CN113806777A - File access realization method and device, storage medium and electronic equipment - Google Patents
File access realization method and device, storage medium and electronic equipment Download PDFInfo
- Publication number
- CN113806777A CN113806777A CN202111112272.7A CN202111112272A CN113806777A CN 113806777 A CN113806777 A CN 113806777A CN 202111112272 A CN202111112272 A CN 202111112272A CN 113806777 A CN113806777 A CN 113806777A
- Authority
- CN
- China
- Prior art keywords
- file
- user
- access
- identification
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 230000004044 response Effects 0.000 claims abstract description 10
- 238000004590 computer program Methods 0.000 claims description 2
- 238000002955 isolation Methods 0.000 abstract description 7
- 238000013475 authorization Methods 0.000 abstract description 6
- 230000008569 process Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 238000012545 processing Methods 0.000 description 7
- 230000006870 function Effects 0.000 description 5
- 238000013461 design Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000000644 propagated effect Effects 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000003491 array Methods 0.000 description 1
- 230000003190 augmentative effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000835 fiber Substances 0.000 description 1
- 125000001475 halogen functional group Chemical group 0.000 description 1
- 230000002093 peripheral effect Effects 0.000 description 1
- 230000003252 repetitive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 239000004984 smart glass Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The disclosure provides a file access realization method and device, electronic equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: acquiring an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; reading the file identification of the target file in response to the access request; determining the access authority of the user to the target file according to the user identification and the file identification in the access request; acquiring a key for decrypting the target file according to the access authority and the file identifier; and returning the key to the client to decrypt the target file according to the key to obtain the initial file, so as to realize the access to the initial file. The method can realize the isolation and authorization of the user accessing the file at the file level and realize the flexible management of the user's authority to decrypt and access the file.
Description
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for implementing file access, a storage medium, and an electronic device.
Background
In the application scenario of file encryption, the file may be encrypted using encryption software. Such as: the encryption software is used for encrypting the unique key generated by the file to be encrypted, when the user needs to decrypt, the user can decrypt successfully only by inputting the unique key, or the user logs in the encryption software through the account password and inputs the unique key. These approaches cannot satisfy authorization and isolation based on a single file and a single user, and cannot flexibly manage the user's right to access the file for decryption.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The disclosure aims to provide a method and a device for realizing file access, an electronic device and a storage medium, so as to solve the problem that the authority of a user for file decryption access cannot be flexibly managed.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to one aspect of the present disclosure, a method for implementing file access is provided, including:
acquiring an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; reading the file identification of the target file in response to the access request; determining the access authority of the user to the target file according to the user identification and the file identification in the access request; acquiring a key for decrypting the target file according to the access authority and the file identifier; and returning the key to the client to decrypt the target file according to the key to obtain the initial file, so as to realize the access to the initial file.
In one embodiment of the present disclosure, encrypting the initial file includes: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
In an embodiment of the present disclosure, after encrypting the initial file by using the key to obtain the target file, the method further includes: storing the file identification into file header data of a target file; and reading the file identification of the target file in response to the access request, including: and acquiring the file header data of the target file to read the file identification in the file header data.
In one embodiment of the present disclosure, determining the access right of the user to the target file according to the user identifier and the file identifier includes: querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification; judging whether the file identification exists in the accessible file identification set or not; if so, determining that the user has access authority to the target file; and if not, determining that the user does not have the access right to the target file.
In one embodiment of the present disclosure, the corresponding relationship data set is a user-file access right table, and the access right table indicates a corresponding relationship between a user identifier and an accessible file identifier for which the user has access right; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, comprising: inquiring a user-file access authority table; and determining the file identification corresponding to the user identification in the user-file access authority table to form an accessible file identification set.
In one embodiment of the present disclosure, the correspondence data set includes a user-item attribution table and a file-item attribution table; wherein, the user-item attribution table indicates the corresponding relation between the user identification and the item identification of the item to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, comprising: inquiring a user-item attribution table, and determining a target item identifier corresponding to the user identifier in the user-item attribution table; and querying the file-item attribution table, and determining the corresponding file identifier of the target item identifier in the file-item attribution table to form an accessible file identifier set.
In one embodiment of the present disclosure, acquiring a key for decrypting a target file according to an access right and a file identifier includes: when a user has access authority to a target file, a file key record table is obtained; and inquiring a corresponding key of the file identifier in the file key record table to serve as the key.
In an embodiment of the present disclosure, the method for implementing file access of the present disclosure further includes: and when the user does not have the access right to the target file, returning error information to the client.
According to another aspect of the present disclosure, an apparatus for implementing file access is provided, including:
the acquisition request module is used for acquiring an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; the reading identification module is used for responding to the access request to read the file identification of the target file; the inquiry authority module is used for determining the access authority of the user to the target file according to the user identification and the file identification in the access request; the key obtaining module is used for obtaining a key for decrypting the target file according to the access authority and the file identification; and the access module is used for returning the key to the client so as to decrypt the target file according to the key to obtain the initial file and realize access to the initial file.
In an embodiment of the present disclosure, the apparatus for implementing file access of the present disclosure further includes an encryption module, where the encryption module is configured to encrypt the initial file, and includes: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
In an embodiment of the present disclosure, after the encrypting module encrypts the initial file by using the key to obtain the target file, the method further includes: storing the file identification into file header data of a target file; and the reading identification module responds to the access request to read the file identification of the target file, and comprises the following steps: and acquiring the file header data of the target file to read the file identification in the file header data.
In one embodiment of the present disclosure, the determining, by the query authority module, the access authority of the user to the target file according to the user identifier and the file identifier includes: querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification; judging whether the file identification exists in the accessible file identification set or not; if so, determining that the user has access authority to the target file; and if not, determining that the user does not have the access right to the target file.
In one embodiment of the present disclosure, the corresponding relationship data set is a user-file access right table, and the access right table indicates a corresponding relationship between a user identifier and an accessible file identifier for which the user has access right; the query permission module queries the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, and the query permission module comprises the following steps: inquiring a user-file access authority table; and determining the file identification corresponding to the user identification in the user-file access authority table to form an accessible file identification set.
In one embodiment of the present disclosure, the correspondence data set includes a user-item attribution table and a file-item attribution table; wherein, the user-item attribution table indicates the corresponding relation between the user identification and the item identification of the item to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; the query permission module queries the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, and the query permission module comprises the following steps: inquiring a user-item attribution table, and determining a target item identifier corresponding to the user identifier in the user-item attribution table; and querying the file-item attribution table, and determining the corresponding file identifier of the target item identifier in the file-item attribution table to form an accessible file identifier set.
In one embodiment of the present disclosure, the obtaining a key module obtains a key for decrypting a target file according to an access right and a file identifier, including: when a user has access authority to a target file, a file key record table is obtained; and inquiring a corresponding key of the file identifier in the file key record table to serve as the key.
In one embodiment of the disclosure, when the user does not have access right to the target file, the access module is further configured to return an error message to the client.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method of file access described above.
According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to execute the above-mentioned implementation method of file access via executing the executable instructions.
The method for implementing file access provided by the embodiment of the disclosure can query the access authority of a user to a file according to the file identifier of an encrypted target file and the user identifier, and acquire the key corresponding to the file identifier under the condition that the user is determined to have the access authority so as to decrypt the target file to obtain an unencrypted initial file, so that the user can access the initial file to implement isolation and authorization of the file-level user to access the file, wherein the access authority of the user to the file can be adjusted to implement flexible management of the decryption access authority of the user to the file.
Further, the implementation of file access provided by the embodiments of the present disclosure also provides a corresponding encryption method, so as to be used in the file access method of the present disclosure.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
FIG. 1 depicts a schematic diagram of an exemplary system architecture to which the file access implementation of embodiments of the present disclosure may be applied;
FIG. 2 shows a flow diagram of a method of implementing file access of one embodiment of the present disclosure;
FIG. 3 is a flow chart illustrating an encryption method corresponding to an implementation method of file access according to an embodiment of the present disclosure;
FIG. 4 is a flowchart illustrating determining whether a user has access rights in a method for implementing file access according to an embodiment of the present disclosure;
FIG. 5 is a flowchart illustrating determining whether a user has access rights in a method for implementing file access according to an embodiment of the present disclosure;
FIG. 6 is a diagram illustrating a method for implementing file access according to an embodiment of the present disclosure;
FIG. 7 is a diagram illustrating a method for implementing file access according to an embodiment of the present disclosure;
FIG. 8 is a block diagram of an apparatus for implementing file access according to an embodiment of the present disclosure; and
fig. 9 shows a block diagram of a computer device for implementing file access in an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present disclosure, "a plurality" means at least two, e.g., two, three, etc., unless explicitly specifically limited otherwise.
In view of the above technical problems in the related art, embodiments of the present disclosure provide a method for implementing file access, so as to solve at least one or all of the above technical problems.
FIG. 1 depicts a schematic diagram of an exemplary system architecture to which the file access implementation of embodiments of the present disclosure may be applied; as shown in fig. 1:
the system architecture may include a server 101, a network 102, and a client 103. Network 102 serves as a medium for providing communication links between clients 103 and server 101. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The server 101 may be a server providing various services, such as a background management server providing functions of receiving an access request for a target file sent by the client 103, querying access rights of a user for the target file, obtaining a key, and the like.
The client 103 may be a mobile terminal such as a mobile phone, a game console, a tablet computer, an electronic book reader, smart glasses, a smart home device, an AR (Augmented Reality) device, a VR (Virtual Reality) device, or the client 103 may also be a personal computer such as a laptop computer, a desktop computer, and the like.
In some optional embodiments, a user may select a target file to be accessed in an interface provided by the client 103, and generate an access request for the target file through the client 103, after receiving the access request sent by the client 103, the server 101 may obtain a file identifier in response to the access request, further determine an access right of the user to the target file by querying a corresponding relationship data set between the user and the file according to the file identifier and the user identifier in the access request, and query a file key record table stored to the server to obtain a key for decrypting the target file when the user has the access right, and then return the key to the client 103; the client 103 may decrypt the target file by using the received key to obtain an initial file of the target file before encryption, so as to be used by the user.
The client 103 may also provide file encryption functions, such as: the file identifier and the key for encrypting the initial file can be generated for the initial file, the initial file is encrypted by using the key to obtain the target file, the corresponding relation between the file identifier and the key is established, and the file key record table is generated and stored in the server 101.
It should be understood that the number of clients, networks and servers in fig. 1 is only illustrative, and the server 101 may be a physical server, a server cluster composed of a plurality of servers, a cloud server, and any number of clients, networks and servers according to actual needs.
Hereinafter, the steps of the method for implementing file access in the exemplary embodiment of the present disclosure will be described in more detail with reference to the drawings and the embodiment.
Fig. 2 shows a flowchart of a method for implementing file access according to an embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be executed by a server or a client as shown in fig. 1, but the present disclosure is not limited thereto.
In the following description, the server cluster 101 is used as an execution subject for illustration.
As shown in fig. 2, the method for implementing file access provided by the embodiment of the present disclosure may include the following steps:
step S201, obtaining an access request to a target file from a client; wherein, the target file is an encrypted file obtained by encrypting the initial file. The format of the target file may be a word document, an excel table, a picture, a video, an executable program, a folder, and the like, which may not be limited in the present application. The access request can be a presentation request for pictures, an opening request for word documents, a playing request for video files,
in step S203, the file identifier of the target file is read in response to the access request. An unencrypted file may be set with a file identifier after being encrypted, such as: when an image is encrypted, a unique file identifier and a unique key can be generated for the image, the image is encrypted by using the key, and the file identifier and the key are stored in an associated manner, so that the unique key corresponding to the file identifier can be inquired in the subsequent steps. In the method, the file identification can be read from the target file, the file identifications of different files can be different or the same, but the file identifications and the keys are in one-to-one correspondence, so that the effect of 'uniquely determining one file identification according to the target file and further uniquely determining one key' is achieved.
And step S205, determining the access authority of the user to the target file according to the user identifier and the file identifier in the access request. A corresponding relationship may be set for maintaining access right information of the user to the file, and the corresponding relationship may be stored in the external system, the cloud server, and/or the local client. The authority of the user for accessing the file can be adjusted by adjusting the content in the corresponding relation, so that the effect of flexibly managing the decryption access authority of the user for the file can be achieved, and the isolation and authorization of the file level can be realized.
Step S207, obtaining the key for decrypting the target file according to the access authority and the file identification. In step S203, the generated unique file identifier and the unique key may be stored in the form of a file key record table, and further, in this step, the user may obtain the key for decrypting the target file by querying the file key record table if the user has access right.
And step S209, returning the key to the client to decrypt the target file according to the key to obtain the initial file, so as to realize access to the initial file. The client can decrypt the target file by using the key after receiving the key, and then display the initial file obtained after decryption so that a user can access the initial file, thereby realizing the file access method in the method.
By using the method for realizing file access in the disclosure, the access authority of the user to the file can be inquired according to the file identifier of the encrypted target file and the user identifier, and the key corresponding to the file identifier is obtained under the condition that the user is determined to have the access authority so as to decrypt the target file to obtain the unencrypted initial file, so that the user can access the initial file to realize isolation and authorization of the file-level user to access the file, wherein the access authority of the user to the file can be adjusted to realize flexible management of the decryption access authority of the user to the file.
In some embodiments, encrypting the initial file comprises: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
This embodiment can be regarded as an encryption manner provided by the present disclosure. When the initial file is encrypted, a unique fileID (namely a file identifier) and a file-level key can be allocated to the file; specific examples thereof include: when the encrypted file is created, the fileID and the random key can be generated for the file, and the key and the fileID are stored in the encryption server in a one-to-one correspondence manner. The server may store a file key record table, and when a file is encrypted, the generated file identifier and the key may be correspondingly stored in the file key record table for being queried in a subsequent step. The file key recording table can also be stored in other systems, clients and/or cloud servers under different application scenarios to meet application requirements of different scenarios.
In some embodiments, after encrypting the initial file by using the key to obtain the target file, the method further includes: and storing the file identification into the file header data of the target file. In the encryption mode provided by the present disclosure, after the initial file is encrypted, the obtained file information of the target file may include a file header and a file ciphertext, and a FileID and a user identifier are added to the file header.
Further, in some embodiments, reading the file identification of the target file in response to the access request includes: and acquiring the file header data of the target file to read the file identification in the file header data. After the encryption mode provided by the present disclosure is used, in the process of accessing, the header data of the target file may be obtained in response to the access request, and the file identifier of the target file is read from the header data, so as to determine the file identifier uniquely corresponding to the file, so as to search for the decryption key corresponding to the file identifier in the subsequent steps.
Fig. 3 shows a flowchart of an encryption method corresponding to an implementation method of file access according to an embodiment of the present disclosure, including:
step S301, generating a file identifier and a key for encrypting the initial file for the initial file;
step S303, encrypting the initial file by using the key to obtain a target file;
step S305, storing the file identification into the file header data of the target file;
step S307, establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
Step S305 needs to be executed after step S303, and step S303 and step S307 need to be executed after step S301, but the execution order of step S303 and step S307 may not be limited.
In some practical applications, a preset blacklist or white list may be queried before determining the access authority of a user to a target file according to a user identifier and a file identifier, to determine whether the user is a legal user, and if the user is found to be an illegal user, the process is terminated, the query is stopped, and information for stopping access is returned to the user. In the step, the safety of the file can be protected by utilizing the self-set black list or white list, the access can be stopped in time, and the computing resource is saved.
In some embodiments, determining the access right of the user to the target file according to the user identifier and the file identifier includes: querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification; judging whether the file identification exists in the accessible file identification set or not; if so, determining that the user has access authority to the target file; and if not, determining that the user does not have the access right to the target file.
The corresponding relation data set can be adjusted according to the service scene, for example, when the access authority of the file is changed due to the service movement of the user, the authority information of the file accessible by the user in the corresponding relation data set can be correspondingly adjusted, so that the decryption access authority of the file can be flexibly managed by the user.
In some embodiments, the correspondence data set is a user-file access permission table, and the access permission table indicates the correspondence between the user identifier and an accessible file identifier to which the user has access permission; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, comprising: inquiring a user-file access authority table; and determining the file identification corresponding to the user identification in the user-file access authority table to form an accessible file identification set.
The user-file access authority table may include a user identification field and a file identification field of the user-accessible file, so as to quickly find out the accessible file identification set of the user.
In some practical applications, a user list of accessible files may also be recorded in the user-file access permission table, and whether a user has an access permission is determined by judging whether the user is in the user list, which is similar to the above embodiment and is not described in detail in this disclosure.
Fig. 4 shows a flowchart for determining whether a user has an access right in a file access implementation method according to an embodiment of the present disclosure, where the flowchart includes:
step S401, inquiring a user-file access authority table;
step S403, determining a file identifier corresponding to the user identifier in the user-file access authority table to form an accessible file identifier set;
step S405, judging whether the file identification exists in the accessible file identification set; if yes, go to step S407; if not, go to step S409;
step S407, determining that the user has access authority to the target file;
step S409, it is determined that the user does not have access right to the target file.
In some embodiments, the correspondence data set includes a user-item attribution table and a file-item attribution table; wherein, the user-item attribution table indicates the corresponding relation between the user identification and the item identification of the item to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, comprising: inquiring a user-item attribution table, and determining a target item identifier corresponding to the user identifier in the user-item attribution table; and querying the file-item attribution table, and determining the corresponding file identifier of the target item identifier in the file-item attribution table to form an accessible file identifier set.
In some practical applications, one or more users may belong to a project, the project may correspond to one or more related files, and there is an accessible relationship between users corresponding to the same project and the files, in which case, there is a case where multiple users may access the same file, and then the permission of the user to access the file may be adjusted by simultaneously maintaining the user-project attribution table and the file-project attribution table, which is beneficial to quickly adjust the permission of the user to access the file when there is a change in the user-project attribution information and when there is a change in the file-project attribution information in practical applications, and is easy to manage.
In some practical applications, the file-item attribution table may be queried first, a target item identifier corresponding to the file identifier in the file-item attribution table is determined, then the user-item attribution table is queried, a user identifier list corresponding to the target item identifier in the user-item attribution table is determined, then whether the user accessing the file is in the queried user identifier list is determined, and further whether the user has an access right is determined by determining whether the user is in the user identifier list, which is similar to the above embodiment and is not described in detail in this disclosure.
Fig. 5 shows a flowchart for determining whether a user has an access right in a file access implementation method according to an embodiment of the present disclosure, where the flowchart includes:
step S501, inquiring a user-item attribution table, and determining a target item identifier corresponding to a user identifier in the user-item attribution table;
step S503, inquiring the file-item attribution table, and determining the corresponding file identification of the target item identification in the file-item attribution table to form an accessible file identification set;
step S505, judging whether the file identification exists in the accessible file identification set; if yes, go to step S507; if not, go to step S509;
step S507, determining that the user has access authority to the target file;
in step S509, it is determined that the user does not have access right to the target file.
In some embodiments, obtaining a key for decrypting a target file according to the access right and the file identification includes: when a user has access authority to a target file, a file key record table is obtained; and inquiring a corresponding key of the file identifier in the file key record table to serve as the key.
In some embodiments, the method for implementing file access of the present disclosure further includes: and when the user does not have the access right to the target file, returning error information to the client.
Firstly, judging whether a user has an access right, acquiring a secret key under the condition that the user is determined to have the right, continuously decrypting a file, and normally opening the file; if the current user has no authority, the key is not allowed to be obtained, error information can be returned to the client, and the user can not continuously open the file, so that file-level isolation and authorization are realized.
FIG. 6 is a diagram illustrating a method for implementing file access according to an embodiment of the present disclosure, including an encryption process and a decryption access process; wherein, the encryption process comprises:
generating an initial file to be encrypted in a front-end application (such as applications of Revit/RutoCAD/SketchUP and the like), and generating a creation request of an encrypted file;
after the encryption software driver filter receives a creation request, generating a file identifier and a key for an initial file, writing the file identifier and the key into a file header, and reporting an encryption file creation event;
capturing an encrypted file creation event through an encrypted software client, creating an encrypted file based on an initial file after capturing, and reporting the encrypted file creation event to an encrypted software console (a server);
and after the encrypted file creating event is received by the encrypted software console, recording the corresponding relation between the file identification and the secret key.
A decrypted access process comprising:
receiving an access request for a target file in a front-end application (such as application Revit/RutoCAD/SketchUP);
reporting an encrypted file opening event after the encrypted software driver filter receives the access request;
capturing an encrypted file opening event through an encryption software client, and determining whether a user is a legal user or not after capturing; after the user is determined to be a legal user, sending a query authority request to an encryption software console (a server side);
the encryption software console (server) queries the permission corresponding table based on the query permission request to judge whether the user has the access permission;
when the user is determined not to have the access right, returning error information and terminating the access;
when the user is determined to have the access right, continuously inquiring the file key record table to obtain the key, and returning the key to the encryption software client;
the encryption software client transmits the key to the front-end application through encryption software drive filtering, so that the front-end application decrypts the target file according to the key to obtain an initial file and displays the initial file to a user.
FIG. 7 is a diagram illustrating a method for implementing file access according to an embodiment of the present disclosure, including an encryption process and a decryption access process; the encryption process comprises the following steps:
generating an initial file to be encrypted in a design platform (such as Halo/PDM), calling Web APIh or SDK provided by encryption software to generate a file identifier and a key for the initial file, writing the file identifier and the key into a file header, generating an encryption file creation event, and sending the encryption file creation event to an encryption software console (a server);
after the encrypted file creating event is received by the encrypted software console, recording the corresponding relation between the file identifier and the secret key, creating an encrypted file based on the initial file, setting project isolation information, and returning the encrypted file to the design platform;
and after receiving the encrypted file, the design platform sends the encrypted file out.
A decrypted access process comprising:
receiving an access request for a target file in a front-end application (such as application Revit/RutoCAD/SketchUP);
reporting an encrypted file opening event after the encrypted software driver filter receives the access request;
capturing an encrypted file opening event through an encryption software client, and determining whether a user is a legal user or not after capturing; after the user is determined to be a legal user, sending a query authority request to an encryption software console (a server side);
the encryption software console (server) queries the permission corresponding table based on the query permission request to judge whether the user has the access permission; the design platform can be accessed to obtain a user-project attribution table to judge whether the user has access authority or not;
when the user is determined not to have the access right, returning error information and terminating the access;
when the user is determined to have the access right, continuously inquiring the file key record table to obtain the key, and returning the key to the encryption software client;
the encryption software client transmits the key to a front-end application (such as application of Revit/RutoCAD/SketchUP) through encryption software drive filtering, so that the front-end application decrypts the target file according to the key to obtain an initial file and displays the initial file to a user.
It is to be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
Fig. 8 shows a block diagram of an apparatus 800 for implementing file access in a fifth embodiment of the present disclosure; as shown in fig. 8, includes:
an obtaining request module 801, configured to obtain an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file;
a reading identification module 802, configured to read a file identification of the target file in response to the access request;
the query authority module 803 is configured to determine, according to the user identifier and the file identifier in the access request, an access authority of the user to the target file;
an obtaining key module 804, configured to obtain a key for decrypting the target file according to the access right and the file identifier;
the access module 805 is configured to return the key to the client, so as to decrypt the target file according to the key to obtain an initial file, and implement access to the initial file.
In some embodiments, the file access implementation apparatus of the present disclosure further includes an encryption module 806, where the encryption module is configured to encrypt the initial file, and includes: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server. In an embodiment of the present disclosure, after the encrypting module encrypts the initial file by using the key to obtain the target file, the method further includes: and storing the file identification into the file header data of the target file.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Thus, various aspects of the invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.) or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
Fig. 9 shows a block diagram of a computer device for implementing file access in an embodiment of the present disclosure. It should be noted that the illustrated electronic device is only an example, and should not bring any limitation to the functions and the scope of the embodiments of the present invention.
An electronic device 900 according to this embodiment of the invention is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is only an example and should not bring any limitations to the function and scope of use of the embodiments of the present invention.
As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one memory unit 920, and a bus 930 that couples various system components including the memory unit 920 and the processing unit 910.
Wherein the storage unit stores program code that is executable by the processing unit 910 to cause the processing unit 910 to perform steps according to various exemplary embodiments of the present invention described in the above section "exemplary methods" of the present specification. For example, the processing unit 910 may execute step S201 shown in fig. 2, acquiring an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; step S203, responding to the access request to read the file identification of the target file; step S205, determining the access authority of the user to the target file according to the user identifier and the file identifier in the access request; step S207, obtaining a key for decrypting the target file according to the access authority and the file identifier; and step S209, returning the key to the client to decrypt the target file according to the key to obtain the initial file, so as to realize access to the initial file.
The storage unit 920 may include a readable medium in the form of a volatile storage unit, such as a random access memory unit (RAM)9201 and/or a cache memory unit 9202, and may further include a read only memory unit (ROM) 9203.
The electronic device 900 may also communicate with one or more external device file access enabling apparatus 800 (e.g., keyboard, pointing device, Bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 900, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 900 to communicate with one or more other computing devices. Such communication may occur via input/output (I/O) interface 950. Also, the electronic device 900 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN) and/or a public network, such as the Internet) via the network adapter 960. As shown, the network adapter 960 communicates with the other modules of the electronic device 900 via the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in conjunction with the electronic device 900, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a terminal device, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary methods" of the present description, when said program product is run on the terminal device.
According to the program product for implementing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In the case of a remote computing device, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., through the internet using an internet service provider).
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, or by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.
Claims (11)
1. A method for implementing file access is characterized by comprising the following steps:
acquiring an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file;
reading the file identification of the target file in response to the access request;
determining the access authority of the user to the target file according to the user identification and the file identification in the access request;
acquiring a key for decrypting the target file according to the access authority and the file identifier;
and returning the key to the client to decrypt the target file according to the key to obtain the initial file, so as to realize access to the initial file.
2. The method of claim 1, wherein encrypting the initial file comprises:
generating a file identifier and a key for encrypting the initial file for the initial file;
encrypting the initial file by using the key to obtain the target file;
and establishing a corresponding relation between the file identification and the secret key, and updating the corresponding relation to a file secret key record table stored in a server.
3. The method of claim 2, wherein after encrypting the initial file with the key to obtain the target file, further comprising: storing the file identification into file header data of the target file; and the number of the first and second groups,
reading the file identification of the target file in response to the access request, comprising: and acquiring the file header data of the target file to read the file identifier in the file header data.
4. The method of claim 2, wherein determining the access right of the user to the target file according to the user identifier and the file identifier comprises:
querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification;
judging whether the file identification exists in the accessible file identification set or not;
if so, determining that the user has access right to the target file; and if not, determining that the user does not have the access right to the target file.
5. The method according to claim 4, wherein the corresponding relation data set is a user-file access authority table, and the access authority table indicates the corresponding relation between a user identifier and an accessible file identifier of which the user has access authority;
querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including:
querying the user-file access permission table;
and determining the file identifier corresponding to the user identifier in the user-file access authority table to form the accessible file identifier set.
6. The method of claim 4, wherein the correspondence data set comprises a user-item attribution table and a file-item attribution table; wherein, the user-item attribution table indicates the corresponding relation between the user identification and the item identification of the item to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table;
querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including:
inquiring the user-item attribution table, and determining a target item identifier corresponding to the user identifier in the user-item attribution table;
and querying the file-item attribution table, and determining the corresponding file identifier of the target item identifier in the file-item attribution table to form the accessible file identifier set.
7. The method of claim 4, wherein obtaining a key for decrypting the target file according to the access right and the file identifier comprises:
when the user has access authority to the target file, acquiring the file key record table;
and inquiring a key corresponding to the file identifier in the file key record table to serve as the key.
8. The method of claim 4, further comprising: and when the user does not have the access right to the target file, returning error information to the client.
9. An apparatus for implementing file access, comprising:
the acquisition request module is used for acquiring an access request for a target file from a client; the target file is an encrypted file obtained by encrypting the initial file;
the reading identification module is used for responding to the access request and reading the file identification of the target file;
the inquiry authority module is used for determining the access authority of the user to the target file according to the user identification and the file identification in the access request;
the key obtaining module is used for obtaining a key for decrypting the target file according to the access authority and the file identification;
and the access module is used for returning the key to the client so as to decrypt the target file according to the key to obtain the initial file and realize access to the initial file.
10. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, implements the method of implementing file access according to any one of claims 1 to 8.
11. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the method of implementing file access according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111112272.7A CN113806777A (en) | 2021-09-18 | 2021-09-18 | File access realization method and device, storage medium and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111112272.7A CN113806777A (en) | 2021-09-18 | 2021-09-18 | File access realization method and device, storage medium and electronic equipment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113806777A true CN113806777A (en) | 2021-12-17 |
Family
ID=78896234
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111112272.7A Pending CN113806777A (en) | 2021-09-18 | 2021-09-18 | File access realization method and device, storage medium and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113806777A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114003963A (en) * | 2021-12-30 | 2022-02-01 | 天津联想协同科技有限公司 | Method, system, network disk and storage medium for file authorization under enterprise network disk |
| CN114257457A (en) * | 2021-12-30 | 2022-03-29 | 天翼云科技有限公司 | File sharing method and device |
| CN114611137A (en) * | 2022-03-01 | 2022-06-10 | 北京航星永志科技有限公司 | Data access method, data access device and electronic equipment |
| CN115114670A (en) * | 2022-08-31 | 2022-09-27 | 天津联想协同科技有限公司 | File unlocking method and device based on external link, network disk and storage medium |
| CN115688149A (en) * | 2023-01-03 | 2023-02-03 | 大熊集团有限公司 | Encrypted data access method and system |
| CN115906124A (en) * | 2022-12-08 | 2023-04-04 | 广州优比建筑咨询有限公司 | Revit project file encryption method, decryption method, device and equipment |
| WO2023125480A1 (en) * | 2021-12-27 | 2023-07-06 | 华为技术有限公司 | Access object authentication method, apparatus and system |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100185852A1 (en) * | 2007-07-05 | 2010-07-22 | Hitachi Software Engineering Co., Ltd. | Encryption and decryption method for shared encrypted file |
| CN103488791A (en) * | 2013-09-30 | 2014-01-01 | 华为技术有限公司 | Data access method and system and data warehouse |
| CN110352413A (en) * | 2017-03-16 | 2019-10-18 | 于俊 | A kind of real data files access control method and system based on strategy |
| CN110781507A (en) * | 2019-10-21 | 2020-02-11 | 中广核工程有限公司 | File authority control method and device, computer equipment and storage medium |
| CN111131216A (en) * | 2019-12-17 | 2020-05-08 | 云城(北京)数据科技有限公司 | File encryption and decryption method and device |
| CN112163236A (en) * | 2020-10-14 | 2021-01-01 | 上海妙一生物科技有限公司 | File access method, device, system and computer readable storage medium |
| CN112199730A (en) * | 2020-11-17 | 2021-01-08 | 上海优扬新媒信息技术有限公司 | Method and device for processing application data on terminal and electronic equipment |
| CN112487450A (en) * | 2020-11-30 | 2021-03-12 | 银盛支付服务股份有限公司 | File server access grading method |
-
2021
- 2021-09-18 CN CN202111112272.7A patent/CN113806777A/en active Pending
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20100185852A1 (en) * | 2007-07-05 | 2010-07-22 | Hitachi Software Engineering Co., Ltd. | Encryption and decryption method for shared encrypted file |
| CN103488791A (en) * | 2013-09-30 | 2014-01-01 | 华为技术有限公司 | Data access method and system and data warehouse |
| CN110352413A (en) * | 2017-03-16 | 2019-10-18 | 于俊 | A kind of real data files access control method and system based on strategy |
| CN110781507A (en) * | 2019-10-21 | 2020-02-11 | 中广核工程有限公司 | File authority control method and device, computer equipment and storage medium |
| CN111131216A (en) * | 2019-12-17 | 2020-05-08 | 云城(北京)数据科技有限公司 | File encryption and decryption method and device |
| CN112163236A (en) * | 2020-10-14 | 2021-01-01 | 上海妙一生物科技有限公司 | File access method, device, system and computer readable storage medium |
| CN112199730A (en) * | 2020-11-17 | 2021-01-08 | 上海优扬新媒信息技术有限公司 | Method and device for processing application data on terminal and electronic equipment |
| CN112487450A (en) * | 2020-11-30 | 2021-03-12 | 银盛支付服务股份有限公司 | File server access grading method |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2023125480A1 (en) * | 2021-12-27 | 2023-07-06 | 华为技术有限公司 | Access object authentication method, apparatus and system |
| CN114003963A (en) * | 2021-12-30 | 2022-02-01 | 天津联想协同科技有限公司 | Method, system, network disk and storage medium for file authorization under enterprise network disk |
| CN114257457A (en) * | 2021-12-30 | 2022-03-29 | 天翼云科技有限公司 | File sharing method and device |
| CN114257457B (en) * | 2021-12-30 | 2023-08-08 | 天翼云科技有限公司 | File sharing method and device |
| CN114611137A (en) * | 2022-03-01 | 2022-06-10 | 北京航星永志科技有限公司 | Data access method, data access device and electronic equipment |
| CN114611137B (en) * | 2022-03-01 | 2022-11-15 | 北京航星永志科技有限公司 | Data access method, data access device and electronic equipment |
| CN115114670A (en) * | 2022-08-31 | 2022-09-27 | 天津联想协同科技有限公司 | File unlocking method and device based on external link, network disk and storage medium |
| CN115114670B (en) * | 2022-08-31 | 2023-01-31 | 天津联想协同科技有限公司 | File unlocking method and device based on external link, network disk and storage medium |
| CN115906124A (en) * | 2022-12-08 | 2023-04-04 | 广州优比建筑咨询有限公司 | Revit project file encryption method, decryption method, device and equipment |
| CN115906124B (en) * | 2022-12-08 | 2023-08-18 | 广州优比建筑咨询有限公司 | Encryption method, decryption method, device and equipment for Revit project file |
| CN115688149A (en) * | 2023-01-03 | 2023-02-03 | 大熊集团有限公司 | Encrypted data access method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108632284B (en) | User data authorization method, medium, device and computing equipment based on block chain | |
| CN113806777A (en) | File access realization method and device, storage medium and electronic equipment | |
| US9356936B2 (en) | Method and apparatus for managing access to electronic content | |
| US11290446B2 (en) | Access to data stored in a cloud | |
| US11509709B1 (en) | Providing access to encrypted insights using anonymous insight records | |
| CN107528830B (en) | Account login method, system and storage medium | |
| US11063922B2 (en) | Virtual content repository | |
| CN110708291B (en) | Data authorization access method, device, medium and electronic equipment in distributed network | |
| CN111611606B (en) | File encryption and decryption method and device | |
| US10972443B2 (en) | System and method for encrypted document co-editing | |
| EP3809300A1 (en) | Method and apparatus for data encryption, method and apparatus for data decryption | |
| KR101952139B1 (en) | A method for providing digital right management function in gateway server communicated with user terminal | |
| KR101251187B1 (en) | Server-based computing system and method of security management the same | |
| US11526633B2 (en) | Media exfiltration prevention system | |
| JP2014150518A (en) | User terminal, key generation management device, and program | |
| KR20160146623A (en) | A Method for securing contents in mobile environment, Recording medium for storing the method, and Security sytem for mobile terminal | |
| US20160063264A1 (en) | Method for securing a plurality of contents in mobile environment, and a security file using the same | |
| JP6542401B2 (en) | Key chain management method and system for end-to-message encryption | |
| US11824919B2 (en) | System and method for force running of remote support, and client for executing the same | |
| CN114417393B (en) | File encryption method, system, electronic equipment and computer readable storage medium | |
| CN110365654B (en) | Data transmission control method and device, electronic equipment and storage medium | |
| KR20190078198A (en) | Secure memory device based on cloud storage and Method for controlling verifying the same | |
| KR102500764B1 (en) | Electronic document sharing server that supports sharing settings for electronic documents based on member identification information and operating method thereof | |
| KR20190076531A (en) | Cloud storage encryption system | |
| EP4357956A1 (en) | Document instance protection framework |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |