CN113806777B - File access realization method and device, storage medium and electronic equipment - Google Patents

File access realization method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN113806777B
CN113806777B CN202111112272.7A CN202111112272A CN113806777B CN 113806777 B CN113806777 B CN 113806777B CN 202111112272 A CN202111112272 A CN 202111112272A CN 113806777 B CN113806777 B CN 113806777B
Authority
CN
China
Prior art keywords
file
user
access
identification
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111112272.7A
Other languages
Chinese (zh)
Other versions
CN113806777A (en
Inventor
请求不公布姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Xumi Yuntu Space Technology Co Ltd
Original Assignee
Shenzhen Xumi Yuntu Space Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Xumi Yuntu Space Technology Co Ltd filed Critical Shenzhen Xumi Yuntu Space Technology Co Ltd
Priority to CN202111112272.7A priority Critical patent/CN113806777B/en
Publication of CN113806777A publication Critical patent/CN113806777A/en
Application granted granted Critical
Publication of CN113806777B publication Critical patent/CN113806777B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The disclosure provides a method, a device, electronic equipment and a storage medium for realizing file access, and relates to the technical field of computers. The method comprises the following steps: obtaining an access request to a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; reading a file identification of the target file in response to the access request; determining the access authority of the user to the target file according to the user identification and the file identification in the access request; acquiring a key for decrypting the target file according to the access right and the file identifier; and returning the secret key to the client so as to decrypt the target file according to the secret key to obtain an initial file, thereby realizing access to the initial file. The method can realize isolation and authorization of file-level user access to the file and flexible management of the authority of the user to the file decryption access.

Description

File access realization method and device, storage medium and electronic equipment
Technical Field
The disclosure relates to the field of computer technologies, and in particular, to a method and a device for implementing file access, a storage medium, and an electronic device.
Background
In the application scenario of file encryption, encryption software may be used to encrypt a file. Such as: the unique key is generated by the encryption software to encrypt the file to be encrypted, and when the user needs to decrypt, the decryption can be successful by inputting the unique key, or the user logs in the encryption software through the account number password and then inputs the unique key. These approaches cannot meet the requirements of authorization and isolation based on a single file and a single user, and cannot flexibly manage the rights of users to decrypt and access files.
It should be noted that the information disclosed in the above background section is only for enhancing understanding of the background of the present disclosure and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The disclosure aims to provide a method, a device, electronic equipment and a storage medium for realizing file access, so as to solve the problem that the authority of a user to decrypt and access files cannot be flexibly managed.
Other features and advantages of the present disclosure will be apparent from the following detailed description, or may be learned in part by the practice of the disclosure.
According to one aspect of the present disclosure, there is provided a method for implementing file access, including:
obtaining an access request to a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; reading a file identification of the target file in response to the access request; determining the access authority of the user to the target file according to the user identification and the file identification in the access request; acquiring a key for decrypting the target file according to the access right and the file identifier; and returning the secret key to the client so as to decrypt the target file according to the secret key to obtain an initial file, thereby realizing access to the initial file.
In one embodiment of the present disclosure, encrypting an initial file includes: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the secret key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
In one embodiment of the present disclosure, after encrypting the initial file with the key to obtain the target file, the method further includes: storing the file identifier into file header data of the target file; and reading a file identification of the target file in response to the access request, including: and acquiring file header data of the target file to read the file identification in the file header data.
In one embodiment of the present disclosure, determining access rights of a user to a target file according to a user identifier and a file identifier includes: querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification; judging whether the file identifier exists in an accessible file identifier set or not; if the target file exists, determining that the user has access rights to the target file; if the target file does not exist, determining that the user does not have access rights to the target file.
In one embodiment of the disclosure, the corresponding relation data set is a user-file access authority table, and the access authority table indicates the corresponding relation between a user identifier and an accessible file identifier with access authority of the user; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including: querying a user-file access permission table; and determining the corresponding file identifications of the user identifications in the user-file access authority table to form an accessible file identification set.
In one embodiment of the present disclosure, the correspondence data set includes a user-item home table and a file-item home table; wherein, the user-project attribution table indicates the corresponding relation between the user identification and the project identification of the project to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including: inquiring a user-project attribution table, and determining a target project identifier corresponding to the user identifier in the user-project attribution table; querying a file-project attribution table, and determining a file identifier corresponding to the target project identifier in the file-project attribution table to form an accessible file identifier set.
In one embodiment of the present disclosure, obtaining a key for decrypting a target file according to access rights and a file identification includes: when a user has access rights to a target file, acquiring a file key record table; the file identifier is queried for a corresponding key in the file key record table as a key.
In one embodiment of the present disclosure, the method for implementing file access of the present disclosure further includes: and when the user does not have access rights to the target file, returning error information to the client.
According to another aspect of the present disclosure, there is provided an implementation apparatus for file access, including:
the acquisition request module is used for acquiring an access request to the target file from the client; the target file is an encrypted file obtained by encrypting the initial file; the reading identification module is used for responding to the access request and reading the file identification of the target file; the inquiry authority module is used for determining the access authority of the user to the target file according to the user identification and the file identification in the access request; the key acquisition module is used for acquiring a key of the decryption target file according to the access right and the file identification; and the access module is used for returning the secret key to the client so as to decrypt the target file according to the secret key to obtain an initial file and realize the access to the initial file.
In one embodiment of the present disclosure, the device for implementing file access of the present disclosure further includes an encryption module, where the encryption module is configured to encrypt an initial file, and includes: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the secret key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
In one embodiment of the present disclosure, after the encryption module encrypts the initial file with the key to obtain the target file, the method further includes: storing the file identifier into file header data of the target file; and a read identification module for reading a file identification of the target file in response to the access request, comprising: and acquiring file header data of the target file to read the file identification in the file header data.
In one embodiment of the present disclosure, the query permission module determines access permission of a user to a target file according to a user identifier and a file identifier, including: querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification; judging whether the file identifier exists in an accessible file identifier set or not; if the target file exists, determining that the user has access rights to the target file; if the target file does not exist, determining that the user does not have access rights to the target file.
In one embodiment of the disclosure, the corresponding relation data set is a user-file access authority table, and the access authority table indicates the corresponding relation between a user identifier and an accessible file identifier with access authority of the user; the query authority module queries the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, and the query authority module comprises the following steps: querying a user-file access permission table; and determining the corresponding file identifications of the user identifications in the user-file access authority table to form an accessible file identification set.
In one embodiment of the present disclosure, the correspondence data set includes a user-item home table and a file-item home table; wherein, the user-project attribution table indicates the corresponding relation between the user identification and the project identification of the project to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; the query authority module queries the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, and the query authority module comprises the following steps: inquiring a user-project attribution table, and determining a target project identifier corresponding to the user identifier in the user-project attribution table; querying a file-project attribution table, and determining a file identifier corresponding to the target project identifier in the file-project attribution table to form an accessible file identifier set.
In one embodiment of the present disclosure, the obtaining a key module obtains a key for decrypting a target file according to an access right and a file identifier, including: when a user has access rights to a target file, acquiring a file key record table; the file identifier is queried for a corresponding key in the file key record table as a key.
In one embodiment of the disclosure, when the user does not have access to the target file, the access module is further configured to return error information to the client.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the above-described method of implementing file access.
According to still another aspect of the present disclosure, there is provided an electronic apparatus including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the above-described method of implementing file access via execution of the executable instructions.
The method for realizing file access provided by the embodiment of the disclosure can query the access right of the user to the file according to the file identification of the encrypted target file and the user identification, acquire the key corresponding to the file identification under the condition that the user has the access right is determined, so as to decrypt the target file to obtain the unencrypted initial file, and enable the user to access the initial file to realize isolation and authorization of the file-level user access file, wherein the access right of the user to the file can be adjusted, so that flexible management of the decryption access right of the user to the file is realized.
Further, the implementation of file access provided by the embodiment of the present disclosure also provides a corresponding encryption method, so as to be used in the file access method of the present disclosure.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the disclosure and together with the description, serve to explain the principles of the disclosure. It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without undue effort.
FIG. 1 illustrates a schematic diagram of an exemplary system architecture to which an implementation of file access of embodiments of the present disclosure may be applied;
FIG. 2 illustrates a flow chart of a method of implementing file access in accordance with one embodiment of the present disclosure;
FIG. 3 illustrates a flow chart of an encryption method corresponding to an implementation method of file access in accordance with one embodiment of the present disclosure;
FIG. 4 is a flowchart of determining whether a user has access rights in a method for implementing file access according to one embodiment of the present disclosure;
FIG. 5 is a flowchart of determining whether a user has access rights in a method for implementing file access according to one embodiment of the present disclosure;
FIG. 6 illustrates a schematic diagram of a method of implementing file access of one embodiment of the present disclosure;
FIG. 7 illustrates a schematic diagram of a method of implementing file access in accordance with one embodiment of the present disclosure;
FIG. 8 illustrates a block diagram of an implementation of file access of one embodiment of the present disclosure; and
FIG. 9 illustrates a block diagram of a computer device implementing file access in an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. However, the exemplary embodiments may be embodied in many forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of the example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus a repetitive description thereof will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in software or in one or more hardware modules or integrated circuits or in different networks and/or processor devices and/or microcontroller devices.
Furthermore, the terms "first," "second," and the like, are used for descriptive purposes only and are not to be construed as indicating or implying a relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defining "a first" or "a second" may explicitly or implicitly include one or more such feature. In the description of the present disclosure, the meaning of "a plurality" is at least two, such as two, three, etc., unless explicitly specified otherwise.
In view of the technical problems in the related art, embodiments of the present disclosure provide a method for implementing file access, so as to at least solve one or all of the technical problems.
FIG. 1 illustrates a schematic diagram of an exemplary system architecture to which an implementation of file access of embodiments of the present disclosure may be applied; as shown in fig. 1:
The system architecture may include a server 101, a network 102, and a client 103. Network 102 is the medium used to provide communication links between clients 103 and server 101. Network 102 may include various connection types such as wired, wireless communication links, or fiber optic cables, among others.
The server 101 may be a server providing various services, for example, a background management server providing functions of receiving an access request to a target file sent by the client 103, querying access rights of a user to the target file, acquiring a key, and the like.
The client 103 may be a mobile terminal such as a mobile phone, a game console, a tablet computer, an electronic book reader, smart glasses, a smart home device, an AR (Augmented Reality) device, a VR (Virtual Reality) device, or the like, or the client 103 may be a personal computer such as a laptop portable computer and a desktop computer, or the like.
In some optional embodiments, a user may select a target file to be accessed in an interface provided by the client 103, generate an access request for the target file through the client 103, obtain a file identifier in response to the access request after receiving the access request sent by the client 103, further determine an access right of the user to the target file by querying a corresponding relationship data set between the user and the file according to the file identifier and the user identifier in the access request, and query a file key record table stored to the server to obtain a key for decrypting the target file if the user has the access right, and then return the key to the client 103; the client 103 may decrypt the target file using the received key to obtain the initial file before the target file is encrypted, so as to be used by the user.
The client 103 may also provide file encryption functions such as: the file identifier and the key for encrypting the initial file may be generated for the initial file, the initial file is encrypted by using the key to obtain the target file, and the corresponding relationship between the file identifier and the key is established, so as to generate a file key record table and store the file key record table in the server 101.
It should be understood that the number of clients, networks and servers in fig. 1 is merely illustrative, and the server 101 may be a server of one entity, may be a server cluster formed by a plurality of servers, may be a cloud server, and may have any number of clients, networks and servers according to actual needs.
Various steps of a method for implementing file access in exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings and embodiments.
FIG. 2 illustrates a flow chart of a method of implementing file access in accordance with one embodiment of the present disclosure. The method provided by the embodiments of the present disclosure may be performed in a server or a client as shown in fig. 1, but the present disclosure is not limited thereto.
In the following illustration, the server cluster 101 is exemplified as an execution subject.
As shown in fig. 2, the method for implementing file access provided by the embodiment of the disclosure may include the following steps:
Step S201, obtaining an access request to a target file from a client; the target file is an encrypted file obtained by encrypting the initial file. The format of the target file may be in the form of word document, excel table, picture, video, executable program, folder, etc., which is not limited in the present application. The access request may be a presentation request for a picture, an open request for a word document, a play request for a video file,
Step S203, the file identification of the target file is read in response to the access request. An unencrypted file may be correspondingly provided with a file identifier after encryption, for example: when a picture is encrypted, a unique file identifier and a unique key can be generated for the picture, the picture is encrypted by the key, the file identifier and the key are stored in an associated mode, and the unique key corresponding to the file identifier can be queried according to the file identifier in a subsequent step. In the method, the file identifications can be read from the target file, and the file identifications of different files can be different and the same, but the file identifications and the secret keys are in one-to-one correspondence, so that the effect of 'can uniquely determine one file identification according to the target file and further uniquely determine one secret key' is achieved.
Step S205, determining the access authority of the user to the target file according to the user identification and the file identification in the access request. A correspondence may be set for maintaining access rights information of the user to the file, where the correspondence may be stored in an external system, a cloud server, and/or a local client. The authority of the user to access the file can be adjusted by adjusting the content in the corresponding relation, so that the effect of flexibly managing the decryption access authority of the user to the file can be achieved, and the isolation and the authorization of the file level are realized.
Step S207, a key for decrypting the target file is obtained according to the access right and the file identification. In step S203, the generated unique file identifier and unique key may be stored in the form of a file key record table, and further in this step, the key for decrypting the target file may be obtained by querying the file key record table in the case that the user has access rights.
Step S209, returning the secret key to the client to decrypt the target file according to the secret key to obtain an initial file, and realizing access to the initial file. After receiving the key, the client can decrypt the target file by using the key, and further display the initial file obtained after decryption so that the user can access the initial file, thereby realizing the file access method in the method.
By using the method for realizing file access in the disclosure, the access right of the user to the file can be queried according to the file identification of the encrypted target file and the user identification, and the key corresponding to the file identification is acquired under the condition that the user has the access right is determined so as to decrypt the target file to obtain an unencrypted initial file, so that the user can access the initial file to realize isolation and authorization of the file-level user access file, wherein the access right of the user to the file can be adjusted so as to realize flexible management of the decryption access right of the user to the file.
In some embodiments, encrypting the initial file includes: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the secret key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server.
This embodiment can be regarded as an encryption scheme provided by the present disclosure. A unique FileID (i.e., file identification) and file-level key can be assigned to the file when the initial file is encrypted; specific examples are: at the same time of encryption file creation, key FileID and random key generation can be generated for the file, and the key and FileID are in one-to-one correspondence and stored in the encryption server. The server may store a file key record table in which the generated file identity and key correspondence may be stored for querying in a subsequent step when the file is encrypted. The file key record table can be stored in other systems, clients, cloud servers and other positions under different application scenes so as to meet the application requirements of different scenes.
In some embodiments, after encrypting the initial file with the key to obtain the target file, the method further comprises: the file identification is stored in the file header data of the target file. In the encryption manner provided in the present disclosure, after the initial file is encrypted, the file information of the obtained target file may include a file header and a file ciphertext, where FileID and a user identifier are added to the file header.
Further, in some embodiments, reading the file identification of the target file in response to the access request includes: and acquiring file header data of the target file to read the file identification in the file header data. After the encryption mode provided by the disclosure is used, in the process of accessing, the file header data of the target file can be obtained in response to the access request, and the file identification of the target file is read from the file header data, so that the file identification uniquely corresponding to the file is determined, and the decryption key corresponding to the file identification is searched in the subsequent step.
FIG. 3 illustrates a flow chart of an encryption method corresponding to an implementation method of file access according to one embodiment of the present disclosure, including:
Step S301, generating a file identifier and a key for encrypting an initial file for the initial file;
Step S303, encrypting the initial file by using the key to obtain a target file;
Step S305, storing the file identification into the file header data of the target file;
step S307, establishing the corresponding relation between the file identification and the key, and updating the corresponding relation to the file key record table stored in the server.
Step S305 needs to be performed after step S303, and steps S303 and S307 need to be performed after step S301, but the execution order of steps S303 and S307 may not be limited.
In some practical applications, before determining the access authority of the user to the target file according to the user identifier and the file identifier, a preset blacklist or a whitelist can be queried first to determine whether the user is a legal user, if the user is found to be an illegal user, the flow is terminated, the query is stopped, and the information for stopping access is returned to the user. The step can utilize the black list or the white list which is set independently to protect the file security, and can also terminate access in time, so that the computing resource is saved.
In some embodiments, determining the user's access rights to the target file based on the user identification and the file identification includes: querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification; judging whether the file identifier exists in an accessible file identifier set or not; if the target file exists, determining that the user has access rights to the target file; if the target file does not exist, determining that the user does not have access rights to the target file.
The corresponding relation data set can be adjusted according to the service scene, for example, when the user changes the access authority of the file due to service mobilization, the authority information of the file accessible by the user in the corresponding relation data set can be correspondingly adjusted, so that the flexible management of the decryption access authority of the user on the file is realized.
In some embodiments, the correspondence data set is a user-file access permission table, in which a correspondence between a user identifier and an accessible file identifier having access permission by the user is indicated; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including: querying a user-file access permission table; and determining the corresponding file identifications of the user identifications in the user-file access authority table to form an accessible file identification set.
The user-file access authority table may include a user identification field and a file identification field of a user accessible file, so as to quickly find an accessible file identification set of the user.
In some practical applications, a user list of accessible files may also be recorded in the user-file access permission table, and whether the user has access permission is determined by determining whether the user is in the user list, where the determination process is similar to the above-described embodiment, and details thereof are omitted in this disclosure.
Fig. 4 shows a flowchart for determining whether a user has access rights in a method for implementing file access according to an embodiment of the present disclosure, including:
step S401, inquiring a user-file access authority table;
step S403, determining the corresponding file identifications of the user identifications in the user-file access authority table to form an accessible file identification set;
Step S405, judging whether the file identifier exists in the accessible file identifier set; if yes, go to step S407; if not, executing step S409;
step S407, determining that the user has access rights to the target file;
step S409, determining that the user does not have access rights to the target file.
In some embodiments, the correspondence data set includes a user-item home table and a file-item home table; wherein, the user-project attribution table indicates the corresponding relation between the user identification and the project identification of the project to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; querying the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including: inquiring a user-project attribution table, and determining a target project identifier corresponding to the user identifier in the user-project attribution table; querying a file-project attribution table, and determining a file identifier corresponding to the target project identifier in the file-project attribution table to form an accessible file identifier set.
In some practical applications, one or more users can be attributed to one item, the item can correspond to one or more related files, an accessible relation exists between the user corresponding to the same item and the files, in this case, multiple users can access the same files, and at the moment, the authority of the user to access the files can be adjusted by simultaneously maintaining a user-item attribution table and a file-item attribution table, so that the change of the authority of the user to access the files can be quickly adjusted when user-item attribution information changes and when file-item attribution information changes in practical applications, and the management is easy.
In some practical applications, the file-project home table may be queried first to determine the target project identifier corresponding to the file identifier in the file-project home table, then the user-project home table is queried to determine the user identifier list corresponding to the target project identifier in the user-project home table, and then whether the user accessing the file is in the queried user identifier list is determined, and further whether the user has access rights is determined by determining whether the user is in the user identifier list.
Fig. 5 shows a flowchart for determining whether a user has access rights in a method for implementing file access according to an embodiment of the present disclosure, including:
step S501, inquiring a user-project attribution table, and determining a corresponding target project identifier of a user identifier in the user-project attribution table;
Step S503, inquiring the file-project attribution table, determining the corresponding file identification of the target project identification in the file-project attribution table to form an accessible file identification set;
Step S505, judging whether the file identifier exists in the accessible file identifier set; if yes, executing step S507; if not, executing step S509;
Step S507, determining that the user has access rights to the target file;
Step S509, determining that the user does not have access rights to the target file.
In some embodiments, obtaining a key for decrypting the target file based on the access rights and the file identification includes: when a user has access rights to a target file, acquiring a file key record table; the file identifier is queried for a corresponding key in the file key record table as a key.
In some embodiments, the method for implementing file access of the present disclosure further includes: and when the user does not have access rights to the target file, returning error information to the client.
Firstly judging whether a user has access rights, acquiring a secret key under the condition that the user has the access rights, continuously decrypting the file, and normally opening the file; if the current user has no authority, the key is not allowed to be acquired, and error information can be returned to the client, so that the user cannot continuously open the file, and the isolation and the authorization of the file level are realized.
FIG. 6 shows a schematic diagram of a method of implementing file access, including an encryption process and a decryption access process, according to one embodiment of the present disclosure; wherein the encryption process comprises:
Generating an initial file to be encrypted in a front-end application (such as application of Revit/RutoCAD/SketchUP and the like), and generating a creation request of the encrypted file;
after the encryption software driver filters and receives the creation request, generating a file identifier and a key for the initial file, writing the file identifier and the key into a file header, and reporting an encryption file creation event;
Capturing an encrypted file creation event through an encrypted software client, creating an encrypted file based on an initial file after capturing, and reporting the encrypted file creation event to an encrypted software console (server);
After receiving the encrypted file creation event, the encrypted software console records the correspondence between the file identification and the key.
A decryption access procedure comprising:
Receiving an access request to a target file in a front-end application (such as an application like Revit/RutoCAD/SketchUP);
after the encryption software driver filters and receives the access request, reporting an encryption file opening event;
Capturing an encrypted file opening event through an encrypted software client, and determining whether a user is a legal user or not after capturing; after determining that the user is a legal user, sending a query permission request to an encryption software console (server side);
The encryption software console (server side) queries the permission corresponding table based on the query permission request so as to judge whether the user has access permission;
when the user is determined to not have the access right, returning error information and terminating the access;
when the user is determined to have the access right, continuously inquiring the file key record table to acquire the key, and returning the key to the encryption software client;
The encryption software client transmits the key to the front-end application through encryption software driving filtering, so that the front-end application decrypts the target file according to the key, obtains an initial file and displays the initial file to a user.
FIG. 7 shows a schematic diagram of a method of implementing file access, including an encryption process and a decryption access process, according to one embodiment of the present disclosure; wherein the encryption process comprises:
Generating an initial file to be encrypted in a design platform (such as Halo/PDM), calling Web APIh or SDK provided by encryption software to generate a file identifier and a key for the initial file, writing the file identifier and the key into a file header, generating an encryption file creation event, and sending the encryption file creation event to an encryption software console (a server);
After receiving an encryption file creation event, the encryption software console records the corresponding relation between the file identification and the key, creates an encryption file based on the initial file, sets project isolation information, and returns the encryption file to the design platform;
and after receiving the encrypted file, the design platform performs outgoing.
A decryption access procedure comprising:
Receiving an access request to a target file in a front-end application (such as an application like Revit/RutoCAD/SketchUP);
after the encryption software driver filters and receives the access request, reporting an encryption file opening event;
Capturing an encrypted file opening event through an encrypted software client, and determining whether a user is a legal user or not after capturing; after determining that the user is a legal user, sending a query permission request to an encryption software console (server side);
The encryption software console (server side) queries the permission corresponding table based on the query permission request so as to judge whether the user has access permission; the design platform can be accessed to obtain a user-project attribution table to judge whether the user has access rights;
when the user is determined to not have the access right, returning error information and terminating the access;
when the user is determined to have the access right, continuously inquiring the file key record table to acquire the key, and returning the key to the encryption software client;
The encryption software client transmits the key to the front-end application (such as Revit/RutoCAD/SketchUP application) through encryption software driving filtering, so that the front-end application decrypts the target file according to the key to obtain an initial file and displays the initial file to a user.
It is noted that the above-described figures are only schematic illustrations of processes involved in a method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily appreciated that the processes shown in the above figures do not indicate or limit the temporal order of these processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, for example, among a plurality of modules.
Fig. 8 is a block diagram of a file access implementation apparatus 800 according to a fifth embodiment of the present disclosure; as shown in fig. 8, includes:
an acquisition request module 801, configured to acquire an access request to a target file from a client; the target file is an encrypted file obtained by encrypting the initial file;
a read identification module 802, configured to read a file identification of the target file in response to the access request;
a query permission module 803, configured to determine access permission of a user to a target file according to a user identifier and a file identifier in the access request;
The key obtaining module 804 is configured to obtain a key of the decryption target file according to the access right and the file identifier;
and the access module 805 is configured to return the key to the client, so as to decrypt the target file according to the key to obtain an initial file, thereby realizing access to the initial file.
In some embodiments, the implementation apparatus for file access of the present disclosure further includes an encryption module 806, which is configured to encrypt an initial file, including: generating a file identifier and a key for encrypting the initial file for the initial file; encrypting the initial file by using the secret key to obtain a target file; and establishing a corresponding relation between the file identification and the key, and updating the corresponding relation to a file key record table stored in the server. In one embodiment of the present disclosure, after the encryption module encrypts the initial file with the key to obtain the target file, the method further includes: the file identification is stored in the file header data of the target file.
Those skilled in the art will appreciate that the various aspects of the invention may be implemented as a system, method, or program product. Accordingly, aspects of the invention may be embodied in the following forms, namely: an entirely hardware embodiment, an entirely software embodiment (including firmware, micro-code, etc.) or an embodiment combining hardware and software aspects may be referred to herein as a "circuit," module "or" system.
Fig. 9 shows a block diagram of a computer device implementing file access in an embodiment of the present disclosure. It should be noted that the illustrated electronic device is only an example, and should not impose any limitation on the functions and application scope of the embodiments of the present invention.
An electronic device 900 according to such an embodiment of the invention is described below with reference to fig. 9. The electronic device 900 shown in fig. 9 is merely an example, and should not be construed as limiting the functionality and scope of use of embodiments of the present invention.
As shown in fig. 9, the electronic device 900 is embodied in the form of a general purpose computing device. Components of electronic device 900 may include, but are not limited to: the at least one processing unit 910, the at least one storage unit 920, and a bus 930 connecting the different system components (including the storage unit 920 and the processing unit 910).
Wherein the storage unit stores program code that is executable by the processing unit 910 such that the processing unit 910 performs steps according to various exemplary embodiments of the present invention described in the above-described "exemplary methods" section of the present specification. For example, the processing unit 910 may perform step S201 shown in fig. 2, obtain an access request to a target file from a client; the target file is an encrypted file obtained by encrypting the initial file; step S203, the file identification of the target file is read in response to the access request; step S205, determining the access authority of the user to the target file according to the user identification and the file identification in the access request; step S207, a key for decrypting the target file is obtained according to the access right and the file identification; step S209, returning the secret key to the client to decrypt the target file according to the secret key to obtain an initial file, and realizing access to the initial file.
The storage unit 920 may include readable media in the form of volatile storage units, such as Random Access Memory (RAM) 9201 and/or cache memory 9202, and may further include Read Only Memory (ROM) 9203.
The storage unit 920 may also include a program/utility 9204 having a set (at least one) of program modules 9205, such program modules 9205 include, but are not limited to: an operating system, one or more application programs, other program modules, and program data, each or some combination of which may include an implementation of a network environment.
The bus 930 may be one or more of several types of bus structures including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 900 may also communicate with one or more external device file access enabling apparatuses 800 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 900, and/or with any device (e.g., router, modem, etc.) that enables the electronic device 900 to communicate with one or more other computing devices. Such communication may occur through an input/output (I/O) interface 950. Also, electronic device 900 may communicate with one or more networks such as a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network, such as the Internet, through network adapter 960. As shown, the network adapter 960 communicates with other modules of the electronic device 900 over the bus 930. It should be appreciated that although not shown, other hardware and/or software modules may be used in connection with electronic device 900, including, but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, data backup storage systems, and the like.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a terminal device, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
In an exemplary embodiment of the present disclosure, a computer-readable storage medium having stored thereon a program product capable of implementing the method described above in the present specification is also provided. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code for causing a terminal device to carry out the steps according to the various exemplary embodiments of the invention as described in the "exemplary methods" section of this specification, when said program product is run on the terminal device.
A program product for implementing the above-described method according to an embodiment of the present invention may employ a portable compact disc read-only memory (CD-ROM) and include program code, and may be run on a terminal device such as a personal computer. However, the program product of the present invention is not limited thereto, and in this document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. The readable storage medium can be, for example, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium would include the following: an electrical connection having one or more wires, a portable disk, a hard disk, random Access Memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fiber, portable compact disk read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
The computer readable signal medium may include a data signal propagated in baseband or as part of a carrier wave with readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A readable signal medium may also be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C++ or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
It should be noted that although in the above detailed description several modules or units of a device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit in accordance with embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into a plurality of modules or units to be embodied.
Furthermore, although the steps of the methods in the present disclosure are depicted in a particular order in the drawings, this does not require or imply that the steps must be performed in that particular order, or that all illustrated steps be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step to perform, and/or one step decomposed into multiple steps to perform, etc.
From the above description of embodiments, those skilled in the art will readily appreciate that the example embodiments described herein may be implemented in software, or may be implemented in software in combination with the necessary hardware. Thus, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (may be a CD-ROM, a U-disk, a mobile hard disk, etc.) or on a network, including several instructions to cause a computing device (may be a personal computer, a server, a mobile terminal, or a network device, etc.) to perform the method according to the embodiments of the present disclosure.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any adaptations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (9)

1. A method for implementing file access, comprising:
Obtaining an access request to a target file from a client; the target file is an encrypted file obtained by encrypting the initial file;
reading a file identifier of the target file in response to the access request;
determining the access authority of the user to the target file according to the user identification and the file identification in the access request;
Acquiring a key for decrypting the target file according to the access right and the file identifier;
Returning the secret key to the client so as to decrypt the target file according to the secret key to obtain the initial file, thereby realizing access to the initial file;
The method for determining the access authority of the user to the target file according to the user identification and the file identification comprises the following steps:
querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification;
Judging whether the file identifier exists in the accessible file identifier set or not; if yes, determining that the user has access rights to the target file; if the target file does not exist, determining that the user does not have access rights to the target file;
Wherein the corresponding relation data set comprises a user-project attribution table and a file-project attribution table; the user-project attribution table indicates the corresponding relation between the user identification and the project identification of the project to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including:
Querying the user-project attribution table, and determining a corresponding target project identifier of the user identifier in the user-project attribution table; wherein one or more users are assigned to an item in the user-item assignment table;
Querying the file-project attribution table, and determining a corresponding file identifier of the target project identifier in the file-project attribution table to form the accessible file identifier set; wherein, there is one item corresponding to one or more related files in the file-item attribution table.
2. The method of claim 1, wherein encrypting the initial file comprises:
Generating a file identifier for the initial file and a key for encrypting the initial file;
Encrypting the initial file by using the key to obtain the target file;
and establishing a corresponding relation between the file identifier and the key, and updating the corresponding relation to a file key record table stored in the server.
3. The method of claim 2, further comprising, after encrypting the initial file using the key to obtain the target file: storing the file identifier into file header data of the target file; and
Reading a file identification of the target file in response to the access request, including: and acquiring file header data of the target file to read a file identifier in the file header data.
4. The method of claim 1, wherein the correspondence data set is a user-file access rights table, and the access rights table indicates a correspondence between a user identifier and an accessible file identifier to which the user has access rights;
Querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, including:
querying the user-file access permission table;
And determining the corresponding file identifications of the user identifications in the user-file access authority table to form the accessible file identification set.
5. The method of claim 1, wherein obtaining a key for decrypting the target file based on the access rights and the file identification comprises:
when the user has access rights to the target file, acquiring the file key record table;
and inquiring a key corresponding to the file identifier in the file key record table to serve as the key.
6. The method of claim 1, further comprising: and when the user does not have access right to the target file, returning error information to the client.
7. A device for implementing file access, comprising:
the acquisition request module is used for acquiring an access request to the target file from the client; the target file is an encrypted file obtained by encrypting the initial file;
the reading identification module is used for responding to the access request and reading the file identification of the target file;
the inquiry authority module is used for determining the access authority of the user to the target file according to the user identification and the file identification in the access request;
the key acquisition module is used for acquiring a key for decrypting the target file according to the access right and the file identifier;
The access module is used for returning the secret key to the client so as to decrypt the target file according to the secret key to obtain the initial file and realize access to the initial file;
the query permission module determines the access permission of the user to the target file according to the user identifier and the file identifier, and comprises the following steps:
querying a corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification;
Judging whether the file identifier exists in the accessible file identifier set or not; if yes, determining that the user has access rights to the target file; if the target file does not exist, determining that the user does not have access rights to the target file;
Wherein the corresponding relation data set comprises a user-project attribution table and a file-project attribution table; the user-project attribution table indicates the corresponding relation between the user identification and the project identification of the project to which the user belongs; the corresponding relation between the file identification and the item identification of the item to which the file belongs is indicated in the file-item attribution table; the query authority module queries the corresponding relation data set to determine an accessible file identification set of the user in the corresponding relation data set according to the user identification, and the query authority module comprises the following steps:
Querying the user-project attribution table, and determining a corresponding target project identifier of the user identifier in the user-project attribution table; wherein one or more users are assigned to an item in the user-item assignment table;
Querying the file-project attribution table, and determining a corresponding file identifier of the target project identifier in the file-project attribution table to form the accessible file identifier set; wherein, there is one item corresponding to one or more related files in the file-item attribution table.
8. A computer readable storage medium having stored thereon a computer program which when executed by a processor implements a method of implementing a file access as claimed in any of claims 1 to 6.
9. An electronic device, comprising:
One or more processors;
Storage means for storing one or more programs which when executed by the one or more processors cause the one or more processors to implement the method of implementing file access of any of claims 1 to 6.
CN202111112272.7A 2021-09-18 2021-09-18 File access realization method and device, storage medium and electronic equipment Active CN113806777B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111112272.7A CN113806777B (en) 2021-09-18 2021-09-18 File access realization method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111112272.7A CN113806777B (en) 2021-09-18 2021-09-18 File access realization method and device, storage medium and electronic equipment

Publications (2)

Publication Number Publication Date
CN113806777A CN113806777A (en) 2021-12-17
CN113806777B true CN113806777B (en) 2024-07-16

Family

ID=78896234

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111112272.7A Active CN113806777B (en) 2021-09-18 2021-09-18 File access realization method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN113806777B (en)

Families Citing this family (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116361845A (en) * 2021-12-27 2023-06-30 华为技术有限公司 Authentication method, device and system for access object
CN114257457B (en) * 2021-12-30 2023-08-08 天翼云科技有限公司 File sharing method and device
CN114003963B (en) * 2021-12-30 2022-05-06 天津联想协同科技有限公司 Method, system, network disk and storage medium for file authorization under enterprise network disk
CN114611137B (en) * 2022-03-01 2022-11-15 北京航星永志科技有限公司 Data access method, data access device and electronic equipment
CN115114670B (en) * 2022-08-31 2023-01-31 天津联想协同科技有限公司 File unlocking method and device based on external link, network disk and storage medium
CN115906124B (en) * 2022-12-08 2023-08-18 广州优比建筑咨询有限公司 Encryption method, decryption method, device and equipment for Revit project file
CN115688149B (en) * 2023-01-03 2023-05-16 大熊集团有限公司 Encrypted data access method and system
CN118709208A (en) * 2024-08-29 2024-09-27 成都建筑材料工业设计研究院有限公司 Decryption and processing method, system, equipment and medium for Revit family file

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110352413A (en) * 2017-03-16 2019-10-18 于俊 A kind of real data files access control method and system based on strategy
CN110781507A (en) * 2019-10-21 2020-02-11 中广核工程有限公司 File authority control method and device, computer equipment and storage medium
CN111131216A (en) * 2019-12-17 2020-05-08 云城(北京)数据科技有限公司 File encryption and decryption method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009004732A1 (en) * 2007-07-05 2009-01-08 Hitachi Software Engineering Co., Ltd. Method for encrypting and decrypting shared encrypted files
US8966287B2 (en) * 2012-03-26 2015-02-24 Symantec Corporation Systems and methods for secure third-party data storage
CN103488791B (en) * 2013-09-30 2018-03-27 华为技术有限公司 Data access method, system and data warehouse
CN112163236A (en) * 2020-10-14 2021-01-01 上海妙一生物科技有限公司 File access method, device, system and computer readable storage medium
CN112199730A (en) * 2020-11-17 2021-01-08 上海优扬新媒信息技术有限公司 Method and device for processing application data on terminal and electronic equipment
CN112487450B (en) * 2020-11-30 2024-08-13 银盛支付服务股份有限公司 File server access grading method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110352413A (en) * 2017-03-16 2019-10-18 于俊 A kind of real data files access control method and system based on strategy
CN110781507A (en) * 2019-10-21 2020-02-11 中广核工程有限公司 File authority control method and device, computer equipment and storage medium
CN111131216A (en) * 2019-12-17 2020-05-08 云城(北京)数据科技有限公司 File encryption and decryption method and device

Also Published As

Publication number Publication date
CN113806777A (en) 2021-12-17

Similar Documents

Publication Publication Date Title
CN113806777B (en) File access realization method and device, storage medium and electronic equipment
CN108632284B (en) User data authorization method, medium, device and computing equipment based on block chain
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
US10666647B2 (en) Access to data stored in a cloud
US11509709B1 (en) Providing access to encrypted insights using anonymous insight records
US10250613B2 (en) Data access method based on cloud computing platform, and user terminal
CN109450633B (en) Information encryption transmission method and device, electronic equipment and storage medium
CN110708291B (en) Data authorization access method, device, medium and electronic equipment in distributed network
CN115225269A (en) Key management method, device and system for distributed password card
CN112287364A (en) Data sharing method, device, system, medium and electronic equipment
JP2014150518A (en) User terminal, key generation management device, and program
WO2019216847A2 (en) A sim-based data security system
KR102211937B1 (en) A System of the Role-based Data Protection by using of the Off-Chain Ledger on the Blockchain Network
CN113595962B (en) Safety control method and device and safety control equipment
KR20160146623A (en) A Method for securing contents in mobile environment, Recording medium for storing the method, and Security sytem for mobile terminal
US20160063264A1 (en) Method for securing a plurality of contents in mobile environment, and a security file using the same
KR102005534B1 (en) Smart device based remote access control and multi factor authentication system
CN110365654B (en) Data transmission control method and device, electronic equipment and storage medium
US11824919B2 (en) System and method for force running of remote support, and client for executing the same
CN114417393B (en) File encryption method, system, electronic equipment and computer readable storage medium
KR20190076531A (en) Cloud storage encryption system
US11340801B2 (en) Data protection method and electronic device implementing data protection method
KR20190078198A (en) Secure memory device based on cloud storage and Method for controlling verifying the same
CN115801439A (en) Secure network access system and method for database
KR101703847B1 (en) A Method for securing contents in mobile environment, Recording medium for storing the method, and Security sytem for mobile terminal

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant