CN113420331A - Method and device for managing file downloading permission - Google Patents

Method and device for managing file downloading permission Download PDF

Info

Publication number
CN113420331A
CN113420331A CN202110735043.4A CN202110735043A CN113420331A CN 113420331 A CN113420331 A CN 113420331A CN 202110735043 A CN202110735043 A CN 202110735043A CN 113420331 A CN113420331 A CN 113420331A
Authority
CN
China
Prior art keywords
authority
user
ciphertext
file
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110735043.4A
Other languages
Chinese (zh)
Other versions
CN113420331B (en
Inventor
康岩基
张同虎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202110735043.4A priority Critical patent/CN113420331B/en
Publication of CN113420331A publication Critical patent/CN113420331A/en
Application granted granted Critical
Publication of CN113420331B publication Critical patent/CN113420331B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a device for managing file downloading permission, and relates to the technical field of permission management. One embodiment of the method comprises: generating a download address of the file; acquiring downloading authority information of the file according to configuration information, and encrypting the downloading authority information to obtain an authority ciphertext; generating a download address ciphertext according to the download address of the file and the authority ciphertext; and sending the download address cipher text to the terminal. The embodiment can solve the technical problems of tedious authority management and hysteresis in effectiveness.

Description

Method and device for managing file downloading permission
Technical Field
The invention relates to the technical field of authority management, in particular to a method and a device for managing file downloading authority.
Background
Enterprises are generally divided into different network environments, such as a working network and a limited network, wherein the limited network stores key information, file resources and the like of the enterprises, copying of the files needs to be controlled by permission, and the file downloading permission is mainly managed by methods of permission management, user configuration and the like in the prior art.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
the enterprise staff often need download the file and use at work, and file resource needs to have certain authority level as secret information, and this needs the administrator to carry out the configuration at the backstage, and the user who decides which authority can download which file, and this kind of configuration is loaded down with trivial details, and the operation is inconvenient, and every user all needs to apply for the configuration in addition, and it has certain hysteresis nature to take effect, is unfavorable for developing the business fast.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for managing file downloading permissions, so as to solve the technical problems of cumbersome permission management and delayed effectiveness.
In order to achieve the above object, according to an aspect of the embodiments of the present invention, there is provided a method for managing file downloading permissions, applied to a server, including:
generating a download address of the file;
acquiring downloading authority information of the file according to configuration information, and encrypting the downloading authority information to obtain an authority ciphertext;
generating a download address ciphertext according to the download address of the file and the authority ciphertext;
and sending the download address cipher text to the terminal.
Optionally, after sending the download address ciphertext to the terminal, the method further includes:
receiving a user login request sent by the terminal; wherein, the user login request carries user information;
matching user authority information according to the user information;
and sending the user permission information to the terminal.
Optionally, the download authority information includes one or more of the following:
security level, user rights information and expiration time.
Optionally, generating a download address ciphertext according to the download address of the file and the authority ciphertext, including:
and splicing the authority ciphertext after the download address of the file, thereby generating a download address ciphertext.
In addition, according to another aspect of the embodiments of the present invention, there is provided a method for managing file downloading rights, which is applied to a terminal, and includes:
sending a user login request to a server; wherein, the user login request carries user information;
receiving user authority information returned by the server;
responding to the access operation of the download address ciphertext, and acquiring an authority ciphertext from the download address ciphertext; the download address ciphertext comprises a download address and an authority ciphertext of the file;
decrypting the authority ciphertext to obtain downloading authority information;
authenticating based on the user authority information returned by the server and the download authority information obtained by decryption to judge whether the user has the download authority; if so, acquiring the file from the server according to the download address of the file; if not, prompting the user that the download authority of the file does not exist.
Optionally, the download right information includes a security level, user right information, and expiration time;
authenticating based on the user authority information and the downloading authority information to judge whether the user has the downloading authority, comprising:
judging whether the security level is a preset security level or not;
judging whether the user authority information returned by the server side is consistent with the user authority information in the downloading authority information;
and judging whether the current time is less than the failure time.
In addition, according to another aspect of the embodiments of the present invention, there is provided a device for managing file downloading permissions, which is disposed at a server and includes:
the address module is used for generating a download address of the file;
the encryption module is used for acquiring the downloading authority information of the file according to the configuration information, and encrypting the downloading authority information to obtain an authority ciphertext;
the generating module is used for generating a download address ciphertext according to the download address of the file and the authority ciphertext;
and the sending module is used for sending the download address ciphertext to the terminal.
Optionally, the system further comprises a matching module, configured to:
after the download address ciphertext is sent to a terminal, a user login request sent by the terminal is received; wherein, the user login request carries user information;
matching user authority information according to the user information;
and sending the user permission information to the terminal.
Optionally, the download authority information includes one or more of the following:
security level, user rights information and expiration time.
Optionally, the generating module is further configured to:
and splicing the authority ciphertext after the download address of the file, thereby generating a download address ciphertext.
In addition, according to another aspect of the embodiments of the present invention, there is provided a device for managing file downloading rights, which is disposed in a terminal, and includes:
the login module is used for sending a user login request to the server; wherein, the user login request carries user information;
the receiving module is used for receiving the user authority information returned by the server;
the acquisition module is used for responding to the access operation of the download address ciphertext and acquiring the authority ciphertext from the download address ciphertext; the download address ciphertext comprises a download address and an authority ciphertext of the file;
the decryption module is used for decrypting the authority ciphertext to obtain downloading authority information;
the authentication module is used for authenticating based on the user authority information returned by the server and the download authority information obtained by decryption so as to judge whether the user has the download authority; if so, acquiring the file from the server according to the download address of the file; if not, prompting the user that the download authority of the file does not exist.
Optionally, the download right information includes a security level, user right information, and expiration time;
the authentication module is further configured to:
judging whether the security level is a preset security level or not;
judging whether the user authority information returned by the server side is consistent with the user authority information in the downloading authority information;
and judging whether the current time is less than the failure time.
According to another aspect of the embodiments of the present invention, there is also provided an electronic device, including:
one or more processors;
a storage device for storing one or more programs,
when the one or more programs are executed by the one or more processors, the one or more processors implement the method of any of the embodiments described above.
According to another aspect of the embodiments of the present invention, there is also provided a computer readable medium, on which a computer program is stored, which when executed by a processor implements the method of any of the above embodiments.
One embodiment of the above invention has the following advantages or benefits: the technical means that the download authority information is used for encryption to obtain the authority ciphertext, the download address ciphertext is generated according to the download address of the file and the authority ciphertext, the download address ciphertext is sent to the terminal, and the terminal decrypts and authenticates the download address ciphertext is adopted, so that the technical problems that in the prior art, authority management is complicated, and hysteresis exists in effectiveness are solved. The embodiment of the invention encrypts the download address through the server and decrypts the download address through the terminal, so that the download authority of a user is determined without complicated configuration of file download authority when the file is on line, the hysteresis of authority configuration effectiveness is eliminated, the frequency of requesting authentication information of the server by the terminal is reduced, the pressure of the server is relieved, and authentication can be performed at the terminal as long as a download address ciphertext is determined no matter where the download file server is located, thereby eliminating the influence of the server.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
fig. 1 is a schematic view of a main flow of a management method of file download authority according to an embodiment of the present invention;
fig. 2 is a schematic view of a main flow of a management method of file download authority according to a referential embodiment of the present invention;
fig. 3 is a schematic view of a main flow of a management method of file download authority according to another embodiment of the present invention;
fig. 4 is a schematic diagram of main modules of a management apparatus of file download authority according to an embodiment of the present invention;
fig. 5 is a schematic diagram of main modules of a file download authority management apparatus according to another embodiment of the present invention;
FIG. 6 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 7 is a schematic block diagram of a computer system suitable for use in implementing a terminal device or server of an embodiment of the invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
Fig. 1 is a schematic diagram of a main flow of a method for managing file download authority according to an embodiment of the present invention. As an embodiment of the present invention, as shown in fig. 1, the method for managing file downloading permissions is applied to a server, and may include:
step 101, generating a download address of a file.
Firstly, when the server receives the uploaded file, the server generates a URL address of the file according to the storage address of the file. For example, the file a is stored in the server, and the URL address of the file is www.baidu.com/download/file a.
And 102, acquiring the downloading authority information of the file according to the configuration information, and encrypting the downloading authority information to obtain an authority ciphertext.
In the embodiment of the invention, the configuration information of each file can be configured in advance, and the configuration information comprises the downloading authority information corresponding to each file, so that the downloading authority information of a certain file can be encrypted according to the downloading authority information of the file, and the authority ciphertext of the file can be obtained.
Optionally, the download authority information includes one or more of the following: security level, user rights information and expiration time. In some embodiments of the present invention, the download right information may include a security level and user right information. In some embodiments of the invention, the download right information may include a privacy level. In some embodiments of the present invention, the download right information may include a security level, user right information, and expiration time. In some embodiments of the present invention, the download right information may include only a security level or expiration time. It should be noted that the download authority information of each file may be configured as needed, and this is not limited in this embodiment of the present invention.
Optionally, the download permission information may be encrypted by using an asymmetric encryption algorithm to obtain a permission ciphertext, and the terminal may decrypt the permission ciphertext by using a decryption key.
And 103, generating a download address ciphertext according to the download address of the file and the authority ciphertext.
After the URL address of a certain file and the authority ciphertext of the file are obtained, the download address ciphertext is generated according to the URL address of the file and the authority ciphertext. Optionally, step 103 may comprise: and splicing the authority ciphertext after the download address of the file, thereby generating a download address ciphertext.
For example, the file a has a security level of 1, and the user right information is an administrator, then the download right information of the file is: and (3) encrypting the downloading authority information by the server side to obtain an authority ciphertext, splicing the authority ciphertext behind the URL (uniform resource locator) address of the file to obtain the following downloading address ciphertext:
www.baidu.com/download/file1ioaufnwgjhkasdg91。
and step 104, sending the download address cipher text to the terminal.
And after the server generates the download address ciphertext, sending the download address ciphertext to the terminal so that the terminal can decrypt and authenticate the download address ciphertext. After receiving the download address cipher text, the terminal can decrypt the download address cipher text to obtain the download authority information of the file, and then performs authentication according to the download authority information, so as to judge whether the user has the download authority of the file.
According to the various embodiments, the technical means that the permission ciphertext is obtained by encrypting the download permission information, the download address ciphertext is generated according to the download address of the file and the permission ciphertext, and the download address ciphertext is sent to the terminal can be seen, and the technical problems that in the prior art, permission management is complicated, and hysteresis is brought into effect are solved. The embodiment of the invention encrypts the download address through the server and decrypts the download address through the terminal, so that the download authority of a user is determined without complicated configuration of file download authority when the file is on line, the hysteresis of authority configuration effectiveness is eliminated, the frequency of requesting authentication information of the server by the terminal is reduced, the pressure of the server is relieved, and authentication can be performed at the terminal as long as a download address ciphertext is determined no matter where the download file server is located, thereby eliminating the influence of the server.
Fig. 2 is a schematic diagram of a main flow of a method for managing file download authority according to a referential embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 2, the method for managing file downloading permissions is applied to a server, and may include:
step 201, generating a download address of the file.
And when the server receives the uploaded file, the server generates the URL address of the file according to the storage address of the file.
Step 202, obtaining the downloading authority information of the file according to the configuration information.
The configuration information of each file can be configured in advance, and the configuration information comprises downloading authority information corresponding to each file.
And step 203, encrypting the download authority information to obtain an authority ciphertext.
The download authority information can be encrypted by adopting a symmetric encryption algorithm or an asymmetric encryption algorithm, so that an authority ciphertext is obtained. It should be noted that the encryption algorithm is not limited by the embodiment of the present invention.
And step 204, splicing the authority ciphertext behind the download address of the file, so as to generate a download address ciphertext.
In the embodiment of the invention, the authority ciphertext can be spliced behind the URL address of the file directly, so that the download address ciphertext is obtained.
And step 205, sending the download address cipher text to the terminal.
And after the server generates the download address ciphertext, sending the download address ciphertext to the terminal so that the terminal can decrypt and authenticate the download address ciphertext.
Step 206, receiving a user login request sent by the terminal.
When a user logs in a terminal, the terminal sends a user login request to a server; wherein, the user login request carries user information, such as a user name.
And step 207, matching user authority information according to the user information.
After receiving the user login request, the server analyzes the user login request to obtain user information, and then matches user authority information, such as user roles, user group information and the like, according to the user information.
And step 208, sending the user authority information to the terminal.
And after matching the user authority information, the server side sends the user authority information to the terminal so as to authenticate the terminal.
In addition, in a reference embodiment of the present invention, the detailed implementation content of the management method of file download authority is already described in detail in the above-mentioned management method of file download authority, so that the repeated content will not be described again.
Fig. 3 is a schematic diagram of a main flow of a method for managing file download authority according to another embodiment of the present invention. As another embodiment of the present invention, as shown in fig. 3, the method for managing file downloading rights is applied to a terminal, and may include:
step 301, sending a user login request to a server.
When a user logs in a terminal, the terminal sends a user login request to a server; wherein, the user login request carries user information, such as a user name.
Step 302, receiving the user authority information returned by the server.
After receiving the user login request, the server analyzes the user login request to obtain user information, and then matches user authority information, such as user roles, user group information and the like, according to the user information. After matching user authority information, the server sends the user authority information to the terminal, and the terminal receives the user authority information returned by the server.
Step 303, responding to the access operation to the download address ciphertext, and acquiring the authority ciphertext from the download address ciphertext.
And the download address ciphertext comprises a download address and an authority ciphertext of the file. In the embodiment of the invention, a server side encrypts download authority information to obtain an authority ciphertext, wherein the download authority information comprises a security level, user authority information and expiration time; and then the server side splices the authority ciphertext behind the URL address of the file, so as to generate a download address ciphertext. When the user clicks the download address ciphertext, the terminal can acquire the authority ciphertext from the download address ciphertext.
In some embodiments of the invention, the download right information may include a privacy level. In some embodiments of the present invention, the download right information may include a security level, user right information, and expiration time. In some embodiments of the present invention, the download right information may include only a security level or expiration time. It should be noted that the download authority information of each file may be configured as needed, and this is not limited in this embodiment of the present invention.
And step 304, decrypting the authority ciphertext to obtain the downloading authority information.
Optionally, the terminal decrypts the authority ciphertext by using the decryption key to obtain the downloading authority information; wherein, the download authority information comprises a security level, user authority information and expiration time.
305, authenticating based on the user authority information returned by the server and the download authority information obtained by decryption to judge whether the user has the download authority; if yes, go to step 306; if not, go to step 307.
The embodiment of the invention authenticates based on the user authority information returned by the server and the download authority information obtained by decryption to judge whether the user has the download authority, and it needs to be pointed out that the judgment basis is different in different embodiments due to different download authority information.
Optionally, the download right information includes a security level, user right information and expiration time, in this embodiment, step 305 may include:
judging whether the security level is a preset security level or not;
judging whether the user authority information returned by the server side is consistent with the user authority information in the downloading authority information;
and judging whether the current time is less than the failure time.
If yes, go to step 306; otherwise, go to step 307.
Step 306, obtaining the file from the server according to the download address of the file.
If the judgment result in the step 305 is yes, the file is obtained from the server according to the URL address of the file.
Step 307, prompting the user that the download authority of the file is not available.
And if the judgment result in the step 305 is negative, prompting the user that the file has no downloading authority.
According to the various embodiments described above, it can be seen that the embodiments of the present invention obtain the right ciphertext from the download address ciphertext, decrypt the right ciphertext to obtain the download right information, and then authenticate the user based on the user right information returned by the server and the download right information obtained by decryption to determine whether the user has the download right, thereby solving the technical problems of complicated right management and delayed effectiveness in the prior art. The embodiment of the invention encrypts the download address through the server and decrypts the download address through the terminal, so that the download authority of a user is determined without complicated configuration of file download authority when the file is on line, the hysteresis of authority configuration effectiveness is eliminated, the frequency of requesting authentication information of the server by the terminal is reduced, the pressure of the server is relieved, and authentication can be performed at the terminal as long as a download address ciphertext is determined no matter where the download file server is located, thereby eliminating the influence of the server.
Fig. 4 is a schematic diagram of main modules of a device for managing file downloading permissions according to an embodiment of the present invention, and as shown in fig. 4, the device 500 for managing file downloading permissions is disposed at a server and includes an address module 401, an encryption module 402, a generation module 403, and a sending module 404; the address module 401 is configured to generate a download address of the file; the encryption module 402 is configured to obtain download permission information of the file according to configuration information, and encrypt the download permission information to obtain a permission ciphertext; the generating module 403 is configured to generate a download address ciphertext according to the download address of the file and the authority ciphertext; the sending module 404 is configured to send the download address ciphertext to the terminal.
Optionally, the system further comprises a matching module, configured to:
after the download address ciphertext is sent to a terminal, a user login request sent by the terminal is received; wherein, the user login request carries user information;
matching user authority information according to the user information;
and sending the user permission information to the terminal.
Optionally, the download authority information includes one or more of the following:
security level, user rights information and expiration time.
Optionally, the generating module 403 is further configured to:
and splicing the authority ciphertext after the download address of the file, thereby generating a download address ciphertext.
According to the various embodiments, the technical means that the permission ciphertext is obtained by encrypting the download permission information, the download address ciphertext is generated according to the download address of the file and the permission ciphertext, and the download address ciphertext is sent to the terminal can be seen, and the technical problems that in the prior art, permission management is complicated, and hysteresis is brought into effect are solved. The embodiment of the invention encrypts the download address through the server and decrypts the download address through the terminal, so that the download authority of a user is determined without complicated configuration of file download authority when the file is on line, the hysteresis of authority configuration effectiveness is eliminated, the frequency of requesting authentication information of the server by the terminal is reduced, the pressure of the server is relieved, and authentication can be performed at the terminal as long as a download address ciphertext is determined no matter where the download file server is located, thereby eliminating the influence of the server.
Fig. 5 is a schematic diagram of main modules of a device for managing file downloading permissions according to an embodiment of the present invention, and as shown in fig. 5, the device 500 for managing file downloading permissions is disposed in a terminal and includes a login module 501, a receiving module 502, an obtaining module 503, a decryption module 504, and an authentication module 505; the login module 501 is configured to send a user login request to a server; wherein, the user login request carries user information; the receiving module 502 is configured to receive user right information returned by the server; the obtaining module 503 is configured to respond to an access operation on the download address ciphertext to obtain an authority ciphertext from the download address ciphertext; the download address ciphertext comprises a download address and an authority ciphertext of the file; the decryption module 504 is configured to decrypt the authority ciphertext to obtain download authority information; the authentication module 505 is configured to authenticate based on the user permission information returned by the server and the download permission information obtained by decryption, so as to determine whether the user has a download permission; if so, acquiring the file from the server according to the download address of the file; if not, prompting the user that the download authority of the file does not exist.
Optionally, the download right information includes a security level, user right information, and expiration time;
the authentication module 504 is further configured to:
judging whether the security level is a preset security level or not;
judging whether the user authority information returned by the server side is consistent with the user authority information in the downloading authority information;
and judging whether the current time is less than the failure time.
According to the various embodiments described above, it can be seen that the embodiments of the present invention obtain the right ciphertext from the download address ciphertext, decrypt the right ciphertext to obtain the download right information, and then authenticate the user based on the user right information returned by the server and the download right information obtained by decryption to determine whether the user has the download right, thereby solving the technical problems of complicated right management and delayed effectiveness in the prior art. The embodiment of the invention encrypts the download address through the server and decrypts the download address through the terminal, so that the download authority of a user is determined without complicated configuration of file download authority when the file is on line, the hysteresis of authority configuration effectiveness is eliminated, the frequency of requesting authentication information of the server by the terminal is reduced, the pressure of the server is relieved, and authentication can be performed at the terminal as long as a download address ciphertext is determined no matter where the download file server is located, thereby eliminating the influence of the server.
It should be noted that, in the implementation of the device for managing file download authority of the present invention, the details of the method for managing file download authority are already described in detail above, and therefore, the description of the details is not repeated here.
Fig. 6 shows an exemplary system architecture 600 of a file download right management method or a file download right management apparatus to which an embodiment of the present invention can be applied.
As shown in fig. 6, the system architecture 600 may include terminal devices 601, 602, 603, a network 604, and a server 605. The network 604 serves to provide a medium for communication links between the terminal devices 601, 602, 603 and the server 605. Network 604 may include various types of connections, such as wire, wireless communication links, or fiber optic cables, to name a few.
A user may use the terminal devices 601, 602, 603 to interact with the server 605 via the network 604 to receive or send messages or the like. The terminal devices 601, 602, 603 may have installed thereon various communication client applications, such as shopping applications, web browser applications, search applications, instant messaging tools, mailbox clients, social platform software, etc. (by way of example only).
The terminal devices 601, 602, 603 may be various electronic devices having a display screen and supporting web browsing, including but not limited to smart phones, tablet computers, laptop portable computers, desktop computers, and the like.
The server 605 may be a server providing various services, such as a background management server (for example only) providing support for shopping websites browsed by users using the terminal devices 601, 602, 603. The background management server may analyze and otherwise process the received data such as the item information query request, and feed back a processing result (for example, target push information, item information — just an example) to the terminal device.
It should be noted that the method for managing file download permission provided by the embodiment of the present invention is generally executed by the server 605, and accordingly, the device for managing file download permission is generally disposed in the server 605. The method for managing the file download permission provided by the embodiment of the present invention may also be executed by the terminal devices 601, 602, and 603, and accordingly, the device for managing the file download permission may be disposed in the terminal devices 601, 602, and 603.
It should be understood that the number of terminal devices, networks, and servers in fig. 6 is merely illustrative. There may be any number of terminal devices, networks, and servers, as desired for implementation.
Referring now to FIG. 7, shown is a block diagram of a computer system 700 suitable for use with a terminal device implementing an embodiment of the present invention. The terminal device shown in fig. 7 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU)701, which can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM)702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM703, various programs and data necessary for the operation of the system 700 are also stored. The CPU 701, the ROM 702, and the RAM703 are connected to each other via a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input portion 706 including a keyboard, a mouse, and the like; an output section 707 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 708 including a hard disk and the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. A drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read out therefrom is mounted into the storage section 708 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program can be downloaded and installed from a network through the communication section 709, and/or installed from the removable medium 711. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 701.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer programs according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor includes an address module, an encryption module, a generation module, and a transmission module, where the names of the modules do not in some cases constitute a limitation on the modules themselves.
The modules described in the embodiments of the present invention may be implemented by software or hardware. The described modules may also be provided in a processor, which may be described as: a processor comprises a login module, a reception module, an acquisition module, a decryption module and an authentication module, wherein the names of these modules do not in some cases constitute a limitation of the module itself.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: generating a download address of the file; acquiring downloading authority information of the file according to configuration information, and encrypting the downloading authority information to obtain an authority ciphertext; generating a download address ciphertext according to the download address of the file and the authority ciphertext; and sending the download address cipher text to the terminal.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be separate and not incorporated into the device. The computer readable medium carries one or more programs which, when executed by a device, implement the method of: sending a user login request to a server; wherein, the user login request carries user information; receiving user authority information returned by the server; responding to the access operation of the download address ciphertext, and acquiring an authority ciphertext from the download address ciphertext; the download address ciphertext comprises a download address and an authority ciphertext of the file; decrypting the authority ciphertext to obtain downloading authority information; authenticating based on the user authority information returned by the server and the download authority information obtained by decryption to judge whether the user has the download authority; if so, acquiring the file from the server according to the download address of the file; if not, prompting the user that the download authority of the file does not exist.
According to the technical scheme of the embodiment of the invention, the technical means that the right management is complicated and the effect is delayed in the prior art is overcome because the right ciphertext is obtained by encrypting the download right information, the download address ciphertext is generated according to the download address of the file and the right ciphertext, and the download address ciphertext is sent to the terminal for decryption and authentication by the terminal. The embodiment of the invention encrypts the download address through the server and decrypts the download address through the terminal, so that the download authority of a user is determined without complicated configuration of file download authority when the file is on line, the hysteresis of authority configuration effectiveness is eliminated, the frequency of requesting authentication information of the server by the terminal is reduced, the pressure of the server is relieved, and authentication can be performed at the terminal as long as a download address ciphertext is determined no matter where the download file server is located, thereby eliminating the influence of the server.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (14)

1. A management method for file downloading authority is applied to a server and comprises the following steps:
generating a download address of the file;
acquiring downloading authority information of the file according to configuration information, and encrypting the downloading authority information to obtain an authority ciphertext;
generating a download address ciphertext according to the download address of the file and the authority ciphertext;
and sending the download address cipher text to the terminal.
2. The method of claim 1, wherein after sending the download address ciphertext to the terminal, further comprising:
receiving a user login request sent by the terminal; wherein, the user login request carries user information;
matching user authority information according to the user information;
and sending the user permission information to the terminal.
3. The method of claim 1, wherein the download authority information comprises one or more of:
security level, user rights information and expiration time.
4. The method of claim 1, wherein generating a download address ciphertext from the download address of the file and the permission ciphertext comprises:
and splicing the authority ciphertext after the download address of the file, thereby generating a download address ciphertext.
5. A management method for file downloading authority is applied to a terminal and comprises the following steps:
sending a user login request to a server; wherein, the user login request carries user information;
receiving user authority information returned by the server;
responding to the access operation of the download address ciphertext, and acquiring an authority ciphertext from the download address ciphertext; the download address ciphertext comprises a download address and an authority ciphertext of the file;
decrypting the authority ciphertext to obtain downloading authority information;
authenticating based on the user authority information returned by the server and the download authority information obtained by decryption to judge whether the user has the download authority; if so, acquiring the file from the server according to the download address of the file; if not, prompting the user that the download authority of the file does not exist.
6. The method of claim 5, wherein the download right information includes a security level, user right information, and expiration time;
authenticating based on the user authority information and the downloading authority information to judge whether the user has the downloading authority, comprising:
judging whether the security level is a preset security level or not;
judging whether the user authority information returned by the server side is consistent with the user authority information in the downloading authority information;
and judging whether the current time is less than the failure time.
7. The utility model provides a management device of file download authority which characterized in that sets up in the server side, includes:
the address module is used for generating a download address of the file;
the encryption module is used for acquiring the downloading authority information of the file according to the configuration information, and encrypting the downloading authority information to obtain an authority ciphertext;
the generating module is used for generating a download address ciphertext according to the download address of the file and the authority ciphertext;
and the sending module is used for sending the download address ciphertext to the terminal.
8. The apparatus of claim 7, further comprising a matching module to:
after the download address ciphertext is sent to a terminal, a user login request sent by the terminal is received; wherein, the user login request carries user information;
matching user authority information according to the user information;
and sending the user permission information to the terminal.
9. The apparatus of claim 7, wherein the download authority information comprises one or more of:
security level, user rights information and expiration time.
10. The apparatus of claim 7, wherein the generating module is further configured to:
and splicing the authority ciphertext after the download address of the file, thereby generating a download address ciphertext.
11. The utility model provides a management device of file download authority which characterized in that sets up in the terminal, includes:
the login module is used for sending a user login request to the server; wherein, the user login request carries user information;
the receiving module is used for receiving the user authority information returned by the server;
the acquisition module is used for responding to the access operation of the download address ciphertext and acquiring the authority ciphertext from the download address ciphertext; the download address ciphertext comprises a download address and an authority ciphertext of the file;
the decryption module is used for decrypting the authority ciphertext to obtain downloading authority information;
the authentication module is used for authenticating based on the user authority information returned by the server and the download authority information obtained by decryption so as to judge whether the user has the download authority; if so, acquiring the file from the server according to the download address of the file; if not, prompting the user that the download authority of the file does not exist.
12. The apparatus of claim 11, wherein the download right information comprises a security level, user right information, and expiration time;
the authentication module is further configured to:
judging whether the security level is a preset security level or not;
judging whether the user authority information returned by the server side is consistent with the user authority information in the downloading authority information;
and judging whether the current time is less than the failure time.
13. An electronic device, comprising:
one or more processors;
a storage device for storing one or more programs,
the one or more programs, when executed by the one or more processors, implement the method of any of claims 1-6.
14. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-6.
CN202110735043.4A 2021-06-30 2021-06-30 Method and device for managing file downloading permission Active CN113420331B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110735043.4A CN113420331B (en) 2021-06-30 2021-06-30 Method and device for managing file downloading permission

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110735043.4A CN113420331B (en) 2021-06-30 2021-06-30 Method and device for managing file downloading permission

Publications (2)

Publication Number Publication Date
CN113420331A true CN113420331A (en) 2021-09-21
CN113420331B CN113420331B (en) 2022-12-13

Family

ID=77717302

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110735043.4A Active CN113420331B (en) 2021-06-30 2021-06-30 Method and device for managing file downloading permission

Country Status (1)

Country Link
CN (1) CN113420331B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060119021A (en) * 2005-05-18 2006-11-24 엘지전자 주식회사 Method for re-downloading rights management file in portable device
CN102685142A (en) * 2012-05-23 2012-09-19 华为技术有限公司 File authority control method, device and system
CN103036969A (en) * 2012-12-10 2013-04-10 北京奇虎科技有限公司 Management device and method for providing file download addresses
US20130246278A1 (en) * 2009-01-26 2013-09-19 Apple Inc. Method and system for verifying entitlement to access content by url validation
JP2015194888A (en) * 2014-03-31 2015-11-05 富士通エフ・アイ・ピー株式会社 Data management method and data management system
CN106850522A (en) * 2016-05-24 2017-06-13 中国科学院信息工程研究所 The implementation method of Group file encrypted transmission in a kind of instant messaging
CN107241364A (en) * 2017-08-10 2017-10-10 广州杰之良软件有限公司 Document down loading method and device
CN109347828A (en) * 2018-10-22 2019-02-15 北京达佳互联信息技术有限公司 File Upload and Download method, apparatus, electronic equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060119021A (en) * 2005-05-18 2006-11-24 엘지전자 주식회사 Method for re-downloading rights management file in portable device
US20130246278A1 (en) * 2009-01-26 2013-09-19 Apple Inc. Method and system for verifying entitlement to access content by url validation
CN102685142A (en) * 2012-05-23 2012-09-19 华为技术有限公司 File authority control method, device and system
CN103036969A (en) * 2012-12-10 2013-04-10 北京奇虎科技有限公司 Management device and method for providing file download addresses
JP2015194888A (en) * 2014-03-31 2015-11-05 富士通エフ・アイ・ピー株式会社 Data management method and data management system
CN106850522A (en) * 2016-05-24 2017-06-13 中国科学院信息工程研究所 The implementation method of Group file encrypted transmission in a kind of instant messaging
CN107241364A (en) * 2017-08-10 2017-10-10 广州杰之良软件有限公司 Document down loading method and device
CN109347828A (en) * 2018-10-22 2019-02-15 北京达佳互联信息技术有限公司 File Upload and Download method, apparatus, electronic equipment and storage medium

Also Published As

Publication number Publication date
CN113420331B (en) 2022-12-13

Similar Documents

Publication Publication Date Title
CN113347206B (en) Network access method and device
US9430211B2 (en) System and method for sharing information in a private ecosystem
US10630722B2 (en) System and method for sharing information in a private ecosystem
CN110611657A (en) File stream processing method, device and system based on block chain
CN113364795B (en) Data transmission method and proxy server
CN111784887A (en) Authorization releasing method, device and system for user access
CN112437044B (en) Instant messaging method and device
CN111814131A (en) Method and device for equipment registration and configuration management
CN111049789B (en) Domain name access method and device
CN110022207B (en) Method, apparatus, device and computer readable medium for key management and data processing
CN114598549B (en) Customer SSL certificate verification method and device
US10621319B2 (en) Digital certificate containing multimedia content
CN112560003A (en) User authority management method and device
CN107707528B (en) Method and device for isolating user information
CN112966286B (en) Method, system, device and computer readable medium for user login
CN113420331B (en) Method and device for managing file downloading permission
CN115567263A (en) Data transmission management method, data processing method and device
CN112565156B (en) Information registration method, device and system
CN110765445B (en) Method and device for processing request
CN109657481B (en) Data management method and device
CN110166226B (en) Method and device for generating secret key
CN110619236A (en) File authorization access method, device and system based on file credential information
CN113297605B (en) Copy data management method, apparatus, electronic device, and computer readable medium
CN110602074B (en) Service identity using method, device and system based on master-slave association
CN111526128B (en) Encryption management method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant