CN113918999A - Method and device for establishing safe ferry channel, network disk and storage medium - Google Patents
Method and device for establishing safe ferry channel, network disk and storage medium Download PDFInfo
- Publication number
- CN113918999A CN113918999A CN202111526470.8A CN202111526470A CN113918999A CN 113918999 A CN113918999 A CN 113918999A CN 202111526470 A CN202111526470 A CN 202111526470A CN 113918999 A CN113918999 A CN 113918999A
- Authority
- CN
- China
- Prior art keywords
- file
- ferry
- channel
- network disk
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention discloses a method and a device for establishing a safety ferry channel, a network disk and a storage medium. Wherein the method comprises the following steps: establishing at least one cross-network segment network disk ferry channel for the current network disk; acquiring a file security policy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel; and applying the file security policy to the ferry channel to enable the ferry file to meet the file security requirement of the opposite-end network disk. The highest security configuration strategy is not required to be adopted for all files needing ferrying, the calculation amount required by the application of the security strategy is effectively reduced, and the file ferrying efficiency is improved.
Description
Technical Field
The embodiment of the invention relates to the technical field of network disks, in particular to a method and a device for establishing a safe ferry channel, a network disk and a storage medium.
Background
The network disk is an online storage service released by internet companies. The network disk system machine room divides a certain disk space for users, provides file management functions such as storage, access, backup and sharing of files for the users free or charged, and has high-level disaster recovery backup all over the world.
The network disk has stronger security, and the privacy and the security of user data are guaranteed. Especially company network disk, for ensuring data security. Network disks located in a plurality of different network segments are often set, and the network disks are completely physically separated by using a network gate.
In view of file security, when the cross-network file ferry is performed in the network disk, the security requirements of the same file on the file content in different network segments are different. At present, a network disk where a source file is located is generally adopted to uniformly configure a security policy, but in order to ensure security, the highest security policy is generally adopted in the method, and the file ferrying efficiency is seriously influenced.
Disclosure of Invention
The embodiment of the invention provides a method and a device for establishing a secure ferry channel, a network disk and a storage medium, and aims to solve the technical problem that the efficiency of a cross-network-segment file ferry application security strategy is low in the prior art.
In a first aspect, an embodiment of the present invention provides a method for establishing a secure ferry channel, including:
establishing at least one cross-network segment network disk ferry channel for the current network disk;
acquiring a file security policy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel;
and applying the file security policy to the ferry channel to enable the ferry file to meet the file security requirement of the opposite-end network disk.
In a second aspect, an embodiment of the present invention further provides an apparatus for establishing a safety ferry channel, including:
the establishing module is used for establishing at least one cross-network segment network disk ferry channel for the current network disk;
the acquisition module is used for acquiring a file security strategy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel;
and the application module is used for applying the file security policy to the ferry channel so as to enable the ferry file to meet the file security requirement of the opposite-end network disk.
In a third aspect, an embodiment of the present invention further provides a network disk, including:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for establishing the secure ferry channel provided in the above embodiment.
In a fourth aspect, embodiments of the present invention further provide a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform the method for establishing a secure ferry channel provided in the above embodiments.
According to the method, the device, the network disk and the storage medium for establishing the safety ferry channel, provided by the embodiment of the invention, at least one cross-network-segment network disk ferry channel is established for the current network disk; acquiring a file security policy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel; and applying the file security policy to the ferry channel to enable the ferry file to meet the file security requirement of the opposite-end network disk. The method can establish a corresponding ferry channel aiming at the opposite-end network disk, can set a safety strategy corresponding to the opposite-end network disk for the ferry channel, and can automatically apply the safety strategy to the ferry file in the ferry channel, so that the ferry file meets the file safety requirement of the opposite-end network disk. The highest security configuration strategy is not required to be adopted for all files needing ferrying, the calculation amount required by the application of the security strategy is effectively reduced, and the file ferrying efficiency is improved.
Drawings
Other features, objects and advantages of the invention will become more apparent upon reading of the detailed description of non-limiting embodiments made with reference to the following drawings:
fig. 1 is a flowchart of a method for establishing a secure ferry channel according to an embodiment of the present invention;
fig. 2 is a flowchart of a method for establishing a secure ferry channel according to a second embodiment of the present invention;
fig. 3 is a flowchart of a method for establishing a secure ferry channel according to a third embodiment of the present invention;
fig. 4 is a structural diagram of an establishment apparatus of a safety ferry channel according to a fourth embodiment of the present invention;
fig. 5 is a structural diagram of a network disk according to a fifth embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.
Example one
Fig. 1 is a flowchart of a method for establishing a secure ferry channel according to an embodiment of the present invention, where this embodiment is applicable to a situation of establishing a secure ferry channel of a network disk across network segments, and the method may be executed by an establishment apparatus of the secure ferry channel, and specifically includes the following steps:
and step 110, establishing at least one cross-network segment network disk ferry channel for the current network disk.
In this embodiment, the network disk may establish a corresponding ferry channel according to the pre-stored related information of the network disk at the opposite end. Optionally, the ferry channel may be a network transmission channel between network disks in a cross-network segment, which may be a defined communication link in essence. In this embodiment, in order to ensure data security between the inter-segment net disks, a net gate is usually used to implement physical isolation between the inter-segment net disks. Optionally, the ferry channel further includes: when the file ferry is performed, the file can be firstly transmitted to the first FTP server corresponding to the local network disk, and the second FTP server on the network disk across section side takes out the corresponding file from the first FTP server and transfers the file to the network disk across section, so that the file ferry is completed.
And 120, acquiring a file security policy of the opposite-end network disk corresponding to the ferry channel by using the ferry channel.
After the ferry channel is established, the file security policy of the peer can be determined according to the file security policy file stored in the peer network disk, and illustratively, the security policy file can be obtained from a second FTP server corresponding to the peer network disk, where the security policy file is used to record the file security policy of the peer network disk. Or, the file ferried to the second FTP server can be obtained from the second FTP server, and the corresponding security policy is determined according to the file.
And step 130, applying the file security policy to the ferry channel to enable the ferry file to meet the file security requirement of the opposite-end network disk.
In this embodiment, the security policy may include: a watermark policy, a sandbox policy, an encryption policy, and/or a desensitization policy; the watermarking strategy is to perform watermarking processing on the ferry file, and is used for loading watermark contents such as source, creator information and/or time information and the like, so that the file can be conveniently traced. The sandbox policy is generally directed to untrusted files or applications, etc., to prevent such files from affecting the security of the web disk. The encryption strategy is to encrypt the ferry file in a predetermined mode so as to prevent the ferry file from being obtained by a third party in the ferry process; the desensitization strategy is that the authorities of the network disk and the network disk are not equal, so that a leakage risk is generated, and the desensitization can be a way of coding or hiding keywords, so that important information is prevented from being leaked.
Correspondingly, the file security policy is applied to the ferry channel, so that a plurality of areas can be divided in the first FTP server, and each area corresponds to each opposite-end network disk. And the other computational power of the hardware part of the first FTP server can be utilized to firstly apply the security policy to the file in the area, namely, the file in the area is subjected to watermarking, sandbox, encryption and/or desensitization processing, and the processed file is sent to the original storage area again, so that the ferry file meets the file security requirement of the opposite-end network disk.
In the embodiment, the establishment of the street view safety ferry channel is started according to the operation, in the establishment process of the safety ferry channel, the establishment additional information of the safety ferry channel related to the establishment environment of the safety ferry channel is collected, and the establishment additional information of the safety ferry channel is added to the establishment file of the street view safety ferry channel. The technical problem that the quantity of street view photos or short videos for establishing the safety ferry channel is small can be solved, the additional information for establishing the safety ferry channel can be added according to a standard format, and the photos or short videos for establishing the safety ferry channel can reach the adopted standard.
In a preferred embodiment of this embodiment, the method may further include the following steps: and receiving a file ferry request, and determining a corresponding file security processing buffer area according to the file ferry request. After the file ferry request is received, the ferry request comprises the name of the opposite-end network disk, and the corresponding file security processing buffer area can be determined according to the name of the opposite-end network disk. And then ferrying to the opposite network disk after the file security processing is finished.
Example two
Fig. 2 is a schematic flow chart of a method for establishing a secure ferry channel according to a second embodiment of the present invention. In this embodiment, the ferry channel is optimized based on the above embodiment, and the file security policy is applied to the ferry channel, specifically optimized as follows: establishing a file security processing buffer area which is used as a part of a ferry channel; storing a source file into a file security processing buffer area, and performing security processing on the source file according to the file security policy; and ferrying the safely processed file to an opposite-end network disk.
Correspondingly, the method for establishing the safe ferry channel provided by the embodiment specifically comprises the following steps: and receiving a file ferry request, and determining a corresponding file security processing buffer area according to the file ferry request. The file ferry request comprises information of an opposite-end network disk specified by the ferry file. And determining a corresponding file security processing buffer area according to the opposite-end network disk information. Transferring the ferry file into a corresponding file security processing buffer area, and performing file processing
And step 210, establishing at least one cross-network segment network disk ferry channel for the current network disk.
And acquiring a file security strategy of the opposite-end network disk corresponding to the ferry channel by using the ferry channel.
And step 220, acquiring a file security policy of the opposite-end network disk corresponding to the ferry channel by using the ferry channel.
Because the first FTP server is used for carrying out security processing, the risk of file leakage still can be generated in the security processing process of the first FTP server, and the security of the ferry file is further influenced. In addition, the first FTP server is limited in computing power, and cannot perform security processing on the file according to the file security policy quickly, so that file ferry efficiency is affected. Therefore, in this embodiment, a file security processing buffer area is set on the network disk at the sending end, where the file security processing buffer area may be a predefined storage area for storing files ferred to the network disk at the opposite end.
Optionally, the file security processing buffer may be further divided into two parts, which are: a temporary storage area and a processing area. The temporary storage area can be used for storing files to be ferred, the network disk system can take the files out of the temporary storage area, perform security processing according to the file security policy of the network disk at the opposite end, and store the processed files in the processing area.
And step 250, ferrying the safely processed file to an opposite-end network disk.
And sending the file in the processing area to the first FTP server by network transmission so that the second FTP server takes the file which is subjected to the security processing and is suitable for the corresponding network disk away from the first FTP server, and stores the file in the network disk at the opposite end to finish the secure ferrying of the file.
In this embodiment, the ferry channel is applied with the file security policy, which is specifically optimized as follows: establishing a file security processing buffer area which is used as a part of a ferry channel; storing a source file into a file security processing buffer area, and performing security processing on the source file according to the file security policy; and ferrying the safely processed file to an opposite-end network disk. Through optimization of the ferry channel, a file security processing buffer area is set on the network disk side to serve as a part of the ferry channel, and the file security processing buffer area is used for performing security processing on the file. The safety of ferry documents is improved, and meanwhile the efficiency of document ferry is also improved.
EXAMPLE III
Fig. 3 is a schematic flow chart of a method for establishing a secure ferry channel according to a third embodiment of the present invention. In this embodiment, the determination of the corresponding file security processing buffer area according to the file ferry request is specifically optimized as follows: respectively storing the same source file into at least two corresponding file security processing buffer areas according to the file ferry request; correspondingly, storing a source file into a file security processing buffer area, and performing security processing on the source file according to the file security policy, wherein the file security processing buffer area is specifically optimized as follows: and storing the source file into at least two corresponding file security processing buffer areas, and performing security processing on the source file according to a corresponding file security policy.
Correspondingly, the method for establishing the safe ferry channel provided by the embodiment specifically comprises the following steps:
and 310, establishing at least one cross-network segment network disk ferry channel for the current network disk.
And 320, acquiring a file security policy of the opposite-end network disk corresponding to the ferry channel by using the ferry channel.
In this embodiment, there may be a plurality of peer network disks, and an independent ferry channel needs to be configured for each peer network disk. And the file security policy of each peer network disk can be the same or different. Since the file security processing buffer is used as a part of the ferry channel, one file processing buffer needs to be separately set for each peer network disk.
Correspondingly, the file security policy of each peer network disk can be the same or different. Therefore, the security policies corresponding to each file security processing buffer area are different, and different security processing is performed on the files according to the file security policies of the opposite-end network disk.
And step 350, ferrying the safely processed file to an opposite-end network disk.
In this embodiment, the determining of the corresponding file security processing buffer according to the file ferry request is specifically optimized as follows: respectively storing the same source file into at least two corresponding file security processing buffer areas according to the file ferry request; correspondingly, storing a source file into a file security processing buffer area, and performing security processing on the source file according to the file security policy, wherein the file security processing buffer area is specifically optimized as follows: and storing the source file into at least two corresponding file security processing buffer areas, and performing security processing on the source file according to a corresponding file security policy. The corresponding file processing channel can be configured for each opposite end network disk, so that file ferry can be performed by directly utilizing the network disk ferry channel when file ferry is performed.
Example four
Fig. 4 is a schematic structural diagram of an establishment apparatus of a safety ferry way according to a fourth embodiment of the present invention, and as shown in fig. 4, the apparatus includes:
an establishing module 410, configured to establish at least one cross-network segment network disk ferry channel for a current network disk;
an obtaining module 420, configured to obtain, by using the ferry channel, a file security policy of an opposite-end network disk corresponding to the ferry channel;
an application module 430, configured to apply the file security policy to the ferry channel, so that the ferry file meets the file security requirement of the peer network disk.
The device for establishing a secure ferry channel provided by this embodiment establishes at least one cross-network segment network disk ferry channel for a current network disk; acquiring a file security policy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel; and applying the file security policy to the ferry channel to enable the ferry file to meet the file security requirement of the opposite-end network disk. The method can establish a corresponding ferry channel aiming at the opposite-end network disk, can set a safety strategy corresponding to the opposite-end network disk for the ferry channel, and can automatically apply the safety strategy to the ferry file in the ferry channel, so that the ferry file meets the file safety requirement of the opposite-end network disk. The highest security configuration strategy is not required to be adopted for all files needing ferrying, the calculation amount required by the application of the security strategy is effectively reduced, and the file ferrying efficiency is improved.
On the basis of the foregoing embodiments, the obtaining module includes:
and the security policy determining unit is used for acquiring the security file in the opposite-end network disk and determining the file security policy of the opposite-end network disk according to the security file.
On the basis of the above embodiments, the application module includes:
the file security processing buffer area establishing unit is used for establishing a file security processing buffer area which is used as a part of the ferry channel;
the storage unit is used for storing the source file into a file security processing buffer area and carrying out security processing on the source file according to the file security policy;
and the ferrying unit is used for ferrying the safely processed files to the opposite-end network disk.
On the basis of the above embodiments, the security policy includes:
a watermark policy, a sandbox policy, an encryption policy, and/or a desensitization policy;
correspondingly, the logging unit comprises:
a processing subunit for performing watermarking, sandboxing, encryption and/or desensitization processing on the source file
On the basis of the above embodiments, the apparatus further includes:
and the receiving module is used for receiving the file ferry request and determining a corresponding file security processing buffer area according to the file ferry request.
On the basis of the foregoing embodiments, the file security processing buffer creation unit includes:
the establishing subunit is used for establishing at least two file security processing buffer areas;
correspondingly, the logging unit comprises:
and the storage subunit is used for storing the source file into at least two file security processing buffer areas and performing security processing on the source file according to a corresponding file security policy.
On the basis of the foregoing embodiments, the processing subunit is configured to:
and according to the file attribute, the ferry requester carries out watermarking, sandboxing, encryption and/or desensitization processing on the permission of the ferry file.
The device for establishing the safe ferry channel provided by the embodiment of the invention can execute the method for establishing the safe ferry channel provided by any embodiment of the invention, and has corresponding functional modules and beneficial effects of the execution method.
EXAMPLE five
Fig. 5 is a schematic structural diagram of a net disk according to a fifth embodiment of the present invention. Fig. 5 shows a block diagram of an exemplary mesh disk 12 suitable for use in implementing embodiments of the present invention. The mesh tray 12 shown in fig. 5 is only an example, and should not bring any limitation to the function and the use range of the embodiment of the present invention.
As shown in fig. 5, the network disk 12 is in the form of a general purpose computing device. The components of the mesh tray 12 may include, but are not limited to: one or more processors or processing units 16, a system memory 28, and a bus 18 that couples various system components including the system memory 28 and the processing unit 16.
The mesh tray 12 typically includes a variety of computer system readable media. Such media may be any available media that is accessible by the network disk 12 and includes both volatile and nonvolatile media, removable and non-removable media.
The system memory 28 may include computer system readable media in the form of volatile memory, such as Random Access Memory (RAM) 30 and/or cache 32. The network disk 12 may further include other removable/non-removable, volatile/nonvolatile computer system storage media. By way of example only, storage system 34 may be used to read from and write to non-removable, nonvolatile magnetic media (not shown in FIG. 5, and commonly referred to as a "hard drive"). Although not shown in FIG. 5, a magnetic disk drive for reading from and writing to a removable, nonvolatile magnetic disk (e.g., a "floppy disk") and an optical disk drive for reading from or writing to a removable, nonvolatile optical disk (e.g., a CD-ROM, DVD-ROM, or other optical media) may be provided. In these cases, each drive may be connected to bus 18 by one or more data media interfaces. System memory 28 may include at least one program product having a set (e.g., at least one) of program modules that are configured to carry out the functions of embodiments of the invention.
A program/utility 40 having a set (at least one) of program modules 42 may be stored, for example, in system memory 28, such program modules 42 including, but not limited to, an operating system, one or more application programs, other program modules, and program data, each of which examples or some combination thereof may comprise an implementation of a network environment. Program modules 42 generally carry out the functions and/or methodologies of the described embodiments of the invention.
The network disk 12 may also communicate with one or more external devices 14 (e.g., keyboard, pointing device, display 24, etc.), with one or more devices that enable a user to interact with the network disk 12, and/or with any devices (e.g., network card, modem, etc.) that enable the network disk 12 to communicate with one or more other computing devices. Such communication may be through an input/output (I/O) interface 22. Also, the network disk 12 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 20. As shown, the network adapter 20 communicates with the other modules of the network disk 12 via the bus 18. It should be understood that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the network disk 12, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
The processing unit 16 executes various functional applications and data processing by executing programs stored in the system memory 28, for example, to implement the method for establishing the secure ferry channel provided by the embodiment of the present invention.
EXAMPLE six
An embodiment of the present invention further provides a storage medium containing computer-executable instructions, which when executed by a computer processor, are configured to perform any one of the methods for establishing a secure ferry channel as provided in the above embodiments.
Computer storage media for embodiments of the invention may employ any combination of one or more computer-readable media. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
A computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.
Claims (10)
1. A method for establishing a safe ferry channel is characterized by comprising the following steps:
establishing at least one cross-network segment network disk ferry channel for the current network disk;
acquiring a file security policy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel;
and applying the file security policy to the ferry channel to enable the ferry file to meet the file security requirement of the opposite-end network disk.
2. The method according to claim 1, wherein the obtaining of the file security policy of the peer network disk corresponding to the ferry channel comprises:
and acquiring a security file in the opposite-end network disk, and determining a file security policy of the opposite-end network disk according to the security file.
3. The method of claim 1, wherein applying the file security policy to the ferry channel comprises:
establishing a file security processing buffer area which is used as a part of a ferry channel;
storing a source file into a file security processing buffer area, and performing security processing on the source file according to the file security policy;
and ferrying the safely processed file to an opposite-end network disk.
4. The method of claim 3, wherein the file security policy comprises:
a watermark policy, a sandbox policy, an encryption policy, and/or a desensitization policy;
correspondingly, the performing security processing on the source file according to the file security policy includes:
watermarking, sandboxing, encrypting and/or desensitizing the source file.
5. The method of claim 3, further comprising:
and receiving a file ferry request, and determining a corresponding file security processing buffer area according to the file ferry request.
6. The method of claim 5, wherein the establishing a file security process buffer comprises:
establishing at least two file security processing buffer areas;
correspondingly, storing the source file into a file security processing buffer area, and performing security processing on the source file according to the file security policy, including:
and storing the source file into at least two file security processing buffer areas, and performing security processing on the source file according to a corresponding file security policy.
7. The method of claim 4, wherein the watermarking, sandboxing, encrypting and/or desensitizing the source file comprises:
and according to the file attribute, the ferry requester carries out watermarking, sandboxing, encryption and/or desensitization processing on the permission of the ferry file.
8. An establishment device of a safety ferry way is characterized by comprising:
the establishing module is used for establishing at least one cross-network segment network disk ferry channel for the current network disk;
the acquisition module is used for acquiring a file security strategy of an opposite-end network disk corresponding to the ferry channel by using the ferry channel;
and the application module is used for applying the file security policy to the ferry channel so as to enable the ferry file to meet the file security requirement of the opposite-end network disk.
9. A mesh tray, characterized in that it comprises:
one or more processors;
storage means for storing one or more programs;
when the one or more programs are executed by the one or more processors, the one or more processors implement the method for establishing a secure ferry channel according to any of claims 1-7.
10. A storage medium containing computer-executable instructions for performing the method of establishing a secure ferry channel of any of claims 1-7 when executed by a computer processor.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111526470.8A CN113918999B (en) | 2021-12-15 | 2021-12-15 | Method and device for establishing safe ferry channel, network disk and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111526470.8A CN113918999B (en) | 2021-12-15 | 2021-12-15 | Method and device for establishing safe ferry channel, network disk and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113918999A true CN113918999A (en) | 2022-01-11 |
| CN113918999B CN113918999B (en) | 2022-02-22 |
Family
ID=79249189
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111526470.8A Active CN113918999B (en) | 2021-12-15 | 2021-12-15 | Method and device for establishing safe ferry channel, network disk and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113918999B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114285672A (en) * | 2022-02-24 | 2022-04-05 | 北京志翔科技股份有限公司 | Cross-network automatic file exchange method and computer readable storage medium |
| CN114706651A (en) * | 2022-06-06 | 2022-07-05 | 天津联想协同科技有限公司 | Method and device for prompting ferry state of network disk file, network disk and storage medium |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2684479Y (en) * | 2004-03-31 | 2005-03-09 | 南京南瑞集团公司信息系统分公司 | Security isolation apparatus for unidirectional connection network |
| US20050149726A1 (en) * | 2003-10-21 | 2005-07-07 | Amit Joshi | Systems and methods for secure client applications |
| CN101127760A (en) * | 2006-08-16 | 2008-02-20 | 北京城市学院 | Bidirectional protocol isolation method and its device in network |
| CN101512962A (en) * | 2006-09-08 | 2009-08-19 | 微软公司 | Controlling the delegation of rights |
| CN102215154A (en) * | 2010-04-06 | 2011-10-12 | 中兴通讯股份有限公司 | Access control method of network business and terminal |
| CN103973646A (en) * | 2013-01-31 | 2014-08-06 | 中国电信股份有限公司 | Method, client device and system for storing services by aid of public cloud |
| US20140330935A1 (en) * | 2013-05-01 | 2014-11-06 | International Business Machines Corporation | Managing file transfer commands |
| CN105491026A (en) * | 2015-11-24 | 2016-04-13 | 无锡江南计算技术研究所 | Remote loading method of security policy |
| CN106845246A (en) * | 2016-12-22 | 2017-06-13 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN107800713A (en) * | 2017-11-10 | 2018-03-13 | 北京明朝万达科技股份有限公司 | The secure exchange method and system of data between a kind of net |
| US20180092011A1 (en) * | 2016-09-27 | 2018-03-29 | Eero Inc. | Methods for network configuration sharing |
| CN110768872A (en) * | 2019-10-31 | 2020-02-07 | 南方电网数字电网研究院有限公司 | Inspection method, system, device, computer equipment and storage medium |
| CN111200624A (en) * | 2018-11-19 | 2020-05-26 | 浙江宇视科技有限公司 | Cross-gatekeeper data transmission method and system |
| CN111523141A (en) * | 2020-04-23 | 2020-08-11 | 陆宝华 | Personal privacy protection-based identity identification and verification system |
| CN112637342A (en) * | 2020-12-22 | 2021-04-09 | 唐旸 | File ferrying system, method and device and ferrying server |
| CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
| CN113645248A (en) * | 2021-08-17 | 2021-11-12 | 公安部交通管理科学研究所 | Data exchange system and method under cross-network environment |
| CN113794777A (en) * | 2021-09-16 | 2021-12-14 | 深圳潮数软件科技有限公司 | Safety file ferrying system |
-
2021
- 2021-12-15 CN CN202111526470.8A patent/CN113918999B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050149726A1 (en) * | 2003-10-21 | 2005-07-07 | Amit Joshi | Systems and methods for secure client applications |
| CN2684479Y (en) * | 2004-03-31 | 2005-03-09 | 南京南瑞集团公司信息系统分公司 | Security isolation apparatus for unidirectional connection network |
| CN101127760A (en) * | 2006-08-16 | 2008-02-20 | 北京城市学院 | Bidirectional protocol isolation method and its device in network |
| CN101512962A (en) * | 2006-09-08 | 2009-08-19 | 微软公司 | Controlling the delegation of rights |
| CN102215154A (en) * | 2010-04-06 | 2011-10-12 | 中兴通讯股份有限公司 | Access control method of network business and terminal |
| CN103973646A (en) * | 2013-01-31 | 2014-08-06 | 中国电信股份有限公司 | Method, client device and system for storing services by aid of public cloud |
| US20140330935A1 (en) * | 2013-05-01 | 2014-11-06 | International Business Machines Corporation | Managing file transfer commands |
| CN105491026A (en) * | 2015-11-24 | 2016-04-13 | 无锡江南计算技术研究所 | Remote loading method of security policy |
| US20180092011A1 (en) * | 2016-09-27 | 2018-03-29 | Eero Inc. | Methods for network configuration sharing |
| CN106845246A (en) * | 2016-12-22 | 2017-06-13 | 北京聆云信息技术有限公司 | A kind of security strategy adaptation frameworks and its method |
| CN107800713A (en) * | 2017-11-10 | 2018-03-13 | 北京明朝万达科技股份有限公司 | The secure exchange method and system of data between a kind of net |
| CN111200624A (en) * | 2018-11-19 | 2020-05-26 | 浙江宇视科技有限公司 | Cross-gatekeeper data transmission method and system |
| CN110768872A (en) * | 2019-10-31 | 2020-02-07 | 南方电网数字电网研究院有限公司 | Inspection method, system, device, computer equipment and storage medium |
| CN111523141A (en) * | 2020-04-23 | 2020-08-11 | 陆宝华 | Personal privacy protection-based identity identification and verification system |
| CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
| CN112637342A (en) * | 2020-12-22 | 2021-04-09 | 唐旸 | File ferrying system, method and device and ferrying server |
| CN113645248A (en) * | 2021-08-17 | 2021-11-12 | 公安部交通管理科学研究所 | Data exchange system and method under cross-network environment |
| CN113794777A (en) * | 2021-09-16 | 2021-12-14 | 深圳潮数软件科技有限公司 | Safety file ferrying system |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114285672A (en) * | 2022-02-24 | 2022-04-05 | 北京志翔科技股份有限公司 | Cross-network automatic file exchange method and computer readable storage medium |
| CN114706651A (en) * | 2022-06-06 | 2022-07-05 | 天津联想协同科技有限公司 | Method and device for prompting ferry state of network disk file, network disk and storage medium |
| CN114706651B (en) * | 2022-06-06 | 2022-10-04 | 天津联想协同科技有限公司 | Method and device for prompting ferry state of network disk file, network disk and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113918999B (en) | 2022-02-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414268B (en) | Access control method, device, equipment and storage medium | |
| US10614233B2 (en) | Managing access to documents with a file monitor | |
| US9432375B2 (en) | Trust/value/risk-based access control policy | |
| US10079835B1 (en) | Systems and methods for data loss prevention of unidentifiable and unsupported object types | |
| US9215067B2 (en) | Achieving storage efficiency in presence of end-to-end encryption using downstream decrypters | |
| CN113918999B (en) | Method and device for establishing safe ferry channel, network disk and storage medium | |
| US11397820B2 (en) | Method and apparatus for processing data, computer device and storage medium | |
| US8271995B1 (en) | System services for native code modules | |
| US10002193B2 (en) | Implementation of data protection policies in ETL landscapes | |
| US11520905B2 (en) | Smart data protection | |
| CN110555293A (en) | Method, apparatus, electronic device and computer readable medium for protecting data | |
| US11750652B2 (en) | Generating false data for suspicious users | |
| WO2016070848A1 (en) | Image mirroring display method and apparatus thereof | |
| CN104391695A (en) | Method for performing synchronous control through external equipment and device thereof | |
| US20170372080A1 (en) | Dynamically provisioning virtual machines | |
| CN114329366B (en) | Network disk file control method and device, network disk and storage medium | |
| US20170156057A1 (en) | Securing enterprise data on mobile devices | |
| CN109325360B (en) | Information management method and device | |
| CN113285945B (en) | Communication security monitoring method, device, equipment and storage medium | |
| WO2024045927A1 (en) | Cloud storage file unlocking method and device, cloud storage, and storage medium | |
| CN112214784A (en) | Resource processing method, device, electronic equipment and medium | |
| CN111062053B (en) | Method, device, equipment and medium for processing biological characteristic data | |
| CN107292196A (en) | The reading/writing method and device of I/O data | |
| CN112417390A (en) | File processing method, device, equipment and storage medium | |
| CN112733190B (en) | Data processing method, device, electronic equipment, system and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |