CN113094332A - File management method and device - Google Patents

File management method and device Download PDF

Info

Publication number
CN113094332A
CN113094332A CN202110443821.2A CN202110443821A CN113094332A CN 113094332 A CN113094332 A CN 113094332A CN 202110443821 A CN202110443821 A CN 202110443821A CN 113094332 A CN113094332 A CN 113094332A
Authority
CN
China
Prior art keywords
file
user
protected
fingerprint library
operated
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110443821.2A
Other languages
Chinese (zh)
Inventor
陈少涵
任海健
李仕毅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Skyguard Network Security Technology Co ltd
Original Assignee
Beijing Skyguard Network Security Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Skyguard Network Security Technology Co ltd filed Critical Beijing Skyguard Network Security Technology Co ltd
Priority to CN202110443821.2A priority Critical patent/CN113094332A/en
Publication of CN113094332A publication Critical patent/CN113094332A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/11File system administration, e.g. details of archiving or snapshots
    • G06F16/122File system administration, e.g. details of archiving or snapshots using management policies
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Human Computer Interaction (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a file management method and device, and relates to the technical field of computers. One embodiment of the method comprises: monitoring a file operation request triggered by a user, wherein the file operation request indicates an operation behavior and a file to be operated; generating a file abstract aiming at the file to be operated so as to acquire a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected and calculating the file similarity of the file abstract and the file fingerprint; acquiring an authority threshold of the operation behavior corresponding to the user according to the user identification of the user; judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated. The method and the device can flexibly adjust the operation authority of the user based on the content of the file to be operated.

Description

File management method and device
Technical Field
The invention relates to the technical field of computers, in particular to a file management method and device.
Background
Files are used as common information carriers for recording various information, and different user operation authorities are often required to be set for the files in order to protect the safety of file contents, especially for files with high requirements on privacy.
At present, a common method for setting user operation permissions is to perform unified permission configuration on files or directories where the files are located and storage disks where the files are located, and once the configuration is completed, the operation permissions corresponding to the files are fixed and unchanged unless manually modified.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art: with the editing and updating of the file content and the development of time, the corresponding privacy or security requirements of the same file at different time stages are different, and further the corresponding operation permissions are also different, but at present, the operation permissions of the user on the file cannot be flexibly determined based on the dynamic change of the file content.
Disclosure of Invention
In view of this, embodiments of the present invention provide a file management method and apparatus, which can flexibly determine whether a user can perform an operation behavior based on file content, that is, dynamically adjust an operation permission of the user for a file, and implement flexible management on the file operation permission.
To achieve the above object, according to an aspect of an embodiment of the present invention, there is provided a file management method including:
monitoring a file operation request triggered by a user, wherein the file operation request indicates an operation behavior and a file to be operated;
generating a file abstract aiming at the file to be operated so as to acquire a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected and calculating the file similarity of the file abstract and the file fingerprint;
acquiring an authority threshold of the operation behavior corresponding to the user according to the user identification of the user;
judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
Optionally, the method further comprises:
before monitoring a file operation request triggered by a user, judging whether the file fingerprint library is the latest version of the file fingerprint library, and downloading the latest version of the file fingerprint library from a server side under the condition that the file fingerprint library is not the latest version of the file fingerprint library.
Optionally, the file fingerprint library indicates file fingerprints corresponding to one or more files to be protected, and the file fingerprints are generated at the service end based on the following steps:
acquiring the file to be protected;
performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
Optionally, the method further comprises:
the server manages the file fingerprint library based on any one or more of the following:
under the condition of adding a file to be protected, generating a file fingerprint corresponding to the file to be protected so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library;
under the condition of updating the file to be protected, generating a new file fingerprint aiming at the updated file to be protected so as to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library;
and under the condition of deleting the file to be protected, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
Optionally, the file fingerprint library further indicates authority thresholds of one or more operation behaviors corresponding to the users, so as to search the authority thresholds of the operation behaviors corresponding to the users from the file fingerprint library according to user identifiers;
the operational behavior includes any one or more of: the method comprises the steps of complete control, reading, opening, copying, cutting, pasting, sharing, transmitting, running, screen capturing and printing.
Optionally, the method further comprises:
the server manages the file fingerprint library based on any one or more of the following:
under the condition that users are added, correspondingly storing the user identification and the authority threshold value of the operation behavior corresponding to the users in the file fingerprint library;
under the condition of updating a user, updating the authority threshold of the operation behavior corresponding to the user in the file fingerprint library;
and under the condition of deleting the user, deleting the user identification and the authority threshold of the operation behavior corresponding to the user from the file fingerprint library.
Optionally, the generating a file summary for the file to be operated includes:
performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated.
To achieve the above object, according to still another aspect of an embodiment of the present invention, there is provided a file management apparatus including: the system comprises an operation request monitoring module, a file abstract generating module, an authority threshold acquiring module and an operation behavior control module; wherein the content of the first and second substances,
the operation request monitoring module is used for monitoring a file operation request triggered by a user, wherein the file operation request indicates an operation behavior and a file to be operated;
the file abstract generating module is used for generating a file abstract aiming at the file to be operated so as to acquire a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected and calculate the file similarity between the file abstract and the file fingerprint;
the permission threshold acquisition module is used for acquiring a permission threshold of the operation behavior corresponding to the user according to the user identification of the user;
the operation behavior control module is used for judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
Optionally, the method further comprises: a file fingerprint database acquisition module; wherein the content of the first and second substances,
the file fingerprint library acquisition module is used for judging whether the file fingerprint library is the file fingerprint library of the latest version or not before monitoring a file operation request triggered by a user, so that the file fingerprint library of the latest version is downloaded from a server side under the condition that the file fingerprint library is not the file fingerprint library of the latest version.
Optionally, the file fingerprint library indicates file fingerprints corresponding to one or more files to be protected, and the file fingerprints are generated at the service end based on the following steps:
acquiring the file to be protected;
performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
Optionally, the server manages the file fingerprint repository based on any one or more of:
under the condition of adding a file to be protected, generating a file fingerprint corresponding to the file to be protected so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library;
under the condition of updating the file to be protected, generating a new file fingerprint aiming at the updated file to be protected so as to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library;
and under the condition of deleting the file to be protected, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
Optionally, the file fingerprint library further indicates authority thresholds of one or more operation behaviors corresponding to the users, so as to search the authority thresholds of the operation behaviors corresponding to the users from the file fingerprint library according to user identifiers;
the operational behavior includes any one or more of: the method comprises the steps of complete control, reading, opening, copying, cutting, pasting, sharing, transmitting, running, screen capturing and printing.
Optionally, the server manages the file fingerprint repository based on any one or more of:
under the condition that users are added, correspondingly storing the user identification and the authority threshold value of the operation behavior corresponding to the users in the file fingerprint library;
under the condition of updating a user, updating the authority threshold of the operation behavior corresponding to the user in the file fingerprint library;
and under the condition of deleting the user, deleting the user identification and the authority threshold of the operation behavior corresponding to the user from the file fingerprint library.
Optionally, the generating a file summary for the file to be operated includes:
performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided an electronic device for file management, including:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement a method as in any one of the file management methods described above.
To achieve the above object, according to another aspect of embodiments of the present invention, there is provided a computer-readable medium on which a computer program is stored, the program, when executed by a processor, implementing any one of the file management methods described above.
One embodiment of the above invention has the following advantages or benefits: the method comprises the steps of monitoring a file operation request triggered by a user, generating a file abstract aiming at a file to be operated indicated by the file operation request, obtaining a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected, calculating the file similarity between the file abstract and the file fingerprint, further obtaining an authority threshold value of an operation behavior corresponding to the user according to a user identifier of the user, and determining whether the user can carry out the operation behavior on the file to be operated in a mode of comparing the file similarity with the authority threshold value, namely flexibly determining the operation authority of the user based on the content of the file to be operated, thereby realizing the dynamic management of the file operation authority.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of a main flow of a file management method according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a main flow of another file management method according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a main flow of a method for generating a file fingerprint library according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of the main blocks of a file management apparatus according to an embodiment of the present invention;
FIG. 5 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 6 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic diagram of a main flow of a file management method according to an embodiment of the present invention, and as shown in fig. 1, the file management method may specifically include the following steps:
step S101, a file operation request triggered by a user is monitored, and the file operation request indicates an operation behavior and a file to be operated.
Wherein the operational behavior comprises any one or more of: the method comprises the steps of complete control, reading, opening, copying, cutting, pasting, sharing, transmitting, running, screen capturing and printing. It can be understood that, in the case of monitoring a file operation request triggered by a user, the user is directly interrupted from performing an operation action on the file to be operated, so as to determine the operation permission of a subsequent user, and if and only if it is determined that the user can perform the operation action, the user is allowed to continue operating the file to be operated. Specifically, the operation behavior is taken as an example of file transmission, and then the file transmission operation is suspended and the file transmission is interrupted when it is monitored that the user requests to perform the file transmission, and the file transmission is continued when it is determined that the user has the file transmission permission. It should be noted that, instead of monitoring and interrupting all file operation requests, the file operation requests triggered by the user may be selectively monitored, for example, the file operation requests for transmitting the file to the network sharing server may be monitored and interrupted, and the file transmission only inside the disk is not monitored, so as to ensure the file security and reduce the waste of monitoring resources.
In an optional embodiment, the method further comprises: before monitoring a file operation request triggered by a user, judging whether the file fingerprint library is the latest version of the file fingerprint library, and downloading the latest version of the file fingerprint library from a server side under the condition that the file fingerprint library is not the latest version of the file fingerprint library.
The file fingerprint library is generated by the server and then synchronized to the client by the server, the file fingerprint library indicates file fingerprints corresponding to one or more files to be protected, and the files to be protected include privacy information or sensitive information determined according to actual requirements, namely the files with high requirements on safety. Therefore, the generation efficiency of the file fingerprint library can be ensured, and the real-time performance and the reliability of the local file fingerprint library used by the client under the condition of monitoring the file operation request triggered by the user can also be ensured. Specifically, whether the file fingerprint library is the latest version or not can be verified through information such as the file fingerprint or the MD5 value (Message-Digest Algorithm 5) of the file fingerprint library, the size of the file fingerprint library, and the like.
In an alternative embodiment, the file fingerprint is generated at the server based on the steps of: acquiring the file to be protected; performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected; and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
The word segmentation processing refers to a process of recombining continuous word sequences into word sequences according to a certain specification, and the applicable algorithms include, but are not limited to, an SCWS algorithm, an ICTCLAS algorithm, an HTTPCWS algorithm, and the like. It is understood that the word segmentation process itself involved in the present embodiment already includes sentence segmentation, and filtering processes for stop words, punctuation marks, special characters, etc. in the segmentation result. A Hash Algorithm (Secure Hash Algorithm, SHA for short) can transform an input with any length into an output with a fixed length, i.e. a Hash value, through the Hash Algorithm, so that the file fingerprint includes one or more Hash values corresponding to a participle set. Because the input and the output of the hash algorithm are in one-to-one correspondence, the file fingerprints, namely the hash values corresponding to the word segmentation sets, can be used for replacing privacy information or sensitive information contained in the file report for storage so as to improve the query speed, and the file abstract and the file fingerprints can be used for replacing the file to perform similarity calculation so as to simplify the calculation process and improve the calculation efficiency.
In an optional embodiment, the method further comprises: the server manages the file fingerprint library based on any one or more of the following: under the condition of adding a file to be protected, generating a file fingerprint corresponding to the file to be protected so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library; under the condition of updating the file to be protected, generating a new file fingerprint aiming at the updated file to be protected so as to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library; and under the condition of deleting the file to be protected, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
It can be understood that, in the actual execution process, the file that needs to be subjected to operation authority control is constantly changed, such as newly added meeting summary, program code, research and development data, personnel information, and the like, so that the corresponding file to be protected is also constantly changed, and further, under the condition that the file to be protected needs to be added, deleted, or updated, the file fingerprint library corresponding to the file to be protected needs to be correspondingly updated.
Step S102, generating a file abstract aiming at the file to be operated so as to obtain a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected, and calculating the file similarity between the file abstract and the file fingerprint.
Specifically, the generating a file summary for the file to be operated includes: performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated; and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated. Based on the method, the file similarity between the file abstract and all file fingerprints in the file fingerprint library can be directly calculated, so that the file fingerprints similar to the file abstract are determined according to the maximum value of the file similarity. More specifically, representative vectors of the file abstract and the file fingerprint can be respectively determined, so as to determine the file similarity based on the cosine value, the Euclidean distance and the like of the vectors; the file similarity can also be determined by calculating the ratio of the same hash value of the file digest and the file fingerprint to all hash values in the file fingerprint.
Step S103, acquiring the authority threshold of the operation behavior corresponding to the user according to the user identification of the user.
In an optional implementation manner, the file fingerprint library further indicates authority thresholds of one or more operation behaviors corresponding to the user, so as to search the authority thresholds of the operation behaviors corresponding to the user from the file fingerprint library according to the user identification.
It can be understood that, in addition to storing the authority threshold of the operation behavior corresponding to the user in the file fingerprint library, other arbitrary storage spaces such as a database and a disk corresponding to the server may also be used for storage, and the stored authority threshold of the operation behavior corresponding to the user is synchronized to one or more clients that need to perform file management, which is specifically shown in table 1 below.
TABLE 1 example permission thresholds for user-corresponding operational behaviors
Figure BDA0003036016510000101
It is understood that any information that can distinguish users, such as user names, can also be used as the user identification; meanwhile, the user information such as the sex, age, job level, duty range and the like corresponding to the user can be stored, so that the authority threshold corresponding to the operation behavior can be set for the user more reasonably and accurately.
In an optional embodiment, the method further comprises: the server manages the file fingerprint library based on any one or more of the following: under the condition that users are added, correspondingly storing the user identification and the authority threshold value of the operation behavior corresponding to the users in the file fingerprint library; under the condition of updating a user, updating the authority threshold of the operation behavior corresponding to the user in the file fingerprint library; and under the condition of deleting the user, deleting the user identification and the authority threshold of the operation behavior corresponding to the user from the file fingerprint library.
Step S104, judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
It is to be noted that, in this embodiment, the lower the authority threshold is, the less the operation behaviors that can be performed by the user is, and the higher the authority threshold is, otherwise, the higher the authority threshold is, so that in the actual execution process, different operation authorities can be set for different users by setting different authority thresholds, and meanwhile, the authority threshold can be correspondingly adjusted based on changes of user information such as the job level of the user, so as to achieve flexible management of the user file operation authority.
Based on the embodiment, under the condition that a file operation request triggered by a user is monitored, a file abstract is generated aiming at a file to be operated, a file fingerprint similar to the file abstract is obtained from a file fingerprint library corresponding to the file to be protected, the file similarity between the file abstract and the file fingerprint is calculated, and the possibility that the file to be operated contains privacy information or sensitive information to be protected is determined; furthermore, by obtaining the permission threshold of the operation behavior corresponding to the user and comparing the file similarity with the permission threshold, whether the user can operate the file to be operated which may contain privacy information or sensitive information is determined, that is, the operation permission of the user on the operation file can be flexibly determined based on the content of the file to be operated, thereby realizing the dynamic management of the file operation permission.
Referring to fig. 2, on the basis of the foregoing embodiment, an embodiment of the present invention provides another file management method, which may specifically include the following steps:
step S201, judging whether the file fingerprint database is the latest version file fingerprint database; if yes, the following step S203 is executed; if not, the following step S202 is continued.
And step S202, downloading the file fingerprint library of the latest version from the server.
Step S203, a file operation request triggered by a user is monitored, and the file operation request indicates an operation behavior and a file to be operated.
Step S204, performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated.
Step S205, performing hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated.
Step S206, a file fingerprint similar to the file abstract is obtained from a file fingerprint library corresponding to the file to be protected, and the file similarity between the file abstract and the file fingerprint is calculated.
Step S207, obtaining the authority threshold of the operation behavior corresponding to the user according to the user identifier of the user.
Step S208, judging whether the file similarity is smaller than the permission threshold value; if yes, continuing to execute the following step S209; if not, the following step S210 is continued.
Step S209, allowing the user to perform the operation on the file to be operated.
Step S210, not allowing the user to perform the operation on the file to be operated.
Referring to fig. 3, on the basis of the foregoing embodiment, an embodiment of the present invention provides a method for generating a file fingerprint library, where the method specifically includes the following steps:
step S301, obtaining the file to be protected.
Step S302, performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected.
Step S303, carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
Step S304, judging whether the file to be protected changes. In the case of adding a file to be protected, the following step S305 is continued; in the case of updating the file to be protected, the following step S306 is continued; in the case of the deletion of the file to be protected, the following step S305 is continuously performed.
Step S305, generating a file fingerprint corresponding to the file to be protected, so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library.
Step S306, generating a new file fingerprint for the updated file to be protected to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library.
Step S307, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
Referring to fig. 4, on the basis of the above embodiment, an embodiment of the present invention provides a file management apparatus 400, including: an operation request monitoring module 402, a file abstract generating module 403, an authority threshold value obtaining module 404 and an operation behavior control module 405; wherein the content of the first and second substances,
the operation request monitoring module 402 is configured to monitor a file operation request triggered by a user, where the file operation request indicates an operation behavior and a file to be operated;
the file abstract generating module 403 is configured to generate a file abstract for the file to be operated, so as to obtain a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected, and calculate a file similarity between the file abstract and the file fingerprint;
the permission threshold obtaining module 404 is configured to obtain a permission threshold of the operation behavior corresponding to the user according to the user identifier of the user;
the operation behavior control module 405 is configured to determine whether the file similarity is smaller than the permission threshold: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
In an optional embodiment, the method further comprises: a file fingerprint repository acquisition module 401; wherein the content of the first and second substances,
the file fingerprint library acquisition module is used for judging whether the file fingerprint library is the file fingerprint library of the latest version or not before monitoring a file operation request triggered by a user, so that the file fingerprint library of the latest version is downloaded from a server side under the condition that the file fingerprint library is not the file fingerprint library of the latest version.
In an optional embodiment, the file fingerprint library indicates file fingerprints corresponding to one or more files to be protected, and the file fingerprints are generated at the service end based on the following steps: acquiring the file to be protected; performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected; and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
In an alternative embodiment, the server manages the file fingerprint repository based on any one or more of:
under the condition of adding a file to be protected, generating a file fingerprint corresponding to the file to be protected so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library;
under the condition of updating the file to be protected, generating a new file fingerprint aiming at the updated file to be protected so as to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library;
and under the condition of deleting the file to be protected, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
In an optional implementation manner, the file fingerprint library further indicates authority thresholds of one or more operation behaviors corresponding to the users, so as to search the authority thresholds of the operation behaviors corresponding to the users from the file fingerprint library according to user identifications;
the operational behavior includes any one or more of: the method comprises the steps of complete control, reading, opening, copying, cutting, pasting, sharing, transmitting, running, screen capturing and printing.
In an alternative embodiment, the server manages the file fingerprint repository based on any one or more of:
under the condition that users are added, correspondingly storing the user identification and the authority threshold value of the operation behavior corresponding to the users in the file fingerprint library;
under the condition of updating a user, updating the authority threshold of the operation behavior corresponding to the user in the file fingerprint library;
and under the condition of deleting the user, deleting the user identification and the authority threshold of the operation behavior corresponding to the user from the file fingerprint library.
In an optional implementation manner, the generating a file summary for the file to be operated includes:
performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated.
Fig. 5 illustrates an exemplary system architecture 500 to which the file management method or file management apparatus of an embodiment of the present invention may be applied.
As shown in fig. 5, the system architecture 500 may include terminal devices 501, 502, 503, a network 504, and a server 505. The network 504 serves to provide a medium for communication links between the terminal devices 501, 502, 503 and the server 505. Network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal devices 501, 502, 503 to interact with a server 505 over a network 504 to receive or send messages or the like. The terminal devices 501, 502, 503 may have various communication client applications installed thereon, such as a shopping application, a web browser application, a search application, an instant messaging tool, a mailbox client, social platform software, and the like.
The terminal devices 501, 502, 503 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 505 may be a server that provides various services, such as a background management server that supports shopping websites browsed by users using the terminal devices 501, 502, 503. The background management server can analyze and process the received file fingerprint library acquisition request and the like, and feed back the processing result file fingerprint library to the terminal equipment.
It should be understood that the number of terminal devices, networks, and servers in fig. 5 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 6, a block diagram of a computer system 600 suitable for use with a terminal device implementing an embodiment of the invention is shown. The terminal device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 601.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes a transmitting unit (or "module"), an obtaining unit, a determining unit, and a first processing unit. The names of these modules do not constitute a limitation to the module itself in some cases, for example, the operation request listening module may also be described as a "module for listening to a file operation request triggered by a user".
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to comprise: monitoring a file operation request triggered by a user, wherein the file operation request indicates an operation behavior and a file to be operated; generating a file abstract aiming at the file to be operated so as to acquire a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected and calculating the file similarity of the file abstract and the file fingerprint; acquiring an authority threshold of the operation behavior corresponding to the user according to the user identification of the user; judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
According to the technical scheme of the embodiment of the invention, under the condition that a file operation request triggered by a user is monitored, a file abstract is generated aiming at a file to be operated, a file fingerprint similar to the file abstract is obtained from a file fingerprint library corresponding to the file to be protected, the file similarity between the file abstract and the file fingerprint is calculated, and the possibility that the file to be operated contains privacy information or sensitive information to be protected is determined; furthermore, by obtaining the permission threshold of the operation behavior corresponding to the user and comparing the file similarity with the permission threshold, whether the user can operate the file to be operated which may contain privacy information or sensitive information is determined, that is, the operation permission of the user on the operation file can be flexibly determined based on the content of the file to be operated, thereby realizing the dynamic management of the file operation permission.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (16)

1. A file management method, comprising:
monitoring a file operation request triggered by a user, wherein the file operation request indicates an operation behavior and a file to be operated;
generating a file abstract aiming at the file to be operated so as to acquire a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected and calculating the file similarity of the file abstract and the file fingerprint;
acquiring an authority threshold of the operation behavior corresponding to the user according to the user identification of the user;
judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
2. The file management method according to claim 1, further comprising:
before monitoring a file operation request triggered by a user, judging whether the file fingerprint library is the latest version of the file fingerprint library, and downloading the latest version of the file fingerprint library from a server side under the condition that the file fingerprint library is not the latest version of the file fingerprint library.
3. The file management method according to claim 2,
the file fingerprint library indicates file fingerprints corresponding to one or more files to be protected, and the file fingerprints are generated at the service end based on the following steps:
acquiring the file to be protected;
performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
4. The file management method according to claim 3, further comprising:
the server manages the file fingerprint library based on any one or more of the following:
under the condition of adding a file to be protected, generating a file fingerprint corresponding to the file to be protected so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library;
under the condition of updating the file to be protected, generating a new file fingerprint aiming at the updated file to be protected so as to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library;
and under the condition of deleting the file to be protected, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
5. The file management method according to claim 2,
the file fingerprint library also indicates authority thresholds of one or more operation behaviors corresponding to the users, so that the authority thresholds of the operation behaviors corresponding to the users are searched from the file fingerprint library according to user identifications;
the operational behavior includes any one or more of: the method comprises the steps of complete control, reading, opening, copying, cutting, pasting, sharing, transmitting, running, screen capturing and printing.
6. The file management method according to claim 5, further comprising:
the server manages the file fingerprint library based on any one or more of the following:
under the condition that users are added, correspondingly storing the user identification and the authority threshold value of the operation behavior corresponding to the users in the file fingerprint library;
under the condition of updating a user, updating the authority threshold of the operation behavior corresponding to the user in the file fingerprint library;
and under the condition of deleting the user, deleting the user identification and the authority threshold of the operation behavior corresponding to the user from the file fingerprint library.
7. The file management method according to claim 1, wherein the generating a file digest for the file to be operated includes:
performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated.
8. A file management apparatus, characterized by comprising: the system comprises an operation request monitoring module, a file abstract generating module, an authority threshold acquiring module and an operation behavior control module; wherein the content of the first and second substances,
the operation request monitoring module is used for monitoring a file operation request triggered by a user, wherein the file operation request indicates an operation behavior and a file to be operated;
the file abstract generating module is used for generating a file abstract aiming at the file to be operated so as to acquire a file fingerprint similar to the file abstract from a file fingerprint library corresponding to the file to be protected and calculate the file similarity between the file abstract and the file fingerprint;
the permission threshold acquisition module is used for acquiring a permission threshold of the operation behavior corresponding to the user according to the user identification of the user;
the operation behavior control module is used for judging whether the file similarity is smaller than the permission threshold value: if the operation behavior is smaller than the preset operation behavior, allowing the user to perform the operation behavior on the file to be operated; and if not, not allowing the user to perform the operation behavior on the file to be operated.
9. The file management apparatus according to claim 8, further comprising: a file fingerprint database acquisition module; wherein the content of the first and second substances,
the file fingerprint library acquisition module is used for judging whether the file fingerprint library is the file fingerprint library of the latest version or not before monitoring a file operation request triggered by a user, so that the file fingerprint library of the latest version is downloaded from a server side under the condition that the file fingerprint library is not the file fingerprint library of the latest version.
10. The file management apparatus according to claim 9,
the file fingerprint library indicates file fingerprints corresponding to one or more files to be protected, and the file fingerprints are generated at the service end based on the following steps:
acquiring the file to be protected;
performing word segmentation processing on the file to be protected to obtain a word segmentation set corresponding to the file to be protected;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file fingerprint corresponding to the file to be protected.
11. The file management apparatus according to claim 10,
the server manages the file fingerprint library based on any one or more of the following:
under the condition of adding a file to be protected, generating a file fingerprint corresponding to the file to be protected so as to add the file fingerprint corresponding to the file to be protected in the file fingerprint library;
under the condition of updating the file to be protected, generating a new file fingerprint aiming at the updated file to be protected so as to replace the file fingerprint corresponding to the file to be protected before updating in the file fingerprint library;
and under the condition of deleting the file to be protected, deleting the file fingerprint corresponding to the file to be protected from the file fingerprint library.
12. The file management apparatus according to claim 9,
the file fingerprint library also indicates authority thresholds of one or more operation behaviors corresponding to the users, so that the authority thresholds of the operation behaviors corresponding to the users are searched from the file fingerprint library according to user identifications;
the operational behavior includes any one or more of: the method comprises the steps of complete control, reading, opening, copying, cutting, pasting, sharing, transmitting, running, screen capturing and printing.
13. The file management apparatus according to claim 12,
the server manages the file fingerprint library based on any one or more of the following:
under the condition that users are added, correspondingly storing the user identification and the authority threshold value of the operation behavior corresponding to the users in the file fingerprint library;
under the condition of updating a user, updating the authority threshold of the operation behavior corresponding to the user in the file fingerprint library;
and under the condition of deleting the user, deleting the user identification and the authority threshold of the operation behavior corresponding to the user from the file fingerprint library.
14. The apparatus for file management according to claim 8, wherein the generating a file summary for the file to be operated comprises:
performing word segmentation processing on the file to be operated to obtain a word segmentation set corresponding to the file to be operated;
and carrying out hash operation on the word segmentation set based on a hash algorithm to generate a file digest corresponding to the file to be operated.
15. An electronic device for file management, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-7.
16. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-7.
CN202110443821.2A 2021-04-23 2021-04-23 File management method and device Pending CN113094332A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110443821.2A CN113094332A (en) 2021-04-23 2021-04-23 File management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110443821.2A CN113094332A (en) 2021-04-23 2021-04-23 File management method and device

Publications (1)

Publication Number Publication Date
CN113094332A true CN113094332A (en) 2021-07-09

Family

ID=76679646

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110443821.2A Pending CN113094332A (en) 2021-04-23 2021-04-23 File management method and device

Country Status (1)

Country Link
CN (1) CN113094332A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503586A (en) * 2016-11-18 2017-03-15 北京奇虎科技有限公司 A kind of method for processing application file and mobile communication terminal
CN108509533A (en) * 2018-03-15 2018-09-07 平安科技(深圳)有限公司 Control method, device, equipment and the computer storage media of screenshotss sharing files
CN108614882A (en) * 2018-04-28 2018-10-02 深圳市市政设计研究院有限公司 A kind of file management method and system based on server
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN112182604A (en) * 2020-09-23 2021-01-05 恒安嘉新(北京)科技股份公司 File detection system and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106503586A (en) * 2016-11-18 2017-03-15 北京奇虎科技有限公司 A kind of method for processing application file and mobile communication terminal
CN108509533A (en) * 2018-03-15 2018-09-07 平安科技(深圳)有限公司 Control method, device, equipment and the computer storage media of screenshotss sharing files
CN108614882A (en) * 2018-04-28 2018-10-02 深圳市市政设计研究院有限公司 A kind of file management method and system based on server
CN109598117A (en) * 2018-10-24 2019-04-09 平安科技(深圳)有限公司 Right management method, device, electronic equipment and storage medium
CN112182604A (en) * 2020-09-23 2021-01-05 恒安嘉新(北京)科技股份公司 File detection system and method

Similar Documents

Publication Publication Date Title
CN109522751B (en) Access right control method and device, electronic equipment and computer readable medium
CN111563015B (en) Data monitoring method and device, computer readable medium and terminal equipment
CN111259282A (en) URL duplicate removal method and device, electronic equipment and computer readable storage medium
CN110795315A (en) Method and device for monitoring service
CN112436943B (en) Request deduplication method, device, equipment and storage medium based on big data
CN112182112A (en) Block chain based distributed data dynamic storage method and electronic equipment
CN111783140A (en) Request response method and device, electronic equipment and computer readable storage medium
CN116775167A (en) Service processing method, device, electronic equipment and computer readable medium
CN112948138A (en) Method and device for processing message
CN115495740A (en) Virus detection method and device
CN116028917A (en) Authority detection method and device, storage medium and electronic equipment
CN113094332A (en) File management method and device
CN111190858B (en) Method, device, equipment and storage medium for storing software information
CN109087097B (en) Method and device for updating same identifier of chain code
CN111737218A (en) File sharing method and device
CN113282455A (en) Monitoring processing method and device
CN109657481B (en) Data management method and device
CN113704222A (en) Method and device for processing service request
CN110659476A (en) Method and apparatus for resetting password
CN110750410B (en) Method and device for monitoring database logs
CN113449314B (en) Data processing method and device
CN110262756B (en) Method and device for caching data
CN113221157B (en) Equipment upgrading method and device
CN110874302A (en) Method and device for determining buried point configuration information
CN115981910B (en) Method, apparatus, electronic device and computer readable medium for processing exception request

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination