 title claims abstract description 102
- 230000000903 blocking effect Effects 0.000 title claims abstract description 29
- 238000004422 calculation algorithm Methods 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 10
- 238000012546 transfer Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 35
- 238000004519 manufacturing process Methods 0.000 abstract description 12
- 238000012545 processing Methods 0.000 abstract description 11
- 230000000694 effects Effects 0.000 abstract description 9
- 238000010586 diagram Methods 0.000 description 11
- 238000012550 audit Methods 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 230000006870 function Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 238000012217 deletion Methods 0.000 description 2
- 230000037430 deletion Effects 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 210000001503 joint Anatomy 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Theoretical Computer Science (AREA)
- Medical Informatics (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Technology Law (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a file transmission method and a file transmission system for sensitive information identification and automatic blocking, wherein a first transmission application is obtained, the first transmission application is used for copying a file in a first environment and sending the file to a second environment, and the second environment is different from the first environment; obtaining a first transmission file according to the first transmission application; obtaining first file content according to the first transmission file; acquiring preset sensitive information; judging whether the first file content contains preset sensitive information or not; and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application. The method solves the technical problems that in the prior art, for non-sensitive information, checking authority control is performed in a transmission process, and whether sensitive information exists in transmission content or not cannot be identified during file transmission. The technical effects of identifying and processing the sensitive information of the transmission content and preventing the leakage of the sensitive data in the text and the file transmission attachment in the file transmission application circulation process of the production environment are achieved.
Description
Technical Field
The invention relates to the technical field of data transmission, in particular to a file transmission method and system for sensitive information identification and automatic blocking.
Background
Some enterprises are divided into a generation environment and an office environment, file transmission is carried out between the generation environment and the office environment, and for the requirement of carrying out file transmission on a production terminal, a large amount of documents and data files can be generated by daily technology and management.
However, in the process of implementing the technical solution of the invention in the embodiments of the present application, the inventors of the present application find that the above-mentioned technology has at least the following technical problems:
in the prior art, for non-sensitive information, the viewing authority is controlled in a transmission process, and the technical problem that whether sensitive information exists in transmission content or not cannot be identified in file transmission exists.
Disclosure of Invention
The embodiment of the application provides a file transmission method and system for identifying and automatically blocking sensitive information, and solves the technical problems that in the prior art, for non-sensitive information, checking authority control is performed in a transmission process, and whether sensitive information exists in transmission content cannot be identified in file transmission. The method has the technical effects of identifying and processing sensitive information of transmission contents, preventing the leakage of text and sensitive data in file transmission accessories in the file transmission application and circulation process of a production environment, automatically judging whether file transmission is confidential, executing process approval according to a judgment result, simplifying process approval, reducing manpower and time and improving working efficiency.
In view of the foregoing problems, embodiments of the present application provide a method and a system for identifying sensitive information and automatically blocking file transmission.
In a first aspect, an embodiment of the present application provides a file transmission method for sensitive information identification and automatic blocking, where the method includes: obtaining a first transmission application, wherein the first transmission application is used for copying a file in a first environment and sending the file to a second environment, and the second environment is different from the first environment; obtaining a first transmission file according to the first transmission application; obtaining first file content according to the first transmission file; acquiring preset sensitive information; judging whether the first file content contains the preset sensitive information or not; and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application.
Preferably, after the determining whether the first file content includes the preset sensitive information, the method includes: when the first file content does not contain the preset sensitive information, acquiring preset algorithm information; replacing the first transmission file according to the preset algorithm information to obtain a first replacement file; and obtaining a second transmission instruction according to the first transmission application and the first replacement file.
Preferably, the replacing the first transmission file according to the preset algorithm information to obtain a first replacement file includes: acquiring first transmission title information and transmission target user information according to the first transmission application; obtaining a first date according to the first file content, wherein the first date is a date existing in the transmission text; acquiring transmission IP address information according to the first transmission application; according to the preset algorithm information, obtaining a first replacement instruction, wherein the first replacement instruction is used for replacing the first transmission title information, the transmission target user information, the first date and the transmission IP address information; acquiring first transmission attachment information according to the first file content; acquiring a first hiding instruction according to the preset algorithm information and the first transmission accessory information, wherein the first hiding instruction is used for hiding the first transmission accessory information; and obtaining the first replacement file according to the first replacement instruction and the first hiding instruction.
Preferably, after obtaining the second transmission instruction, the method includes: acquiring a target server address according to the transmission target user information; obtaining a third transmission instruction according to the address of the target server, wherein the third transmission instruction is used for transmitting the first replacement file to the target server; and acquiring a first authority according to the address of the target server, wherein the first authority is used for allowing the target user to download the attachment information.
Preferably, the method comprises: when the target user finishes downloading, first finishing information is obtained; and acquiring a first deleting instruction according to the first finishing information, wherein the first deleting instruction is used for deleting the attachment in the target server.
Preferably, after obtaining the first interception instruction when the preset sensitive information is included, the method includes: and acquiring first reminding information according to the first interception instruction.
Preferably, after the preset sensitive information is obtained, the method includes: judging whether the preset sensitive information meets a first preset requirement or not; when the first preset requirement is not met, second sensitive information is obtained according to the first preset requirement; and obtaining a second replacement instruction according to the second sensitive information, wherein the second replacement instruction is used for setting the second sensitive information as preset sensitive information.
On the other hand, the application also provides a file transmission method system for sensitive information identification and automatic blocking, and the system comprises:
a first obtaining unit, configured to obtain a first transmission application, where the first transmission application is to copy out a file in a first environment and send the file to a second environment, and the second environment is different from the first environment;
a second obtaining unit, configured to obtain a first transmission file according to the first transmission application;
a third obtaining unit, configured to obtain a first file content according to the first transmission file;
the fourth obtaining unit is used for obtaining preset sensitive information;
the first judging unit is used for judging whether the first file content contains the preset sensitive information or not;
a fifth obtaining unit, configured to obtain a first interception instruction when the preset sensitive information is included, where the first interception instruction is used to terminate the first transmission application.
In a third aspect, the present invention provides a file transfer method and system for sensitive information identification and automatic blocking, including a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor implements the steps of the method according to any one of the first aspect when executing the program.
One or more technical solutions provided in the embodiments of the present application have at least the following technical effects or advantages:
the embodiment of the application provides a file transmission method and system for sensitive information identification and automatic blocking, wherein a first transmission application is obtained, the first transmission application is used for copying a file in a first environment and sending the file to a second environment, and the second environment is different from the first environment; obtaining a first transmission file according to the first transmission application; obtaining first file content according to the first transmission file; acquiring preset sensitive information; judging whether the first file content contains the preset sensitive information or not; and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application. The method and the device have the advantages that sensitive information of transmission contents is identified and processed, text and sensitive data in file transmission accessories are prevented from being leaked in the file transmission application circulation process of the production environment, whether file transmission is involved in secret or not is judged automatically, process approval is executed according to the judgment result, process approval is simplified, manpower and time are reduced, and working efficiency is improved. Therefore, the technical problem that whether sensitive information exists in transmission content or not can not be identified during file transmission when the checking authority control is carried out in a transmission process aiming at non-sensitive information in the prior art is solved.
The foregoing description is only an overview of the technical solutions of the present application, and the present application can be implemented according to the content of the description in order to make the technical means of the present application more clearly understood, and the following detailed description of the present application is given in order to make the above and other objects, features, and advantages of the present application more clearly understandable.
Drawings
FIG. 1 is a schematic flowchart of a document transmission method with sensitive information identification and automatic blocking according to an embodiment of the present application;
FIG. 2 is a schematic structural diagram of a system for identifying and automatically blocking sensitive information in a file transfer method according to an embodiment of the present application;
fig. 3 is a schematic structural diagram of an exemplary electronic device according to an embodiment of the present application.
Description of reference numerals: a first obtaining unit 11, a second obtaining unit 12, a third obtaining unit 13, a fourth obtaining unit 14, a first judging unit 15, a fifth obtaining unit 16, a bus 300, a receiver 301, a processor 302, a transmitter 303, a memory 304, and a bus interface 306.
Detailed Description
The embodiment of the application provides a file transmission method and system for identifying and automatically blocking sensitive information, and solves the technical problems that in the prior art, for non-sensitive information, checking authority control is performed in a transmission process, and whether sensitive information exists in transmission content cannot be identified in file transmission. The method has the technical effects of identifying and processing sensitive information of transmission contents, preventing the leakage of text and sensitive data in file transmission accessories in the file transmission application and circulation process of a production environment, automatically judging whether file transmission is confidential, executing process approval according to a judgment result, simplifying process approval, reducing manpower and time and improving working efficiency.
Hereinafter, example embodiments according to the present application will be described in detail with reference to the accompanying drawings. It should be apparent that the described embodiments are merely some embodiments of the present application and not all embodiments of the present application, and it should be understood that the present application is not limited to the example embodiments described herein.
Summary of the application
For the requirement of file transmission on a production terminal, a large amount of documents and data files can be generated by daily technology and management, the existing file transmission method generally adopts a process manual approval method and a post-audit method to check whether the transmitted files are in compliance, so that the problems of poor checking timeliness, sensitive data leakage and the like are caused, the file audit cannot meet the audit requirement, and meanwhile, a large amount of manpower and time are consumed in the process approval link. However, in the prior art, for non-sensitive information, the viewing authority is controlled in the transmission process, and the technical problem that whether sensitive information exists in the transmission content or not cannot be identified in the file transmission process exists.
In view of the above technical problems, the technical solution provided by the present application has the following general idea:
the embodiment of the application provides a file transmission method for sensitive information identification and automatic blocking, which comprises the following steps: obtaining a first transmission application, wherein the first transmission application is used for copying a file in a first environment and sending the file to a second environment, and the second environment is different from the first environment; obtaining a first transmission file according to the first transmission application; obtaining first file content according to the first transmission file; acquiring preset sensitive information; judging whether the first file content contains the preset sensitive information or not; and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application. The method has the technical effects of identifying and processing sensitive information of transmission contents, preventing the leakage of text and sensitive data in file transmission accessories in the file transmission application and circulation process of a production environment, automatically judging whether file transmission is confidential, executing process approval according to a judgment result, simplifying process approval, reducing manpower and time and improving working efficiency.
Having thus described the general principles of the present application, various non-limiting embodiments thereof will now be described in detail with reference to the accompanying drawings.
Example one
Fig. 1 is a schematic flowchart of a method for identifying and automatically blocking sensitive information in an embodiment of the present application, and as shown in fig. 1, an embodiment of the present application provides a method for identifying and automatically blocking sensitive information in a file transfer, where the method includes:
step S100: obtaining a first transmission application, wherein the first transmission application is used for copying out files in a first environment and sending the files to a second environment, and the second environment is different from the first environment.
Specifically, a user enters an application needing cross-network file transmission, the embodiment of the application mainly aims at the transmission process of the mail, namely the mail is sent to an external network, the first environment is a generation environment or an intranet environment, the second environment is an office environment or an extranet environment, and the first transmission application contains the address of a target cross-network user. The application personnel applies for the cross-network transmission module of the file in the service flow platform to copy the file from the production environment to the office environment, fills in the cross-network users of the transmission target, and uploads the file as an attachment to the cross-network transmission module.
Step S200: and obtaining a first transmission file according to the first transmission application.
Step S300: and obtaining the content of the first file according to the first transmission file.
Specifically, after a transmission application is submitted, contents and data in a text and an attachment are scanned to obtain a transmission file and corresponding file contents in the transmission application, including the text and the attachment, in the embodiment of the application, aiming at the problem of sensitive information identification, a file cross-network transmission flow module is in butt joint with a Digital Light Processing (DLP) (data leakage protection system), the attachment supports scanning of text files such as txt, word and Excel and compressed file formats such as zip, rar and 7zip, and sensitive information in the text and the attachment is identified through a data leakage prevention algorithm in the DLP.
Step S400: and acquiring preset sensitive information.
Further, after obtaining the preset sensitive information, the method includes: judging whether the preset sensitive information meets a first preset requirement or not; when the first preset requirement is not met, second sensitive information is obtained according to the first preset requirement; and obtaining a second replacement instruction according to the second sensitive information, wherein the second replacement instruction is used for setting the second sensitive information as preset sensitive information.
Specifically, an identification rule of sensitive information is defined, the rule is stored in a system, the sensitive rule can be maintained and updated, and can also be automatically generated according to a set requirement, and the sensitive information in the embodiment of the application mainly comprises certificate information, a telephone number, a bank card number, address information and the like.
Step S500: and judging whether the first file content contains the preset sensitive information.
Step S600: and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application.
Further, after obtaining the first interception instruction when the preset sensitive information is included, the method includes: and acquiring first reminding information according to the first interception instruction.
Specifically, whether preset sensitive information content exists in the identified file content is judged, if yes, the process is automatically terminated and returned to the applicant, and reminding information is correspondingly sent to the user to prompt the position of the attachment or the text where the risk exists. Specifically, the module calls a DLP system to scan sensitive data of the accessory, and judges whether sensitive information such as address information, certificate information, telephone numbers, bank card numbers and the like exists according to the internal calculation of the DLP system; if the name exists, the process is automatically terminated and returned to the applicant, and the specific accessory name is prompted on a page to have sensitive fields such as address information, certificate information, a telephone number or a bank card number, and the scanning does not pass. Therefore, sensitive information of the transmission content is identified and processed, leakage of text and sensitive data in the file transmission accessory in the file transmission application circulation process of the production environment is prevented, whether file transmission is involved in secret is judged automatically, process approval is executed according to the judgment result, process approval is simplified, manpower and time are reduced, and the technical effect of improving the working efficiency is achieved. The method solves the technical problems that in the prior art, for non-sensitive information, checking authority control is performed in a transmission process, and whether sensitive information exists in transmission content or not cannot be identified during file transmission.
Further, after the determining whether the first file content includes the preset sensitive information, the method includes: when the first file content does not contain the preset sensitive information, acquiring preset algorithm information; replacing the first transmission file according to the preset algorithm information to obtain a first replacement file; and obtaining a second transmission instruction according to the first transmission application and the first replacement file.
Further, the replacing the first transmission file according to the preset algorithm information to obtain a first replacement file includes: acquiring first transmission title information and transmission target user information according to the first transmission application; obtaining a first date according to the first file content, wherein the first date is a date existing in the transmission text; acquiring transmission IP address information according to the first transmission application; according to the preset algorithm information, obtaining a first replacement instruction, wherein the first replacement instruction is used for replacing the first transmission title information, the transmission target user information, the first date and the transmission IP address information; acquiring first transmission attachment information according to the first file content; acquiring a first hiding instruction according to the preset algorithm information and the first transmission accessory information, wherein the first hiding instruction is used for hiding the first transmission accessory information; and obtaining the first replacement file according to the first replacement instruction and the first hiding instruction.
Specifically, if the scanning passes, a predefined replacement algorithm in the module is called to replace the title, the date, the IP address, the contact person mode and the like in the application flow, when the personnel outside the flow circulation inquires, the replaced title and text are displayed, and the attachment is directly hidden. The method is characterized in that a replacement algorithm of information such as a date, an IP address and a contact way is predefined in a file transmission module, a title, a date in a text, the IP address and the contact way are automatically identified and replaced by x in the transmission flow circulation process, only personnel in the circulation process can view real text content, and an attachment is directly hidden. The technical effects of protecting the transmission data and ensuring the safety of the transmission data in the file transmission flow circulation process are achieved.
Further, after obtaining the second transmission instruction, the method includes: acquiring a target server address according to the transmission target user information; obtaining a third transmission instruction according to the address of the target server, wherein the third transmission instruction is used for transmitting the first replacement file to the target server; and acquiring a first authority according to the address of the target server, wherein the first authority is used for allowing the target user to download the attachment information.
Further, the method comprises: when the target user finishes downloading, first finishing information is obtained; and acquiring a first deleting instruction according to the first finishing information, wherein the first deleting instruction is used for deleting the attachment in the target server.
Specifically, for the transmission file which passes the verification, the attachment is transmitted to the local of the cross-network system server according to the filled target cross-network user, the download authority corresponding to the received account number is communicated in the cross-network transmission system, and the target cross-network user is authorized to correspond to the download authority. And the target user logs in the cross-network system at the office terminal to download the attachment, and then clicks to finish use, and the system deletes the local attachment of the server.
The transmission method of the embodiment of the application carries out automatic approval in a flow process, files and contents which do not contain sensitive information pass through the flow process, sensitive information exists in the files and the contents are automatically blocked, and the flow process is returned and a prompt is popped up. Meanwhile, the examination and approval records of the process can be filed for later auditing and reference. The method has the technical effects that automatic identification and approval are adopted in the whole process, manual processing links are eliminated, process approval and circulation time is greatly shortened, audit records are automatically added in each process, supervision and audit requirements are met, and follow-up tracing is facilitated.
Furthermore, the method of the embodiment of the application has already carried out online deployment and popularization and use of the system in a certain financial enterprise, and has obtained a beneficial effect, and according to incomplete statistics, since online for 2 months, the system has completed automatic cross-network transmission 892 orders in a certain financial enterprise. The time consumed by the automatic examination and approval and the review of the work order is within 1s, and compared with the conventional manual examination and approval efficiency, the efficiency is improved by more than 60 times. The text and the accessories in the cross-network transmission work order are scanned through the DLP, the requirements of supervision and internal and external audit are met, and the sensitive information of the production environment is effectively prevented from being leaked.
Example two
Based on the same inventive concept as the file transmission method for identifying and automatically blocking the sensitive information in the foregoing embodiment, the present invention further provides a file transmission method system for identifying and automatically blocking the sensitive information, as shown in fig. 2, the system includes:
a first obtaining unit 11, where the first obtaining unit 11 is configured to obtain a first transmission application, where the first transmission application is to copy out a file in a first environment and send the file to a second environment, where the second environment is different from the first environment;
a second obtaining unit 12, where the second obtaining unit 12 is configured to obtain a first transmission file according to the first transmission application;
a third obtaining unit 13, where the third obtaining unit 13 is configured to obtain a first file content according to the first transmission file;
a fourth obtaining unit 14, where the fourth obtaining unit 14 is configured to obtain preset sensitive information;
a first judging unit 15, where the first judging unit 15 is configured to judge whether the first file content includes the preset sensitive information;
a fifth obtaining unit 16, where the fifth obtaining unit 16 is configured to obtain a first interception instruction when the preset sensitive information is included, where the first interception instruction is used to terminate the first transmission application.
Further, the system further comprises:
a sixth obtaining unit, configured to obtain preset algorithm information when the first file content does not include the preset sensitive information;
a seventh obtaining unit, configured to perform a replacement operation on the first transmission file according to the preset algorithm information to obtain a first replacement file;
an eighth obtaining unit, configured to obtain a second transmission instruction according to the first transmission application and the first replacement file.
Further, the system further comprises:
a ninth obtaining unit, configured to obtain first transmission title information and transmission target user information according to the first transmission application;
a tenth obtaining unit, configured to obtain, according to the first file content, a first date, where the first date is a date existing in the transmission text;
an eleventh obtaining unit, configured to obtain transport IP address information according to the first transport application;
a twelfth obtaining unit, configured to obtain a first replacement instruction according to the preset algorithm information, where the first replacement instruction is to replace the first transmission header information, the transmission target user information, the first date, and the transmission IP address information;
a thirteenth obtaining unit configured to obtain first transmission attachment information according to the first file content;
a fourteenth obtaining unit, configured to obtain a first hiding instruction according to the preset algorithm information and the first transmission accessory information, where the first hiding instruction is used to hide the first transmission accessory information;
a fifteenth obtaining unit, configured to obtain the first replacement file according to the first replacement instruction and the first hiding instruction.
Further, the system further comprises:
a sixteenth obtaining unit, configured to obtain a destination server address according to the transmission destination user information;
a seventeenth obtaining unit, configured to obtain a third transmission instruction according to the address of the target server, where the third transmission instruction is used to transmit the first replacement file to the target server;
and the eighteenth obtaining unit is used for obtaining a first permission according to the target server address, wherein the first permission allows the target user to download the attachment information.
Further, the system further comprises:
a nineteenth obtaining unit, configured to obtain first completion information after the target user completes downloading;
a twentieth obtaining unit, configured to obtain, according to the first completion information, a first deletion instruction, where the first deletion instruction is used to delete an attachment in a target server.
Further, the system further comprises:
a twenty-first obtaining unit, configured to obtain first reminding information according to the first intercepting instruction.
Further, the system further comprises:
the second judging unit is used for judging whether the preset sensitive information meets a first preset requirement or not;
a twenty-second obtaining unit, configured to, when not satisfied, obtain second sensitive information according to the first predetermined requirement;
a twenty-third obtaining unit, configured to obtain a second replacement instruction according to the second sensitive information, where the second replacement instruction is used to set the second sensitive information as preset sensitive information.
Various changes and specific examples of the sensitive information identifying and automatically blocking file transmission method in the first embodiment of fig. 1 are also applicable to the sensitive information identifying and automatically blocking file transmission method system of the present embodiment, and through the foregoing detailed description of the sensitive information identifying and automatically blocking file transmission method, those skilled in the art can clearly know the implementation method of the sensitive information identifying and automatically blocking file transmission method system in the present embodiment, so for the brevity of the description, detailed description is omitted here.
Exemplary electronic device
The electronic device of the embodiment of the present application is described below with reference to fig. 3.
Fig. 3 illustrates a schematic structural diagram of an electronic device according to an embodiment of the present application.
Based on the inventive concept of the sensitive information identification and automatic blocking file transmission method in the foregoing embodiment, the present invention further provides a sensitive information identification and automatic blocking file transmission method system, on which a computer program is stored, which when executed by a processor implements the steps of any one of the foregoing sensitive information identification and automatic blocking file transmission methods.
Where in fig. 3 a bus architecture (represented by bus 300), bus 300 may include any number of interconnected buses and bridges, bus 300 linking together various circuits including one or more processors, represented by processor 302, and memory, represented by memory 304. The bus 300 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface 306 provides an interface between the bus 300 and the receiver 301 and transmitter 303. The receiver 301 and the transmitter 303 may be the same element, i.e., a transceiver, providing a means for communicating with various other systems over a transmission medium.
The processor 302 is responsible for managing the bus 300 and general processing, and the memory 304 may be used for storing data used by the processor 302 in performing operations.
One or more technical solutions in the embodiments of the present application have at least one or more of the following technical effects:
the embodiment of the application provides a file transmission method and system for sensitive information identification and automatic blocking, wherein a first transmission application is obtained, the first transmission application is used for copying a file in a first environment and sending the file to a second environment, and the second environment is different from the first environment; obtaining a first transmission file according to the first transmission application; obtaining first file content according to the first transmission file; acquiring preset sensitive information; judging whether the first file content contains the preset sensitive information or not; and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application. The method and the device have the advantages that sensitive information of transmission contents is identified and processed, text and sensitive data in file transmission accessories are prevented from being leaked in the file transmission application circulation process of the production environment, whether file transmission is involved in secret or not is judged automatically, process approval is executed according to the judgment result, process approval is simplified, manpower and time are reduced, and working efficiency is improved. Therefore, the technical problem that whether sensitive information exists in transmission content or not can not be identified during file transmission when the checking authority control is carried out in a transmission process aiming at non-sensitive information in the prior art is solved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create a system for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. While preferred embodiments of the present invention have been described, additional variations and modifications in those embodiments may occur to those skilled in the art once they learn of the basic inventive concepts. Therefore, it is intended that the appended claims be interpreted as including preferred embodiments and all such alterations and modifications as fall within the scope of the invention.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present invention without departing from the spirit and scope of the invention. Thus, if such modifications and variations of the present invention fall within the scope of the claims of the present invention and their equivalents, the present invention is also intended to include such modifications and variations.
Claims (9)
1. A file transfer method with sensitive information identification and automatic blocking, wherein the method comprises:
obtaining a first transmission application, wherein the first transmission application is used for copying a file in a first environment and sending the file to a second environment, and the second environment is different from the first environment;
obtaining a first transmission file according to the first transmission application;
obtaining first file content according to the first transmission file;
acquiring preset sensitive information;
judging whether the first file content contains the preset sensitive information or not;
and when the preset sensitive information is contained, obtaining a first interception instruction, wherein the first interception instruction is used for terminating the first transmission application.
2. The method of claim 1, wherein the determining whether the first file content contains the preset sensitive information comprises:
when the first file content does not contain the preset sensitive information, acquiring preset algorithm information;
replacing the first transmission file according to the preset algorithm information to obtain a first replacement file;
and obtaining a second transmission instruction according to the first transmission application and the first replacement file.
3. The method of claim 2, wherein the replacing the first transmission file according to the preset algorithm information to obtain a first replacement file comprises:
acquiring first transmission title information and transmission target user information according to the first transmission application;
obtaining a first date according to the first file content, wherein the first date is a date existing in the transmission text;
acquiring transmission IP address information according to the first transmission application;
according to the preset algorithm information, obtaining a first replacement instruction, wherein the first replacement instruction is used for replacing the first transmission title information, the transmission target user information, the first date and the transmission IP address information;
acquiring first transmission attachment information according to the first file content;
acquiring a first hiding instruction according to the preset algorithm information and the first transmission accessory information, wherein the first hiding instruction is used for hiding the first transmission accessory information;
and obtaining the first replacement file according to the first replacement instruction and the first hiding instruction.
4. The method of claim 3, wherein obtaining the second transmission instruction comprises:
acquiring a target server address according to the transmission target user information;
obtaining a third transmission instruction according to the address of the target server, wherein the third transmission instruction is used for transmitting the first replacement file to the target server;
and acquiring a first authority according to the address of the target server, wherein the first authority is used for allowing the target user to download the attachment information.
5. The method of claim 4, wherein the method comprises:
when the target user finishes downloading, first finishing information is obtained;
and acquiring a first deleting instruction according to the first finishing information, wherein the first deleting instruction is used for deleting the attachment in the target server.
6. The method of claim 1, wherein obtaining the first interception instruction when the preset sensitive information is included comprises:
and acquiring first reminding information according to the first interception instruction.
7. The method of claim 1, wherein the obtaining of the preset sensitive information comprises:
judging whether the preset sensitive information meets a first preset requirement or not;
when the first preset requirement is not met, second sensitive information is obtained according to the first preset requirement;
and obtaining a second replacement instruction according to the second sensitive information, wherein the second replacement instruction is used for setting the second sensitive information as preset sensitive information.
8. A file transmission method system for sensitive information identification and automatic blocking, wherein the system comprises:
a first obtaining unit, configured to obtain a first transmission application, where the first transmission application is to copy out a file in a first environment and send the file to a second environment, and the second environment is different from the first environment;
a second obtaining unit, configured to obtain a first transmission file according to the first transmission application;
a third obtaining unit, configured to obtain a first file content according to the first transmission file;
the fourth obtaining unit is used for obtaining preset sensitive information;
the first judging unit is used for judging whether the first file content contains the preset sensitive information or not;
a fifth obtaining unit, configured to obtain a first interception instruction when the preset sensitive information is included, where the first interception instruction is used to terminate the first transmission application.
9. A system for identifying sensitive information and automatically blocking file transmission, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor executes the program to implement the steps of the method according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110085442.0A CN112788146A (en) | 2021-01-22 | 2021-01-22 | Sensitive information identification and automatic blocking file transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110085442.0A CN112788146A (en) | 2021-01-22 | 2021-01-22 | Sensitive information identification and automatic blocking file transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112788146A true CN112788146A (en) | 2021-05-11 |
Family
ID=75758450
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110085442.0A Pending CN112788146A (en) | 2021-01-22 | 2021-01-22 | Sensitive information identification and automatic blocking file transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112788146A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156365A (en) * | 2013-05-14 | 2014-11-19 | 中国移动通信集团湖南有限公司 | Monitoring method, device and system for file |
| CN109254868A (en) * | 2018-08-29 | 2019-01-22 | 新华三信息安全技术有限公司 | A kind of file test method and device |
| CN109960938A (en) * | 2017-12-22 | 2019-07-02 | 北京三快在线科技有限公司 | Processing method, device, medium and the electronic equipment of sensitive information |
| CN109977690A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团陕西有限公司 | A kind of data processing method, device and medium |
| CN111310205A (en) * | 2020-02-11 | 2020-06-19 | 平安科技(深圳)有限公司 | Sensitive information detection method and device, computer equipment and storage medium |
-
2021
- 2021-01-22 CN CN202110085442.0A patent/CN112788146A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104156365A (en) * | 2013-05-14 | 2014-11-19 | 中国移动通信集团湖南有限公司 | Monitoring method, device and system for file |
| CN109960938A (en) * | 2017-12-22 | 2019-07-02 | 北京三快在线科技有限公司 | Processing method, device, medium and the electronic equipment of sensitive information |
| CN109977690A (en) * | 2017-12-28 | 2019-07-05 | 中国移动通信集团陕西有限公司 | A kind of data processing method, device and medium |
| CN109254868A (en) * | 2018-08-29 | 2019-01-22 | 新华三信息安全技术有限公司 | A kind of file test method and device |
| CN111310205A (en) * | 2020-02-11 | 2020-06-19 | 平安科技(深圳)有限公司 | Sensitive information detection method and device, computer equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10769303B2 (en) | Data processing systems for central consent repository and related methods | |
| US11138318B2 (en) | Data processing systems for data transfer risk identification and related methods | |
| US11308435B2 (en) | Data processing systems for identifying, assessing, and remediating data processing risks using data modeling techniques | |
| US20200220901A1 (en) | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods | |
| CN108132926B (en) | Contract generation device and system | |
| WO2019089646A1 (en) | System and method for validation of distributed data storage systems | |
| US11947708B2 (en) | Data processing systems and methods for automatically protecting sensitive data within privacy management systems | |
| US11038925B2 (en) | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods | |
| US11228620B2 (en) | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods | |
| US10706379B2 (en) | Data processing systems for automatic preparation for remediation and related methods | |
| CN102870110B (en) | Document registration system | |
| US11562097B2 (en) | Data processing systems for central consent repository and related methods | |
| US11277448B2 (en) | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods | |
| US20210112103A1 (en) | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods | |
| CN111415233A (en) | Bank electronic inquiry letter generation method based on block chain multi-party authorization | |
| US20200314147A1 (en) | Data processing systems for data-transfer risk identification, cross-border visualization generation, and related methods | |
| US11144675B2 (en) | Data processing systems and methods for automatically protecting sensitive data within privacy management systems | |
| CN110990802B (en) | Method and device for carrying out batch authorization on mysql user permission information | |
| CN112788146A (en) | Sensitive information identification and automatic blocking file transmission method and system | |
| CN115242433B (en) | Data processing method, system, electronic device and computer readable storage medium | |
| CN115758443A (en) | Office document outbound data oriented protection method | |
| US20220164476A1 (en) | Data processing systems for use in automatically generating, populating, and submitting data subject access requests | |
| CN110825702A (en) | Investment bank work manuscript management method and system | |
| KR20210045628A (en) | The method of proving download and view of insurance contract document at mobile insurance process | |
| US11475136B2 (en) | Data processing systems for data transfer risk identification and related methods |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210511 |
|
| RJ01 | Rejection of invention patent application after publication |