CN113282901A - File protection method, device, system, medium and electronic equipment - Google Patents

File protection method, device, system, medium and electronic equipment Download PDF

Info

Publication number
CN113282901A
CN113282901A CN202110841572.2A CN202110841572A CN113282901A CN 113282901 A CN113282901 A CN 113282901A CN 202110841572 A CN202110841572 A CN 202110841572A CN 113282901 A CN113282901 A CN 113282901A
Authority
CN
China
Prior art keywords
file
user
determining
authority
document
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110841572.2A
Other languages
Chinese (zh)
Inventor
刘伟
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
AVIC INTERNATIONAL E-BUSINESS Inc
Original Assignee
AVIC INTERNATIONAL E-BUSINESS Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AVIC INTERNATIONAL E-BUSINESS Inc filed Critical AVIC INTERNATIONAL E-BUSINESS Inc
Priority to CN202110841572.2A priority Critical patent/CN113282901A/en
Publication of CN113282901A publication Critical patent/CN113282901A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/121Restricting unauthorised execution of programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a file protection method, a file protection device, a file protection system, a computer readable medium and electronic equipment. The method comprises the following steps: when the file is detected to be used, acquiring the biological characteristics of a file user using the file; determining identity information of the file user according to the biological characteristics; determining the authority of the file user to use the file based on the identity information; and executing an instruction for forbidding the file user to use the file when the file user does not have the right to use the file. The technical scheme of the embodiment of the application can improve the safety of the file when the file is used.

Description

File protection method, device, system, medium and electronic equipment
Technical Field
The present application relates to the field of computer and file protection technologies, and in particular, to a file protection method, apparatus, system, computer readable medium, and electronic device.
Background
At present, files basically exist in the form of electronic files, and with the rapid development of networks and the popularization of computers and mobile terminals, whether electronic files are safe or not is more and more concerned by enterprises and social circles. In the prior art, the control of the file use permission is usually realized based on the file password, however, the file protection mode can only protect the file at the beginning of the file being opened, and the file cannot be protected in real time in the continuous process of the file being used, and the file protection quality is not high. Based on this, how to improve the security of the file when being used is a technical problem to be solved urgently.
Disclosure of Invention
Embodiments of the present application provide a file protection method, apparatus, system, computer program product or computer program, computer readable medium, and electronic device, so that security of a file when used can be improved at least to a certain extent.
Other features and advantages of the present application will be apparent from the following detailed description, or may be learned by practice of the application.
According to an aspect of an embodiment of the present application, there is provided a file protection method, including: when the file is detected to be used, acquiring the biological characteristics of a file user using the file; determining identity information of the file user according to the biological characteristics; determining the authority of the file user to use the file based on the identity information; and executing an instruction for forbidding the file user to use the file when the file user does not have the right to use the file.
According to an aspect of an embodiment of the present application, there is provided a file protection apparatus, including: a first acquisition unit configured to acquire a biometric feature of a document user who uses a document when it is detected that the document is used; a first determination unit for determining the identity information of the document user by the biological feature; a second determination unit, configured to determine, based on the identity information, a right of the file user to use the file; and the execution unit is used for executing the instruction for forbidding the file user to use the file when the file user does not have the right to use the file.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit is configured to: determining the validity of the identity of the file user based on the identity information; and when the identity of the file user is illegal, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit is further configured to: when the identity of the file user is legal, determining all use items allowing the file user to use the file based on the identity information; determining actual usage items of the document when used by the document user; and when the actual use item does not belong to all the use items, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit is further configured to: when the actual use item belongs to the all use item, acquiring the geographic position of the file when the file is used and the geographic area of the file allowed to be used; determining the authority of the file user to use the file based on the position relation between the geographic position and the geographic area; and when the geographic position is outside the geographic area, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing scheme, the geographic area includes a plurality of sub-areas, wherein each sub-area is associated with an associated use item allowing the document user to use the document, and the second determination unit is further configured to: when the geographic position is located in the geographic area, determining a sub-area to which the geographic position belongs as a target sub-area; determining an associated usage item associated with the target sub-region; and when the actual use item does not belong to the associated use item associated with the target sub-area, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing solution, when the geographic location is within the geographic area, the second determining unit is further configured to: determining the identity authority level of the file user, wherein the identity authority level is used for representing the authority openness degree of the file user for using the file; calculating a first authority index according to the identity authority level, wherein the first authority index is positively correlated with the authority openness degree of the file; and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the first authority index is smaller than the security threshold.
In some embodiments of the present application, based on the foregoing solution, when the geographic location is within the geographic area, the second determining unit is further configured to: determining a region permission level of the target sub-region, wherein the region permission level is used for representing the permission openness degree of using the file geographically; calculating a second permission index according to the regional permission level, wherein the second permission index is positively correlated with the permission openness degree of the file; and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the second authority index is smaller than the security threshold.
In some embodiments of the present application, based on the foregoing solution, when the geographic location is within the geographic area, the second determining unit is further configured to: determining a region permission level of the target sub-region, wherein the region permission level is used for representing the permission openness degree of using the file geographically; determining the identity authority level of the file user, wherein the identity authority level is used for representing the authority openness degree of the file user for using the file; calculating a third permission index based on the identity permission level and the region permission level, wherein the third permission index is positively correlated with the comprehensive permission openness degree of the used file; and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the third authority index is smaller than the security threshold.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit is further configured to: and determining the security threshold value according to the security level of the file, wherein the security threshold value of the file is positively correlated with the security level.
In some embodiments of the present application, based on the foregoing scheme, the file corresponds to a plurality of usage items, wherein each usage item corresponds to an item safety threshold, and the second determining unit is further configured to: acquiring actual use items of the file when the file is used by a file user; and determining the item safety threshold corresponding to the actual use item as the safety threshold of the file.
In some embodiments of the present application, based on the foregoing scheme, the second obtaining unit is configured to obtain an environmental parameter of an application environment where the file is located; a third determining unit, configured to determine the validity of the application environment according to the environment parameter; and the destroying unit is used for destroying the file when the application environment is illegal.
According to an aspect of an embodiment of the present application, there is provided a file protection system, including: the server stores a computer program, and the computer program comprises computer instructions; at least one terminal, where the terminal is configured to obtain the computer program sent by the server, and store the computer instruction in the computer program in a readable storage medium of the terminal, and a processor of the terminal reads the computer instruction from the readable storage medium, and the processor executes the computer instruction, so that the terminal executes the file protection method in the foregoing embodiment.
According to an aspect of embodiments herein, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute the file protection method described in the above embodiments.
According to an aspect of embodiments of the present application, there is provided a computer-readable medium on which a computer program is stored, the computer program, when executed by a processor, implementing a file protection method as described in the above embodiments.
According to an aspect of an embodiment of the present application, there is provided an electronic device including: one or more processors; storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the file protection method as described in the above embodiments.
In some embodiments of the present application, by detecting that a file is used, firstly, the biological characteristics of a file user using the file are obtained, and the identity information of the file user is determined through the biological characteristics, then, based on the identity information, the authority of the file user for using the file is determined, executing an instruction for prohibiting the file user from using the file when the file user does not have the right to use the file, the identity information of the file user is determined through the biological characteristics of the file user, so that the accuracy of the identity information of the user can be ensured, and whether the file user has the authority to use the file or not can be accurately judged through the accuracy of the identity information of the user, so that the safety of the file when being used can be improved, and the file protection quality is improved.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the application.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present application and together with the description, serve to explain the principles of the application. It is obvious that the drawings in the following description are only some embodiments of the application, and that for a person skilled in the art, other drawings can be derived from them without inventive effort. In the drawings:
FIG. 1 shows a schematic diagram of an exemplary system architecture to which aspects of embodiments of the present application may be applied;
FIG. 2 shows a flow diagram of a file protection method according to one embodiment of the present application;
FIG. 3 illustrates a flow chart for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 4 illustrates a model diagram for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 5 illustrates a further flowchart for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 6 illustrates another model diagram for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 7 illustrates a further flowchart for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 8 illustrates another model diagram for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 9 illustrates a further flowchart for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 10 illustrates a further flowchart for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 11 illustrates a further flowchart for determining the rights of a user of the document to use the document according to one embodiment of the present application;
FIG. 12 illustrates an overall flow diagram of a file protection method according to one embodiment of the present application;
FIG. 13 shows a block diagram of a file protection apparatus according to one embodiment of the present application;
FIG. 14 depicts a model diagram of a file protection system, according to an embodiment of the present application;
FIG. 15 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art.
Furthermore, the described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments. In the following description, numerous specific details are provided to give a thorough understanding of embodiments of the application. One skilled in the relevant art will recognize, however, that the subject matter of the present application can be practiced without one or more of the specific details, or with other methods, components, devices, steps, and so forth. In other instances, well-known methods, devices, implementations, or operations have not been shown or described in detail to avoid obscuring aspects of the application.
The block diagrams shown in the figures are functional entities only and do not necessarily correspond to physically separate entities. I.e. these functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor means and/or microcontroller means.
The flow charts shown in the drawings are merely illustrative and do not necessarily include all of the contents and operations/steps, nor do they necessarily have to be performed in the order described. For example, some operations/steps may be decomposed, and some operations/steps may be combined or partially combined, so that the actual execution sequence may be changed according to the actual situation.
It should be noted that: reference herein to "a plurality" means two or more. "and/or" describe the association relationship of the associated objects, meaning that there may be three relationships, e.g., A and/or B may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
It is noted that the terms first, second and the like in the description and claims of the present application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the objects so used are interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in other sequences than those illustrated or described herein.
Fig. 1 shows a schematic diagram of an exemplary system architecture to which the technical solution of the embodiments of the present application can be applied.
As shown in fig. 1, the system architecture may include a terminal device (such as one or more of the smartphone 101, tablet 102, and portable computer 103 shown in fig. 1), a network 104, and a server 105. The network 104 serves as a medium for providing communication links between terminal devices and the server 105. Network 104 may include various connection types, such as wired communication links, wireless communication links, and so forth.
In an embodiment of the present application, when detecting that a file is used, a terminal device may obtain a biometric feature of a file user using the file, and determine, in the server 105, identity information of the file user through the biometric feature, and then determine, based on the identity information, an authority of the file user to use the file, and when the file user does not have the authority to use the file, the terminal device executes an instruction to prohibit the file user from using the file.
In the present application, the terminal device obtains the biological characteristics of the document user, and determines the identity information of the document user according to the biological characteristics, which can be realized by the artificial intelligence technology, that is, the completely automatic processing of data (such as the biological characteristic data of the document user) is realized by the artificial intelligence. Artificial Intelligence (AI) is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human Intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain the best results. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making.
In the application, the identity information of the file user is determined through the biological characteristics of the file user, so that the accuracy of the identity information of the user can be ensured, whether the file user has the authority to use the file or not can be accurately judged through the accuracy of the identity information of the user, and the safety of the file when the file is used can be improved.
It should be noted that the file protection method provided in the embodiment of the present application may be executed by a terminal device, and accordingly, the file protection apparatus is generally disposed in the terminal device. However, in other embodiments of the present application, the server 105 may also have similar functions as the terminal device, so as to execute the file protection scheme provided by the embodiments of the present application.
The implementation details of the technical solution of the embodiment of the present application are set forth in detail below:
fig. 2 shows a flowchart of a file protection method according to an embodiment of the present application, which may be performed by a device having a computing processing function, such as the terminal device shown in fig. 1. Referring to fig. 2, the file protection method at least includes steps 210 to 240, which are described in detail as follows:
in step 210, upon detecting that a document is used, a biometric characteristic of a user of the document using the document is obtained.
In the present application, the file may include electronic data files such as a text file, an audio file, a video file, a drawing file, a program file, and the like, which can be read by a computer. When a computer device (including a physical device and a virtual device) detects that an electronic data file is used, a biometric characteristic of a file user can be acquired by a biometric characteristic acquisition device (such as a camera device, a sound acquisition device, a fingerprint acquisition device and the like). It should be understood that the biometric features may include one or a combination of more of human face, fingerprint, voice print, and the like.
In step 220, identity information of the user of the document is determined from the biometric features.
In the present application, a correspondence between the biometric characteristic of the document user and the identity information of the document user may be established in advance, and after the biometric characteristic information of the document user is obtained, the identity information of the document user may be determined based on the correspondence.
In step 230, the authority of the file user to use the file is determined based on the identity information.
In an embodiment of the present application, determining the authority of the file user to use the file based on the identity information may specifically be implemented according to the following scheme:
firstly, the legality of the identity of the file user is determined based on the identity information.
Specifically, the identity information of the file user may be authorized and stored in advance, for example, the identity information of the file user who can use the file may be acquired and stored in the database, after the identity information of the file user is determined by the biometric features of the file user, whether the determined identity information of the file user exists is searched in the database, and if the determined identity information of the file user does not exist, the identity of the file user is not legal.
And when the identity of the file user is illegal, the file user can be determined not to have the authority of using the file.
In one embodiment of the present application, determining the authority of the document user to use the document based on the identity information may be further performed according to the steps shown in fig. 3.
Referring to FIG. 3, a flow chart for determining the rights of a user of the document to use the document is shown, according to one embodiment of the present application. Specifically, the method comprises steps 310 to 330:
in step 310, when the identity of the document user is legal, all use items allowing the document user to use the document are determined based on the identity information.
In step 320, the actual usage items of the document when used by the document user are determined.
In step 330, it is determined that the file user does not have the right to use the file when the actual usage item does not belong to the all usage items.
In order to better understand the present embodiment, the following description will be given with reference to fig. 4.
Referring to FIG. 4, a model diagram of determining the authority of the document user to use the document is shown according to an embodiment of the present application.
As shown in fig. 4, a file 401 corresponds to a plurality of use items 402, for example, use item 1, use item 2, use item 3, use item 4, and use item 5.
It should be noted that the use item herein refers to a use mode or a use form for a file, for example, a browsing file belongs to a use item, a modification file also belongs to a use item, a forwarding file, a copying file, and the like all belong to a use item of a file.
For each document user, there are one or more allowed usage items, and the allowed usage items for each document user may be different, e.g., in a company, higher level managers may be allowed more usage items, while base level employees may be allowed less usage items.
In fig. 4, taking user B403 as an example, the file usage items allowed to be used by user B include usage item 1, usage item 4, and usage item 5, so that all usage items allowed to use the file for user B include usage item 1, usage item 4, and usage item 5, and if the actual usage item of the file when used by user B is usage item 2, it is determined that user B does not have the right to use the file because usage item 2 does not belong to all usage items allowed to use the file for user B.
The method for determining the authority of the file user to use the file has the advantages that the file can be protected finely, and meanwhile accuracy and efficiency of file protection are improved.
In one embodiment of the present application, determining the authority of the document user to use the document based on the identity information may be further performed according to the steps shown in fig. 5.
Referring to FIG. 5, a further flow chart for determining the rights of the document user to use the document according to one embodiment of the present application is shown. Specifically, the method comprises steps 410 to 420:
in step 410, when the actual usage item belongs to the all usage item, the geographic location of the file when it is used and the geographic area in which the file is allowed to be used are obtained.
In step 420, the authority of the file user to use the file is determined based on the position relationship between the geographic position and the geographic area.
In step 430, when the geographic location is outside the geographic area, it is determined that the file user does not have the right to use the file.
In the application, the geographic position of the file when the file is used can be obtained through a GPS positioning system, the geographic position of the file when the file is used can be obtained through a Beidou positioning system, and the geographic position of the file when the file is used can also be obtained through the positioning of a communication base station.
In order to better understand the present embodiment, the following description will be given with reference to fig. 6.
Referring to FIG. 6, another model diagram for determining the authority of the user of the document to use the document is shown according to one embodiment of the present application.
As shown in fig. 6, the file 601 corresponds to a plurality of use items 602, for example, use item 1, use item 2, use item 3, use item 4, and use item 5.
In fig. 6, taking user a603 as an example, when the geographical location of user a when using the file is outside the geographical area 604, the user a does not have the right to use the file, and when the geographical location of user a when using the file is inside the geographical area 604, the user a has the right to use the file.
In the embodiment, the management of the file use authority is realized by considering the factors of the geographic position, so that the safety problem caused by file loss and transmission can be effectively prevented, and the file protection quality is improved.
In an embodiment of the present application, the geographic area may further include a plurality of sub-areas, where each sub-area is associated with an associated use item allowing the document user to use the document, and the determining, based on the identity information, the right of the document user to use the document may be further performed according to the steps shown in fig. 7.
Referring to FIG. 7, a further flow chart for determining the rights of a user of the document to use the document is shown, according to one embodiment of the present application. Specifically, the method comprises steps 510 to 530:
in step 510, when the geographic location is within the geographic area, a sub-area to which the geographic location belongs is determined as a target sub-area.
In step 520, an associated usage item associated with the target sub-region is determined.
In step 530, when the actual usage item does not belong to the associated usage item associated with the target sub-area, it is determined that the file user does not have the right to use the file.
In order to better understand the present embodiment, the following description will be given with reference to fig. 8.
Referring to FIG. 8, another model diagram for determining the authority of the user of the document to use the document is shown according to one embodiment of the present application.
As shown in fig. 8, a file 801 corresponds to a plurality of use items 802, for example, use item 1, use item 2, use item 3, use item 4, and use item 5.
The geographic area 804 includes a plurality of sub-areas, such as sub-area a, sub-area B, and sub-area C, wherein each sub-area corresponds to an associated use item that allows the document user to use the document.
Taking user B803 as an example, the related usage items in sub-area a include usage item 1, usage item 4, and usage item 5. The associated use items corresponding to the sub-area B include use item 1, use item 2, use item 3, use item 4, and use item 5. Its associated usage items in sub-area C include usage item 2 and usage item 4.
When the target sub-region is the sub-region a, the associated use items include use item 1, use item 4 and use item 5, and if the actual use item of the file used by the user B is use item 2, it is determined that the user B does not have the right to use the file because the use item 2 does not belong to the associated use item.
The method in the embodiment is used for determining the authority of the file user for using the file, and has the advantages that the file can be further protected finely, and the accuracy and the efficiency of file protection are improved. Meanwhile, the management of the file use authority is realized by considering the difference of different geographical sub-areas, and the safety problem caused by file loss and transmission can be further effectively prevented, so that the file protection quality is improved.
In an embodiment of the present application, when the geographic location is within the geographic area, determining the authority of the document user to use the document based on the identity information may be further performed according to the steps shown in fig. 9.
Referring to FIG. 9, a further flow chart for determining the rights of a user of the document to use the document is shown, according to one embodiment of the present application. Specifically, the method comprises steps 610 to 630:
in step 610, an identity authority level of the document user is determined, wherein the identity authority level is used for representing the authority openness degree of the document user for using the document.
In step 620, a first permission index is calculated according to the identity permission level, wherein the first permission index is positively correlated with the permission openness degree of using the file.
In step 630, a security threshold of the document is determined, and when the first permission index is smaller than the security threshold, it is determined that the user of the document does not have permission to use the document.
Specifically, for example, the permission level of the identity is divided into 5 levels, the permission level of the identity of the file user a is configured to be 3, and the permission level of the identity of the file user B is configured to be 5, the first permission index of the file user a may be 60 points, the first permission index of the file user B may be 100 points, if the security threshold of the file is set to be 80 points, the file user a has the permission to use the file, and the file user B does not have the permission to use the file.
In the embodiment, the authority of the file user is quantified, so that the authority of the file user allowed to use the file can be accurately grasped, the refinement degree of file protection can be improved, and the file protection quality and efficiency can be improved.
In an embodiment of the present application, when the geographic location is within the geographic area, determining the authority of the document user to use the document based on the identity information may be further performed according to the steps shown in fig. 10.
Referring to FIG. 10, a further flow chart for determining the rights of a user of the document to use the document is shown, according to one embodiment of the present application. Specifically, the method comprises steps 710 to 730:
in step 710, a regional permission level of the target sub-region is determined, wherein the regional permission level is used for representing the opening degree of the permission to use the file geographically.
In step 720, a second permission index is calculated according to the region permission level, wherein the second permission index is positively correlated with the permission openness degree of the file.
In step 730, a security threshold of the document is determined, and when the second permission index is smaller than the security threshold, it is determined that the document user does not have permission to use the document.
Specifically, for example, the region permission level of the target sub-region is divided into 5 levels, the region permission level of the target sub-region a is configured to be 3, and the region permission level of the target sub-region B is configured to be 5, the second permission index of the target sub-region a may be 60 points, the second permission index of the target sub-region B may be 100 points, if the security threshold of the file is set to be 80 points, the file user in the target sub-region a has permission to use the file, and the file user in the target sub-region B does not have permission to use the file.
In the embodiment, the regional authorities of the sub-regions are quantized, so that the authority of file users in different geographic regions for using the files can be accurately grasped, the refinement degree of file protection can be improved, meanwhile, the safety problem caused by file loss and propagation is effectively prevented, and the quality and the efficiency of file protection are improved.
In an embodiment of the present application, when the geographic location is within the geographic area, determining the authority of the document user to use the document based on the identity information may be further performed according to the steps shown in fig. 11.
Referring to FIG. 11, a further flow chart for determining the rights of a user of the document to use the document is shown, according to one embodiment of the present application. Specifically, the method comprises steps 810 to 840:
in step 810, a regional permission level of the target sub-region is determined, wherein the regional permission level is used for representing the opening degree of the permission for using the file geographically.
In step 820, the identity authority level of the file user is determined, and the identity authority level is used for representing the authority openness degree of the file user for using the file.
In step 830, a third permission index is calculated based on the identity permission level and the region permission level, where the third permission index is positively correlated with the comprehensive permission openness of the file.
In step 840, a security threshold of the document is determined, and when the third permission index is smaller than the security threshold, it is determined that the user of the document does not have permission to use the document.
Specifically, for example, the identity permission level is divided into 5 levels, the identity permission level of the file user a is configured to be 3, the identity permission level of the file user B is configured to be 5, the region permission level of the target sub-region is divided into 5 levels, the region permission level of the target sub-region a is configured to be 3, and the region permission level of the target sub-region B is configured to be 5.
Then, the third permission index of the file user a in the target sub-area a may be 9 points, and the third permission index of the file user B in the target sub-area B may be 25 points, and if the security threshold of the file is set to 15 points, the file user a does not have permission to use the file in the target sub-area a, and the file user B has permission to use the file in the target sub-area B.
In the embodiment, by comprehensively quantizing the authority of the file user and the regional authority of the sub-region, the authority of the file user allowed to use the file can be accurately grasped, the refinement degree of file protection is improved, the safety problem caused by file loss and propagation can be effectively prevented, and the file protection quality and efficiency are further improved.
In the embodiments shown in fig. 9, 10 and 11, the security threshold of the file may be determined as follows: that is, the security threshold is determined by the security level of the file, wherein the security threshold of the file is positively correlated with the security level.
In the present application, the security threshold is determined by the security level of the file, so that personalized management of the permission of different files allowed to be used can be realized according to the importance degree of the file, for example, the permission openness degree of the important file is smaller than that of the unimportant file, and this has the advantage that the quality and efficiency of file protection can be improved.
In the embodiments shown in fig. 9, 10 and 11, the file may also correspond to a plurality of usage items, where each usage item corresponds to an item security threshold. Based on this, the security threshold of the file may be determined as follows: firstly, acquiring an actual use item of the file when the file is used by a file user, and then determining a project safety threshold corresponding to the actual use item as a safety threshold of the file.
In the application, different security thresholds are configured for different used items of the file, for example, a lower security threshold is configured for file browsing, and a lower security threshold is configured for file copying, which is beneficial in that the quality and efficiency of file protection can also be improved.
With continued reference to FIG. 2, in step 240, when the document user does not have the right to use the document, an instruction is executed to prohibit the document user from using the document.
In the present application, the prohibition of the file user from using the file may be prohibition of the file user from browsing the file, may be prohibition of the file user from copying the file, may be prohibition of the file user from modifying the file, may be prohibition of the file user from forwarding the file, or may be various combinations as described above.
Therefore, the instruction for prohibiting the document user from using the document can be set according to actual needs, and the application is not limited in detail here.
In one embodiment of the present application, the steps shown in fig. 12 may also be performed:
firstly, obtaining the environmental parameters of the application environment where the file is located, then determining the legality of the application environment through the environmental parameters, and finally destroying the file when the application environment is illegal.
In the application, the embodiment can effectively prevent the file from being abused when the file is lost, so that the file is destroyed when the application environment where the file is located is illegal, the file protection strength can be enhanced, and the file protection quality is improved.
In one embodiment of the present application, the file protection method may also be performed according to the steps shown in fig. 12.
Referring to FIG. 12, an overall flow diagram of a file protection method according to one embodiment of the present application is shown. Comprising steps 1201 to 1210:
step 1201, use of the file is started.
Step 1202, at the client, the biometric characteristic of the user is obtained.
Step 1203, at the client, performing use authority authentication through network communication and the server.
Step 1204, determine whether the authentication is successful, if not, go to step 1208.
And step 1205, acquiring the current geographic position information of the client at the client, and transmitting the current geographic position information to the server and the rule module of the client through network communication.
Step 1206, at the server, storing the received geographic location information and the operation information of the user.
Step 1207, at the server, the security rule calculation is performed according to the received geographic location information and the user biological characteristics.
In step 1208, at the client, it is determined whether to invoke the execution module according to the rule module, and if so, step 1209 is performed.
In step 1209, use of the file is prohibited or the file is destroyed.
Step 1210, end the use of the file.
In some embodiments of the present application, when it is detected that a document is used, a biometric feature of a document user using the document is first obtained, and identity information of the document user is determined according to the biometric feature, then, based on the identity information, the authority of the file user for using the file is determined, executing an instruction for prohibiting the file user from using the file when the file user does not have the right to use the file, the identity information of the file user is determined through the biological characteristics of the file user, so that the accuracy of the identity information of the user can be ensured, and whether the file user has the authority to use the file or not can be accurately judged through the accuracy of the identity information of the user, so that the safety of the file when being used can be improved, and the file protection quality is improved.
Embodiments of the apparatus of the present application are described below, which may be used to perform the file protection methods in the above-described embodiments of the present application. For details which are not disclosed in the embodiments of the apparatus of the present application, reference is made to the embodiments of the method of file protection described above in the present application.
FIG. 13 shows a block diagram of a file protection apparatus according to an embodiment of the present application.
Referring to fig. 13, a file protection apparatus 1300 according to an embodiment of the present application includes: a first obtaining unit 1301, a first determining unit 1302, a second determining unit 1303, and an executing unit 1304.
The first obtaining unit 1301 is used for obtaining the biological characteristics of a file user using a file when the file is detected to be used; a first determining unit 1302, configured to determine identity information of the document user according to the biometric feature; a second determining unit 1303, configured to determine, based on the identity information, a right of the file user to use the file; an executing unit 1304, configured to execute an instruction for prohibiting the file user from using the file when the file user does not have the right to use the file.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit 1303 is configured to: determining the validity of the identity of the file user based on the identity information; and when the identity of the file user is illegal, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit 1303 is further configured to: when the identity of the file user is legal, determining all use items allowing the file user to use the file based on the identity information; determining actual usage items of the document when used by the document user; and when the actual use item does not belong to all the use items, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit 1303 is further configured to: when the actual use item belongs to the all use item, acquiring the geographic position of the file when the file is used and the geographic area of the file allowed to be used; determining the authority of the file user to use the file based on the position relation between the geographic position and the geographic area; and when the geographic position is outside the geographic area, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing scheme, the geographic area includes a plurality of sub-areas, where each sub-area is associated with an associated use item allowing the document user to use the document, and the second determining unit 1303 is further configured to: when the geographic position is located in the geographic area, determining a sub-area to which the geographic position belongs as a target sub-area; determining an associated usage item associated with the target sub-region; and when the actual use item does not belong to the associated use item associated with the target sub-area, determining that the file user does not have the authority to use the file.
In some embodiments of the present application, based on the foregoing solution, when the geographic location is located within the geographic area, the second determining unit 1303 is further configured to: determining the identity authority level of the file user, wherein the identity authority level is used for representing the authority openness degree of the file user for using the file; calculating a first authority index according to the identity authority level, wherein the first authority index is positively correlated with the authority openness degree of the file; and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the first authority index is smaller than the security threshold.
In some embodiments of the present application, based on the foregoing solution, when the geographic location is located within the geographic area, the second determining unit 1303 is further configured to: determining a region permission level of the target sub-region, wherein the region permission level is used for representing the permission openness degree of using the file geographically; calculating a second permission index according to the regional permission level, wherein the second permission index is positively correlated with the permission openness degree of the file; and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the second authority index is smaller than the security threshold.
In some embodiments of the present application, based on the foregoing solution, when the geographic location is located within the geographic area, the second determining unit 1303 is further configured to: determining a region permission level of the target sub-region, wherein the region permission level is used for representing the permission openness degree of using the file geographically; determining the identity authority level of the file user, wherein the identity authority level is used for representing the authority openness degree of the file user for using the file; calculating a third permission index based on the identity permission level and the region permission level, wherein the third permission index is positively correlated with the comprehensive permission openness degree of the used file; and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the third authority index is smaller than the security threshold.
In some embodiments of the present application, based on the foregoing scheme, the second determining unit 1303 is further configured to: and determining the security threshold value according to the security level of the file, wherein the security threshold value of the file is positively correlated with the security level.
In some embodiments of the present application, based on the foregoing scheme, the file corresponds to a plurality of usage items, where each usage item corresponds to an item security threshold, and the second determining unit 1303 is further configured to: acquiring actual use items of the file when the file is used by a file user; and determining the item safety threshold corresponding to the actual use item as the safety threshold of the file.
In some embodiments of the present application, based on the foregoing scheme, the second obtaining unit is configured to obtain an environmental parameter of an application environment where the file is located; a third determining unit, configured to determine the validity of the application environment according to the environment parameter; and the destroying unit is used for destroying the file when the application environment is illegal.
The application also provides a file protection system, which comprises a server, wherein the server stores a computer program, and the computer program comprises computer instructions; the system further includes at least one terminal, where the terminal is configured to obtain the computer program sent by the server, and store the computer instruction in the computer program in a readable storage medium of the terminal, a processor of the terminal reads the computer instruction from the readable storage medium, and the processor executes the computer instruction, so that the terminal performs the file protection method in the foregoing embodiment
In particular, referring to FIG. 14, a model diagram of a file protection system is shown, according to one embodiment of the present application. In fig. 14, the server 1402 includes a rule module, a storage module, a processing module, an authentication module, a transmission module, and a permission module. Any one terminal comprises a transmission module, a positioning module, a monitoring module, a biological characteristic identification module, a rule module and an execution module.
FIG. 15 illustrates a schematic structural diagram of a computer system suitable for use in implementing the electronic device of an embodiment of the present application.
It should be noted that the computer system 1500 of the electronic device shown in fig. 15 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 15, the computer system 1500 includes a Central Processing Unit (CPU) 1501 which can perform various appropriate actions and processes, such as performing the methods described in the above embodiments, according to a program stored in a Read-Only Memory (ROM) 1502 or a program loaded from a storage portion 1508 into a Random Access Memory (RAM) 1503. In the RAM 1503, various programs and data necessary for system operation are also stored. The CPU 1501, the ROM 1502, and the RAM 1503 are connected to each other by a bus 1504. An Input/Output (I/O) interface 1505 is also connected to bus 1504.
The following components are connected to the I/O interface 1505: an input portion 1506 including a keyboard, a mouse, and the like; an output section 1507 including a Display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and a speaker; a storage portion 1508 including a hard disk and the like; and a communication section 1509 including a Network interface card such as a LAN (Local Area Network) card, a modem, or the like. The communication section 1509 performs communication processing via a network such as the internet. A drive 1510 is also connected to the I/O interface 1505 as needed. A removable medium 1511 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 1510 as necessary, so that a computer program read out therefrom is installed into the storage section 1508 as necessary.
In particular, according to embodiments of the application, the processes described above with reference to the flow diagrams may be implemented as computer software programs. For example, embodiments of the present application include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated by the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 1509, and/or installed from the removable medium 1511. When the computer program is executed by a Central Processing Unit (CPU) 1501, various functions defined in the system of the present application are executed.
It should be noted that the computer readable medium shown in the embodiments of the present application may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a Read-Only Memory (ROM), an Erasable Programmable Read-Only Memory (EPROM), a flash Memory, an optical fiber, a portable Compact Disc Read-Only Memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. Each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units described in the embodiments of the present application may be implemented by software, or may be implemented by hardware, and the described units may also be disposed in a processor. Wherein the names of the elements do not in some way constitute a limitation on the elements themselves.
As another aspect, the present application also provides a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to execute the file protection method described in the above embodiments.
As another aspect, the present application also provides a computer-readable medium, which may be contained in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable medium carries one or more programs which, when executed by the electronic device, cause the electronic device to implement the file protection method described in the above embodiments.
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the application. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present application can be embodied in the form of a software product, which can be stored in a non-volatile storage medium (which can be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which can be a personal computer, a server, a touch terminal, or a network device, etc.) to execute the method according to the embodiments of the present application.
Other embodiments of the present application will be apparent to those skilled in the art from consideration of the specification and practice of the embodiments disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the application and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains.
It will be understood that the present application is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the application is limited only by the appended claims.

Claims (13)

1. A method of file protection, the method comprising:
when the file is detected to be used, acquiring the biological characteristics of a file user using the file;
determining identity information of the file user according to the biological characteristics;
determining the validity of the identity of the file user based on the identity information;
when the identity of the file user is illegal, determining that the file user does not have the authority to use the file;
when the identity of the file user is legal, determining all use items allowing the file user to use the file based on the identity information;
determining actual usage items of the document when used by the document user;
when the actual use item does not belong to all the use items, determining that the file user does not have the authority to use the file;
and executing an instruction for forbidding the file user to use the file when the file user does not have the right to use the file.
2. The method of claim 1, further comprising:
when the actual use item belongs to the all use item, acquiring the geographic position of the file when the file is used and the geographic area of the file allowed to be used;
determining the authority of the file user to use the file based on the position relation between the geographic position and the geographic area;
and when the geographic position is outside the geographic area, determining that the file user does not have the authority to use the file.
3. The method of claim 2, wherein the geographic region comprises a plurality of sub-regions, wherein each sub-region is associated with an associated use item that allows the user of the document to use the document, the method further comprising:
when the geographic position is located in the geographic area, determining a sub-area to which the geographic position belongs as a target sub-area;
determining an associated usage item associated with the target sub-region;
and when the actual use item does not belong to the associated use item associated with the target sub-area, determining that the file user does not have the authority to use the file.
4. The method of claim 2, wherein when the geographic location is within the geographic region, the method further comprises:
determining the identity authority level of the file user, wherein the identity authority level is used for representing the authority openness degree of the file user for using the file;
calculating a first authority index according to the identity authority level, wherein the first authority index is positively correlated with the authority openness degree of the file;
and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the first authority index is smaller than the security threshold.
5. The method of claim 3, wherein when the geographic location is within the geographic region, the method further comprises:
determining a region permission level of the target sub-region, wherein the region permission level is used for representing the permission openness degree of using the file geographically;
calculating a second permission index according to the regional permission level, wherein the second permission index is positively correlated with the permission openness degree of the file;
and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the second authority index is smaller than the security threshold.
6. The method of claim 3, wherein when the geographic location is within the geographic region, the method further comprises:
determining a region permission level of the target sub-region, wherein the region permission level is used for representing the permission openness degree of using the file geographically;
determining the identity authority level of the file user, wherein the identity authority level is used for representing the authority openness degree of the file user for using the file;
calculating a third permission index based on the identity permission level and the region permission level, wherein the third permission index is positively correlated with the comprehensive permission openness degree of the used file;
and determining a security threshold of the file, and determining that the file user does not have the authority to use the file when the third authority index is smaller than the security threshold.
7. The method of any of claims 4 to 6, wherein determining the security threshold for the document comprises:
and determining the security threshold value according to the security level of the file, wherein the security threshold value of the file is positively correlated with the security level.
8. The method of any one of claims 4 to 6, wherein the file corresponds to a plurality of usage items, wherein each usage item corresponds to an item security threshold, and wherein determining the security threshold of the file comprises:
acquiring actual use items of the file when the file is used by a file user;
and determining the item safety threshold corresponding to the actual use item as the safety threshold of the file.
9. The method of claim 1, further comprising:
acquiring environmental parameters of an application environment where the file is located;
determining the legality of the application environment through the environment parameters;
and destroying the file when the application environment is illegal.
10. A file protection device, the device comprising:
a first acquisition unit configured to acquire a biometric feature of a document user who uses a document when it is detected that the document is used;
a first determination unit for determining the identity information of the document user by the biological feature;
a second determination unit configured to determine validity of the identity of the document user based on the identity information; when the identity of the file user is illegal, determining that the file user does not have the authority to use the file; when the identity of the file user is legal, determining all use items allowing the file user to use the file based on the identity information; determining actual usage items of the document when used by the document user; when the actual use item does not belong to all the use items, determining that the file user does not have the authority to use the file;
and the execution unit is used for executing the instruction for forbidding the file user to use the file when the file user does not have the right to use the file.
11. A file protection system, the system comprising:
the server stores a computer program, and the computer program comprises computer instructions;
at least one terminal, configured to obtain the computer program sent by the server, and store the computer instruction in the computer program in a readable storage medium of the terminal, where a processor of the terminal reads the computer instruction from the readable storage medium, and executes the computer instruction, so that the terminal performs the file protection method according to any one of claims 1 to 9.
12. A computer-readable storage medium having stored therein at least one program code, the at least one program code being loaded into and executed by a processor to perform operations performed by the file protection method of any of claims 1 to 9.
13. An electronic device, comprising one or more processors and one or more memories having stored therein at least one program code, the at least one program code being loaded into and executed by the one or more processors to perform operations performed by the file protection method according to any one of claims 1 to 9.
CN202110841572.2A 2021-07-26 2021-07-26 File protection method, device, system, medium and electronic equipment Pending CN113282901A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110841572.2A CN113282901A (en) 2021-07-26 2021-07-26 File protection method, device, system, medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110841572.2A CN113282901A (en) 2021-07-26 2021-07-26 File protection method, device, system, medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN113282901A true CN113282901A (en) 2021-08-20

Family

ID=77281294

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110841572.2A Pending CN113282901A (en) 2021-07-26 2021-07-26 File protection method, device, system, medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113282901A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1635439A (en) * 2003-12-26 2005-07-06 华为技术有限公司 A user right management method
CN102081710A (en) * 2010-12-14 2011-06-01 中国石油集团川庆钻探工程有限公司 Authority setting method and authority control method
US20110213971A1 (en) * 2010-03-01 2011-09-01 Nokia Corporation Method and apparatus for providing rights management at file system level
CN104717204A (en) * 2015-02-02 2015-06-17 深圳市中兴移动通信有限公司 Method for controlling file access permission and terminal
CN106921791A (en) * 2017-01-25 2017-07-04 北京奇虎科技有限公司 The storage and inspection method of a kind of multimedia file, device and mobile terminal
CN111898105A (en) * 2020-07-28 2020-11-06 北京中科麒麟信息工程有限责任公司 External terminal protection equipment with user tracing function and protection system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1635439A (en) * 2003-12-26 2005-07-06 华为技术有限公司 A user right management method
US20110213971A1 (en) * 2010-03-01 2011-09-01 Nokia Corporation Method and apparatus for providing rights management at file system level
CN102081710A (en) * 2010-12-14 2011-06-01 中国石油集团川庆钻探工程有限公司 Authority setting method and authority control method
CN104717204A (en) * 2015-02-02 2015-06-17 深圳市中兴移动通信有限公司 Method for controlling file access permission and terminal
CN106921791A (en) * 2017-01-25 2017-07-04 北京奇虎科技有限公司 The storage and inspection method of a kind of multimedia file, device and mobile terminal
CN111898105A (en) * 2020-07-28 2020-11-06 北京中科麒麟信息工程有限责任公司 External terminal protection equipment with user tracing function and protection system

Similar Documents

Publication Publication Date Title
CN110598376B (en) Copyright authentication method, device and equipment based on block chain and storage medium
CN110851872B (en) Risk assessment method and device for private data leakage
CN113726784A (en) Network data security monitoring method, device, equipment and storage medium
CN110990798B (en) Application program permission configuration method and device, electronic equipment and storage medium
CN110324350A (en) Identity identifying method and server based on the non-sensitive sensing data in mobile terminal
CN104346550A (en) Information processing method and electronic equipment
CN113689005A (en) Enhanced transverse federated learning method and device
CN113505393A (en) Block chain payment data processing method applied to big data and cloud server
CN109033784A (en) Identity identifying method and device in a communication network
US20220004652A1 (en) Providing images with privacy label
CN104486306A (en) Method for identity authentication based on finger vein recognition and cloud service
CN111814181B (en) System authority authorization method and device, electronic equipment and storage medium
CN110222187B (en) Common activity detection and data sharing method for protecting user privacy
CN109389720B (en) Intelligent door lock permission processing method and device
CN113282901A (en) File protection method, device, system, medium and electronic equipment
CN116582373A (en) User access control method, system and electronic equipment
CN104980435A (en) Identity authentication system and method
CN112561457A (en) Talent recruitment method based on face recognition, terminal server and storage medium
CN111222181A (en) AI model supervision method, system, server and storage medium
CN107230080A (en) A kind of method for processing business, device and intelligent terminal
CN113542238B (en) Zero trust-based risk judging method and system
CN114006735B (en) Data protection method, device, computer equipment and storage medium
CN109145575A (en) A kind of distribution method and device using permission
CN105701378A (en) Terminal device control method and device
CN114266071A (en) Access right control method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210820

RJ01 Rejection of invention patent application after publication